Update to Imminent GSA Health IT SIN

Yesterday, GSA posted a draft SIN notice. Questions/comments on the newly provided docs must be posted in the comments section at the GSA Interact Website within 10 business days. They also announced a Q&A webinar scheduled for June 21, 11:00 a.m.-12:30 p.m. EDT. You can register here.


Now, for the meat of what they announced. Criteria used to grant the Health IT SIN will include corporate experience, quality control procedures and narratives on three (3) relevant project experience. In particular, narratives should provide:

  • Detailed description of SIN relevant work performed and results achieved
  • Methodology, tools, and/or processes utilized in performing the work
  • Demonstration of compliance with any applicable laws, regulations, Executive Orders, OMB Circulars, professional standards, etc.
  • Project schedule (i.e., major milestones, tasks, deliverables), including an explanation of any delays
  • How the work performed is similar in scope and complexity to the work solicited under the proposed SIN
  • Demonstration of required specific experience and/or special qualifications detailed under the proposed SIN.

GSA also clarified security requirements:

  • Cir 1878.2A, CIO Conducting Privacy Impact Assessments (PIAs)
  • Privacy Act of 1974 (5 U.S.C. § 552a)
  • Homeland Security Presidential Directive (HSPD12)
  • OMB Memorandum M0404, EAuthentication Guidance for Federal Agencies
  • NIST Special Publications 80018, 80030, 80034, 80037, 80047, 80053, 80053A
  • 44 U.S.C. § 3541, “Federal Information Security Management Act (FISMA) of 2002,”
  • Federal Information Processing Standards (FIPS) Publication 1402, “Security Requirements For Cryptographic Modules
  • FIPS Pub 201, “Personal Identity Verification of Federal Employees and Contractors,” March 2006
  • 36 C.F.R. Part 1194, Electronic and Information Technology
  • Health Information Technology for Economic and Clinical Health (HITECH) Act, Title XIII of the American Recovery and Reinvestment Act of 2009 ( Pub.L. 111–5 )
  • HIPAA (Public Law 104191), The Health Insurance Portability and Accountability Act
  • Federal Health Architecture (FHA), Office of the National Coordinator for Health IT

If you play in this arena, and talk to federal healthcare agencies such as DHA, you'll want to be prepared for when the official mod drops in the coming weeks. Health IT services under the new SIN include: connected health, electronic health records, health information exchanges, health analytics, personal health information management, innovative Health IT solutions, health informatics, emerging Health IT research, and other Health IT services.

Not sure where or how to start? We can help--let us know what questions you have.