DA10--Healthcare Provider Credentialing and Privileging Software-as-a-Service (SaaS) and Credentialing-as-a-Service (CaaS) (VA-26-00054853)

Questions & Answers / Clarifications

This document provides the Department of Veterans Affairs' (VA) responses to industry questions regarding the RFI for Healthcare Provider Credentialing and Privileging Software-as-a-Service (SaaS) and Credentialing-as-a-Service (CaaS).

• Set-Aside Status: The VA is still in the requirements development stage and will review market research data to determine the appropriate acquisition strategy, including potential set-asides, for any resultant acquisition.
• Data Migration: If an acquisition occurs, the VA will make the required data schema available for assessing data migration feasibility.
• New Effort: This is considered a new potential effort, not a continuation of previous contractor services.
• Credentialing Standards: Potential offerers must adhere to Joint Commission standards and VHA Credentialing Policy. The VA currently uses VetPro for credentialing data.
• Service Model: The VA requires a full credentialing package, which will be reviewed by VA Subject Matter Experts in a subsequent acquisition. The VA anticipates a phased implementation approach.
• FedRAMP Authorization: FedRAMP authorization is a firm requirement. The VA will not recognize StateRAMP as an alternative. The specific FedRAMP level has not yet been determined but will be noted in any potential acquisition.
• Security Controls: Applicable security controls consistent with VA policies, including Zero Trust principles, are expected.
• System Integration: Anticipated integrations include EHR systems, with potential for API use or custom integration work. Information on integrations will be provided at the time of solicitation.
• User Load: The VA notes approximately 300,000 internal users, with an estimated 30,000-50,000 monthly logins.
• Excluded Providers: Integrated Veteran Care's Community Care providers are excluded from the RFI requirements.
• Temporary Privileging: The solution must automatically generate temporary privileging rules, with the capability for user modification.
• Non-Functional Requirements (NFRs): Industry is required to present information and identify best practices regarding NFRs such as performance, security, and disaster recovery.

These responses clarify several aspects of the RFI, including data availability, security requirements (FedRAMP), and operational expectations. Bidders should consider these clarifications when preparing any future proposals. The VA cannot provide an extension to the RFI deadline.

Questions & Answers / Clarifications

This document provides clarification regarding questions submitted by industry for Solicitation Number 36C10B26Q0275, concerning Healthcare Provider Credentialing and Privileging Software-as-a-Service (SaaS) and Credentialing-as-a-Service (CaaS).

• The accompanying spreadsheet contains the Government's responses to industry questions.

• All other terms and conditions of the original RFI remain unchanged and in full force and effect.

• Bidders should review the provided spreadsheet for specific details on the Q&A.

• VA Responses to Industry Questions- 36C10B26Q0275 RFI (attached spreadsheet)

Amendment / Modification

This amendment is issued to address a transmittal issue with the initial posting of the Request for Information (RFI). The issue prevented the RFI Description from being easily readable.

• The RFI Description was not readable in the initial posting.

• Potential respondents are directed to review the two documents attached to this notice for clarity on the Government's intent and information requests.

• All other terms and conditions of the RFI remain unchanged.

• This amendment does not alter proposal deadlines or submission requirements beyond directing respondents to the attached documents for the RFI's core content.

Form / Attachment / Pricing Sheet

This document, titled 'DRAFT- Credentialing and Privileging_RTM.xlsx', appears to be a Business Requirements Package (BRP) for a Credentialing and Privileging System Modernization (NSR 20251210). It details the functional and non-functional requirements for a system designed to manage practitioner credentialing and privileging processes within the Department of Veterans Affairs (VA).

• Business Requirements: Outlines specific needs for managing practitioner credentialing and privileging, including generating electronic applications, performing duplicate practitioner checks, searching for existing records, and creating new practitioner files.
• Acceptance Criteria: Defines the conditions that must be met for each business requirement to be considered fulfilled.
• Business Rules: Provides detailed explanations and logic behind the requirements, ensuring clarity on system behavior.
• Non-Functional Requirements: Addresses aspects like system performance, accessibility, and security.
• Process Mapping: Maps requirements to existing process models.
• Supporting Documentation: References VA Directives, Policies, and Laws.

This document is crucial for potential bidders as it outlines the detailed functional and non-functional requirements for a new or modernized Credentialing and Privileging (C&P) system. It specifies the expected capabilities of the system, including but not limited to:

• Automated workflows: For application generation, duplicate checking, and routing.
• Data management: Handling practitioner data, document uploads, and verification processes.
• User interfaces: Requirements for C&P Specialists and practitioners interacting with the system.
• Compliance: Adherence to VA directives, policies, and laws.
• System performance and security: Non-functional requirements that will impact the solution's architecture and implementation.

Bidders should analyze these requirements to understand the scope and complexity of the system to be developed or implemented, informing their technical approach, resource allocation, and pricing strategies.

Request for Information (RFI)

This RFI seeks industry feedback on two potential strategies for the Department of Veterans Affairs (VA) regarding healthcare provider credentialing and privileging. The goal is to inform future acquisition strategies to improve provider onboarding, ensure continuous credential monitoring, and maintain compliance with VA, federal, and accreditation standards. Responses may influence set-aside determinations.

• Objective: To gather information on a potential enterprise-wide, fully electronic SaaS platform for all aspects of the credentialing and privileging lifecycle. The VA seeks a commercially available SaaS system with minimal customization, integrating technology, automation, and compliance workflows.

• Scope: The solution must be a turnkey implementation, supporting end-to-end credentialing, verification, continuous monitoring, privileging, and committee workflows. It must integrate with VistA and the Federal Health Record, meet FedRAMP security requirements, and support VA workflows.

• Key Requirements: Secure electronic system, automated display of credentials, timely processing (5 days for new, 120 days prior to expiration for existing), 100% Joint Commission compliance, 99% verification accuracy, continuous monitoring, data migration, role-based access, reporting, and compliance with VHA Directives 1100.20 and 1100.21.

• Required Information: Solution description (people, processes, technology), RTM mapping, past performance, current deployable capabilities (e.g., Credentialing Lifecycle Management, PSV, SSV, Privileging Management), Authority to Operate (ATO)/FedRAMP status, integration details, and Rough Order of Magnitude (ROM).

• Objective: To gather feedback on a strategy to partner with a credentialing service organization for full-spectrum credentialing operations. The aim is to streamline workflows and accelerate provider onboarding.

• Scope: The service organization must provide a comprehensive, fully electronic credentialing solution supported by qualified personnel. This includes obtaining, verifying, and assessing provider qualifications.

• Key Requirements: Secure electronic system, automated credential display, timely processing (5 days for new, 120 days prior to expiration for existing), 100% Joint Commission and VHA policy compliance, 99% verification accuracy, continuous monitoring for all provider types (over 250,000 providers), data migration, role-based access, reporting, and compliance with VHA Directives 1100.20 and 1100.21.

• Required Information: Description of the service organization's capabilities (technology, staffing, verification, compliance), implementation plans for unmet requirements, evidence of reduced credentialing timelines, IT/security compliance confirmation, integration of technology with personnel, software/operational capacity, ability to start by October 30, 2026, commercial licensing, and proposed innovations.

• Respond to Part 1 and/or Part 2 in a single file, clearly identifying which part(s) are addressed.

• Page limit: 15 pages per part, 30 pages cumulative.

• Include company name, address, POC, business size, SAM Unique Entity ID, DUNS number, and references.

• Submissions are due by April 3, 2026, 12:00 PM ET.

• Questions are due by March 25, 2026.

• This is an RFI only; it is not a solicitation or RFQ.

• No funds have been authorized for this effort.

• No marketing materials are allowed.

• The VA is not obligated to acquire any products or services described.