SamSearch

    SLED Opportunity · MISSISSIPPI · MISSISSIPPI DEPARTMENT OF HEALTH

    Installation/Delivery Services - Vital Records

    Issued by Mississippi Department of Health
    localSource SoughtMississippi Department of HealthSol. 248410
    Closed
    STATUS
    Closed
    due Apr 20, 2026
    PUBLISHED
    Apr 6, 2026
    Posting date
    JURISDICTION
    Mississippi Department
    local
    NAICS CODE
    561730
    AI-classified industry

    AI Summary

    Mississippi Department of Health seeks vendors for installation and removal of furniture at Vital Records. Requires 3+ years experience, HIPAA compliance, licenses, insurance, and financial stability. Source Sought solicitation.

    Opportunity details

    Solicitation No.
    248410
    Type / RFx
    Source Sought
    Status
    open
    Level
    local
    Published Date
    April 6, 2026
    Due Date
    April 20, 2026
    NAICS Code
    561730AI guide
    Jurisdiction
    Mississippi Department of Health
    State
    Mississippi
    Agency
    Mississippi Department of Health

    Description

    The installation and removal of furniture and furnishings from various areas of Vital Records. Some items will be taken to surplus, and some items will be disposed of as needed. Removal will be done during normal workday hours only.

     

    Project Details

    • Reference ID: 2026-SOQ-073
    • Department: Vital Records
    • Department Head: Dorthy Young (-)

    Evaluation Criteria

    • Installation/Delivery Services

      The installation and removal of furniture and furnishings from various areas of Vital Records. Some items will be taken to surplus, and some items will be disposed of.
      Normal work hours only.

    • I. Recitals
          1. MSDH is a state agency with a principal place of business at 570 East Woodrow Wilson, Jackson, MS 39215
          2. Business Associate is a corporation qualified to do business in Mississippi that will act to perform business services for MSDH with a principal place of business at ___________________.
          3. This Business Associate Agreement (“Agreement”) is entered into pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”) of 1996, as amended by the Genetic Information Nondiscrimination Act (“GINA”) of 2008 and the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), Title XIII of Division A, and Title IV of Division B of the American Recovery and Reinvestment Act (“ARRA”) of 2009,and its implementing regulations, including, but not necessarily limited to, 45 C.F.R. Part 160, and 45 C.F.R. Part 164 Subparts A and C (“Security Rule”), and 45 C.F.R. Part 160 Subparts A and E (“Privacy Rule”). These statutes and regulations are hereinafter collectively referred to as HIPAA.MSDH, as a covered entity, is required to enter into this Agreement to obtain satisfactory assurances that Business Associate will comply with and appropriately safeguard all Protected Health Information (“PHI”) Used, Disclosed, created, or received by Business Associate on behalf of MSDH. Certain provisions of HIPAA and its implementing regulations apply to Business Associate in the same manner as they apply to MSDH, and such provisions must be incorporated into this Agreement.
          4. MSDH desires to engage Business Associate to perform certain functions for, or on behalf of, MSDH involving the Disclosure of PHI by MSDH to Business Associate, or the creation or Use of PHI by Business Associate on behalf of MSDH, and Business Associate desires to perform such functions, as set forth in the Underlying Agreement(s) which involve the exchange of information, and wholly incorporated herein.
    • Prior Experience

      Vendor must have been in business and provided goods and/or services similar in requirements and scale to those described in this SoQ for a minimum of three (3) years.

    • II. Definitions
          1. “Breach” shall mean the acquisition, access, Use or Disclosure of PHI in a manner not permitted by the Privacy Rule which compromises the security or privacy of the PHI, and subject to the exceptions set forth in 45 C.F.R. § 164.402.
          2. “Business Associate” shall mean _____________,including all workforce members, representatives, agents, successors, heirs, and permitted assigns.
          3. “Covered Entity” shall mean the Mississippi State Department of Health, an agency of the State of Mississippi.
          4. "Data Aggregation” shall have the same meaning as the term “Data aggregation” in 45 C.F.R. §164.501.
          5. “Designated Record Set” shall have the same meaning as the term “Designated Record Set” in 45 C.F.R. §164.501.
          6. “Disclosure” shall have the same meaning as the term “Disclosure” in 45 C.F.R. § 160.103.
          7. “MSDH” shall mean the Mississippi State Department of Health, an agency of the State of Mississippi.
          8. “Individual” shall have the same meaning as the term “Individual” in 45 C.F.R. § 160.103 and shall include a person who qualifies as a personal representative in accordance with 45 C.F.R. § 164.502(g).
          9. “Privacy Officer” shall mean the person designated by MSDH to oversee its implementation of and compliance with HIPAA.
          10. "Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable Health Information at 45 C.F.R. Parts 160 and 164, Subparts A and E.
          11. “Protected Health Information” or “PHI” shall have the same meaning as the term “Protected health information” in 45 C.F.R. § 160.103, limited to the information created or received by Business Associate from or on behalf of MSDH.
          12. “Reproductive health care services. "Reproductive health care services" means all supplies, care and services of a medical, behavioral health, mental health, surgical, psychiatric, therapeutic, diagnostic, preventive, rehabilitative or supportive nature, including medication, relating to pregnancy, contraception, assisted reproduction, pregnancy loss management or the termination of a pregnancy in accordance with the applicable standard of care as defined by major medical professional organizations and agencies with expertise in the field of reproductive health care.”
          13. “Secretary” shall mean the Secretary of the Department of Health and Human Services or his/her designee
          14. “Security Incident” shall have the same meaning as the term “Security incident” in 45 C.F.R. §164.304.
          15. “Security Rule” shall mean the Security Standards for the Protection of Electronic Protected Health Information at 45 C.F.R. Parts 160 and 164, Subparts A and C.
          16. “Standard” shall have the same meaning as the term “Standard” in 45 C.F.R. § 160.103.
          17. “Underlying Agreement” shall mean any applicable Memorandum of Understanding (“MOU”),agreement, contract, or any other similar device, and any proposal or Request for Proposal (“RFP”) related thereto and agreed upon between the Parties, entered into between MSDH and Business Associate. Under this Business Associate Agreement, “Underlying Agreement” shall refer to the following: ___________________.
          18. “Unsecured Protected Health Information” shall have the same meaning as the term “Unsecured protected health information” in 45 C.F.R. § 164.402.
          19. “Use” shall have the same meaning as the term “Use” in 45 C.F.R. § 160.103
          20. “Violation” or “Violate” shall have the same meaning as the terms “Violation” or “Violate” in 45 C.F.R. § 160.103.

      All other terms not defined herein shall have the meanings assigned in HIPAA and its implementing regulations.

    • Required Certification, Accreditation, and/or Licenses

      Vendor shall provide notarized copies of all valid licenses and certificates required for performance of the work. The notarized copies shall be delivered to the agency no later than ten days after Vendor receives the Notice of Intent to Award from the agency. Current notarized copies of licenses and certificates shall be provided to the agency within twenty-four hours of demand at any time during the contract term. Vendor must possess and maintain the minimum vendor certifications, accreditations, and/or licensures described in this SoQ, by way of illustration and not limitation, the following:

        1. A valid business license in the State of Mississippi.
        2. A professional license or certificate in the field of ________.
    • Financial Stability or Solvency

      Vendor must be financially stable or solvent, if required. Each vendor shall submit copies of the most recent years independently audited financial statements as well as financial statements for the preceding three years, if they exist.  The submission must include the audit opinion, the balance sheet, and statements of income, retained earnings, cash flows, and the notes to the financial statements.  If independently audited financial statements do not exist, Vendor must state the reason and, instead submit sufficient information to enable the Agency to access the financial stability or solvency of the vendor, such as financial statements, credit ratings, a line of credit, or other financial arrangements sufficient to enable the vendor to be capable of meeting the requirements of this SoQ.

    • III. Obligations and Activities of Business Associate
          1. Business Associate agrees to not Use or Disclose PHI other than as permitted or required by this Agreement and the Underlying Agreement(s), or as Required by Law.
          2. Business Associate agrees to utilize appropriate safeguards and comply, where applicable, with the HIPAA Privacy and Security Rules, to prevent Use or Disclosure of the PHI other than as permitted or provided for by this Agreement and shall: (i) implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Protected Health Information and Electronic Protected Health Information that Business Associate creates, receives, maintains, or transmits on behalf of MSDH; (ii) ensure that any subcontractor to whom Business Associate provides such information agrees to implement reasonable and appropriate safeguards to protect it; and (iii) report to MSDH any Security Incident of which Business Associate becomes aware.
          3. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a Use or Disclosure of PHI by Business Associate in Violation of the requirements of this Agreement and/or state or federal laws and regulations.
          4. Breaches and Security Incidents. During the term of this Agreement, Business Associate agrees to implement reasonable systems for the discovery and prompt reporting of any actual or suspected Breach or Security Incident. Business Associate agrees to take the following steps:

            Notice to MSDH. (1) To notify their MSDH Point-of-Contact, MSDH IT Security Officer and MSDH Privacy Officer without unreasonable delay, and no later than five (5) days after discovery, by telephone call and email or registered or certified mail upon the discovery of an actual or suspected Breach of Unsecured PHI in electronic media or in any other media. (2) To notify their MSDH Point-of-Contact, MSDH IT Security Officer and MSDH Privacy Officer without unreasonable delay, and no later than five (5) days after discovery, by telephone call and email or registered or certified mail of any actual or suspected Security Incident affecting this Agreement, including but not limited to an actual or suspected Security Incident that involves data provided to MSDH by the Social Security Administration. A Breach or Security Incident shall be treated as discovered by Business Associate as of the first day on which the Breach or Security Incident is known, or by exercising reasonable diligence would have been known, to any person (other than the person committing the Breach or Security Incident) who is a workforce member, officer, or other agent of Business Associate.

            The notification shall include, to the extent possible and subsequently as the information becomes available, a reasonably detailed description of the actual or suspected Breach or Security Incident, the identification of all Individuals whose Unsecured PHI is reasonably believed by Business Associate to have been affected by the Breach or Security Incident along with any other available information that is required to be included in the notification to the Individual, HHS and/or the media, all in accordance with the data breach notification requirements set forth in 42 U.S.C. § 17932 and 45 C.F.R. Parts 160 and 164, Subparts A, D, and E, or any other applicable notification requirements.

            Upon discovery of an actual or suspected Breach or Security Incident, Business Associate shall take:
            • Prompt corrective action to mitigate any risks or damages involved with the Breach or Security Incident and to protect the operating environment; and
            • Any action pertaining to such unauthorized Disclosure required by applicable Federal and State laws and regulations.

            Investigation. To immediately investigate any such actual or suspected Breach or Security Incident upon discovery in order to determine if the actual or suspected Breach or Security Incident is a Violation of any applicable federal or state laws or regulations, and to submit updated information by email or registered or certified mail, as it becomes available, to the MSDH IT Security Officer and MSDH Privacy Officer.

            Complete Report. To provide a complete written report by email or registered or certified mail of the investigation to the MSDH IT Security Officer and MSDH Privacy Officer within ten (10) working days of the discovery of any actual or suspected Breach or Security Incident. The report shall include:
            • the identification of each Individual whose PHI was or is believed to have been involved;
            • a reasonably detailed description of the types of PHI involved; and
            • a full, detailed corrective action plan, including information on measures that were taken to halt and/or contain any suspected or actual Breach of security, intrusion or unauthorized Use or Disclosure.

            If MSDH requests information in addition to that provided in the written report, Business Associate shall make reasonable efforts to provide MSDH with such information. If necessary, a supplemental report may be utilized to submit revised or additional information after the completed report is submitted.

            Notification of Individuals. If the cause of an actual Breach of PHI is attributable to Business Associate or its subcontractors, agents or vendors, Business Associate shall notify each Individual of the Breach when notification is required under state or federal law and shall pay any costs of such notifications, as well as any costs associated with the Breach. The notifications shall comply with the requirements set forth in 42 U.S.C. § 17932 and its implementing regulations. The MSDH IT Security Officer and MSDH Privacy Officer shall approve the time, manner, and content of any such notifications and their review and approval must be obtained before the notifications are made.

            Responsibility for Reporting of Breaches. If the cause of a Breach of PHI is attributable to Business Associate or its agents, subcontractors, or vendors, and Business Associate is a covered entity as defined under HIPAA and the HIPAA regulations, Business Associate is responsible for
            all required reporting of the Breach as specified in 42 U.S.C. § 17932 and its implementing regulations, including notification to media outlets and to the Secretary of the U.S. Department of Health and Human Services. If Business Associate has reason to believe that duplicate reporting of the same Breach or Security Incident may occur because its subcontractors, agents or vendors may report the Breach or Security Incident to MSDH in addition to Business Associate, Business Associate shall notify MSDH, and MSDH and Business Associate may take appropriate action to prevent duplicate reporting. The Breach reporting requirements of this paragraph are in addition to the reporting requirements set forth above.
          5. Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or transmit PHI on behalf of the Business Associate agree to the same restrictions and conditions that apply to the Business Associate with respect to such information, all in accordance with 45 C.F.R. §§ 164.308 and 164.502
          6. Business Associate agrees to ensure that any subcontractors that create, receive, maintain, or transmit electronic PHI on behalf of Business Associate agree to comply with the applicable requirements of the Security Rule and Privacy Rule by entering into a Business Associate Agreement, in accordance with 45 C.F.R. §§ 164.308, 164.314, 164.502, and 164.504, and Business Associate shall provide MSDH with a copy of all such executed agreements between Business Associate and Business Associate’s subcontractors. Business Associate understands that submission of their subcontractors’ Business Associate Agreement(s) to MSDH does not constitute MSDH approval of any kind, including of the utilization of such subcontractors or of the adequacy of such agreements.
          7. Business Associate agrees that nothing in this Agreement is meant to take the place of any HIPAA-mandated reporting duties that apply directly to the Business Associate as a covered entity under HIPAA and its implementing regulations.
          8. Business Associate agrees to provide access, at the request of MSDH, and in the time and manner designated by MSDH, to PHI in a Designated Record Set, to MSDH or, as directed by MSDH, to an Individual in order to meet the requirements under 45 C.F.R. § 164.524.
          9. Business Associate agrees to document such Disclosures of PHI and information related to such Disclosures as would be required for MSDH to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 C.F.R. § 164.528. Business Associate agrees to retain such documentation for at least six (6) years after the date of Disclosure; the provisions of this Section shall survive termination of this Agreement for any reason.
          10. Where applicable, Business Associate agrees to retain and securely store all data and documents falling under this Agreement and the Underlying Agreement(s) in accordance with HIPAA, the HITECH Act, and their implementing regulations.
          11. Business Associate agrees to make any amendment(s) to PHI in a Designated Record Set that MSDH directs or agrees to pursuant to 45 C.F.R. § 164.526 at the request of MSDH or an Individual, and in the time and manner designated by MSDH.
          12. Business Associate agrees to provide to MSDH or an Individual, in a time and manner designated by MSDH, information collected in accordance with Section (III) of this Agreement, to permit MSDH to respond to a request by an Individual for an accounting of Disclosures of PHI in accordance with 45 C.F.R. § 164.528.
          13. Business Associate agrees that it shall only Use or Disclose the minimum PHI necessary to perform functions, activities, or services for, or on behalf of, MSDH as specified in the Underlying Agreement(s). Business Associate agrees to comply with any guidance issued by the Secretary on what constitutes “minimum necessary” for purposes of the Privacy Rule, and any minimum necessary policies and procedures communicated to Business Associate by MSDH.
          14. Routine transmission of PHI by fax is not recommended. If information must be faxed, Business Associate agrees PHI shall be limited to those recipients who have a need to gain access to the information. The information to be faxed shall be limited to the “minimum necessary” to accomplish the proposed function. A cover sheet must be utilized which includes a required confidential statement prohibiting unlawful redisclosure. In the event a fax is received by an unintended recipient, Business Associate should obtain the recipient’s contact information, attempt to identify the misdirected document, and then contact MSDH Privacy Officer. Generally, Business Associate should instruct the recipient of the misdirected fax to await further instructions from the Business Associate. Recipients should not be told to throw away a misdirected fax. MSDH may instruct the recipient to return or destroy the document, depending on the facts.
          15. Business Associate agrees that to the extent that Business Associate carries out MSDH’s obligations under the Privacy Rule, Business Associate will comply with the requirements of the Privacy Rule that apply to MSDH in the performance of such obligation.
          16. Business Associate agrees to make internal practices, books, and records, including policies and procedures and PHI, relating to the Use and Disclosure of PHI received from, or created or received by Business Associate on behalf of, MSDH available to the Secretary for purposes of determining MSDH's compliance with the Privacy Rule.
          17. Business Associate agrees that nothing in this Agreement shall permit Business Associate to access, store, share, maintain, transmit or Use or Disclose PHI in any form via any medium with any third party, including Business Associate’s subcontractors, beyond the boundaries and jurisdiction of the United States without express written authorization from MSDH.
          18. Business Associate agrees that all MSDH data will be encrypted using industry standard algorithms, preferably AES256 or Triple DES and/or SSL/TLS 1.2+.
          19. Business Associate agrees to comply with the State of Mississippi ITS Enterprise Security Policy, which will be provided by MSDH upon request.
          20. Business Associate agrees to make an executive summary of its most recent information security audit available to MSDH upon request by MSDH.
          21. The provisions of the HITECH Act that apply to Business Associate and are required to be incorporated by reference in a business associate agreement are hereby incorporated into this Agreement, including, without limitation, 42 U.S.C. §§ 17935(b), (c), (d) and(e), and 17936(a) and (b), and their implementing regulations.
          22. 42 U.S.C. §§ 17931(b) and 17934(c), and their implementing regulations, each apply to Business Associate with respect to its status as a business associate to the extent set forth in each such section.
          23. Business Associate shall be responsible for, and shall reimburse MSDH for costs and expenses associated with steps reasonably implemented by MSDH to mitigate any Breach or other non‐ permitted Use or Disclosure of PHI or medical, health or personal information protected by other federal or state law, including, without limitation, the following: data analysis to determine appropriate mitigation steps in the event of a Breach, including assistance from Business Associate in the investigation of the Breach and, as needed, access to Business Associate’s systems and records for purposes of Breach data analysis; preparation and mailing of notification(s) about the Breach to impacted Individuals, the media and regulators; costs associated with proper handling of inquiries from Individuals and other entities about the Breach (such as the establishment of toll‐free numbers, maintenance of call centers for intake, preparation of scripts, questions/answers, and other communicative information about the Breach); credit monitoring and account monitoring services for impacted Individuals for a reasonable period (which shall be no less than 12 months); other mitigation action steps required of MSDH by federal or state regulators; and other reasonable mitigation steps required by MSDH.
          24. Business Associate shall not, without written authorization from MSDH, perform marketing or fundraising on behalf of MSDH, or engage in the types of communications on behalf of MSDH that are excepted from the definition of “marketing” established at 45 C.F.R. §164.501. If MSDH requests and authorizes Business Associate to engage in these activities, Business Associate shall comply with the applicable provisions of the HITECH Act and the HIPAA Rules.
          25. Business Associate shall not directly or indirectly receive remuneration in exchange for an Individual's PHI unless it is pursuant to specific written authorization by the Individual or subject to an exception established in the HIPAA Rules.
          26. Without prior written approval from MSDH, Business Associate shall not publicly release any report, article, paper, graph, chart, or other product created, in whole or in part, using data provided or developed under this Agreement.
          27. Business Associate agrees to utilize reasonable measures (including training) to ensure compliance with the requirements of this Agreement by employees who assist in the performance of functions or activities under this Agreement and Use or Disclose MSDH data, and to discipline such employees who intentionally violate any provisions of this Agreement.
    • IV. Permitted Uses and Disclosures by Business Associate
          1. General Use and Disclosure Provisions: Subject to the terms of this Agreement, Business Associate may Use or Disclose PHI to perform functions, activities, or services for, or on behalf of, MSDH as specified in the Underlying Agreement(s), provided that such Use or Disclosure would not Violate what is Required by Law or the Privacy Rule if done by MSDH, except for the specific Uses and Disclosures set forth below, for the purpose of performing the Underlying Agreement(s).
          2. Specific Use and Disclosure Provisions:
            1. Business Associate may Use PHI, if necessary, for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate under the Underlying Agreement(s) entered into between MSDH and Business Associate.
            2. Business Associate may Disclose PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate, provided that Disclosures are Required by Law and the person to whom the PHI was Disclosed notifies the Business Associate of any instances of which it is aware in which the confidentiality of the information has been breached.
            3. If Business Associate must Disclose PHI pursuant to law or legal process, Business Associate shall notify MSDH by phone and in writing without unreasonable delay and at least five (5) days in advance of any Disclosure so that MSDH may take appropriate steps to address the Disclosure, if needed.
            4. In the event that Business Associate works for more than one covered entity, Business Associate may Use and Disclose PHI for Data Aggregation purposes, however, only in order to analyze data for permitted health care operations, and only to the extent that such is permitted under the Privacy Rule.
            5. Business Associate may Use and Disclose de‐identified health information if (a) the Use is communicated to MSDH and (b) the de‐identified health information meets the implementation specifications for de‐identification under the Privacy Rule.
    • V. Obligations of MSDH
          1. MSDH shall provide Business Associate with the Notice of Privacy Practices that MSDH produces in accordance with 45 C.F.R. § 164.520, as well as any changes to such Notice of Privacy Practices, upon request.
          2. MSDH shall notify Business Associate of any limitation(s) in its Notice of Privacy Practices to the extent that such limitation may affect Business Associate's Use or Disclosure of PHI.
          3. MSDH shall notify Business Associate of any changes in, or revocation of, permission by an Individual to Use or Disclose PHI, to the extent that such changes may affect Business Associate's Use or Disclosure of PHI.
          4. MSDH shall notify Business Associate of any restriction to the Use or Disclosure of PHI that MSDH has agreed to in accordance with 45 C.F.R. § 164.522, to the extent that such restriction may affect Business Associate’s Use or Disclosure of PHI.
          5. Permissible Requests by MSDH: MSDH shall not request Business Associate to Use or Disclose PHI in any manner that would not be permissible under the Privacy Rule if done by MSDH, except as provided for in Section (IV) of this Agreement.
    • VI. Terms and Termination
          1. Term. For any new Underlying Agreement(s) entered into between MSDH and Business Associate, the effective date of this Agreement is the effective date of the Underlying Agreement(s) entered into between MSDH and Business Associate. For any ongoing Underlying Agreement(s) entered into between MSDH and Business Associate, the effective date of this Agreement is the date first herein written. This Agreement shall terminate when all of the PHI provided by MSDH to Business Associate or created or received by Business Associate on behalf of MSDH, is destroyed or returned to MSDH, or, if it is infeasible to return or destroy PHI, protections are extended to such information in accordance with the termination provisions in this Section. Termination of this Agreement shall automatically terminate the Underlying Agreement(s).
          2. Termination for Cause. Upon MSDH's knowledge of a material Violation by Business Associate, MSDH shall, at its discretion, either:
            1. provide an opportunity for Business Associate to cure or end the Violation within a time specified by MSDH, after which MSDH may in its discretion terminate this Agreement and the Underlying Agreement(s) if Business Associate does not cure or end the Violation within the time specified by MSDH; or
            2. immediately terminate this Agreement and the associated Underlying Agreement(s) if Business Associate has broken a material term of this Agreement and cure is not possible.
          3. Effect of Termination.
            1. Upon termination of this Agreement and the Underlying Agreement(s) for any reason, Business Associate shall return or destroy all PHI received from or created or received by Business Associate on behalf of, MSDH in accordance with State and Federal retention guidelines. This provision shall also apply to PHI that is in the possession of subcontractors or agents of Business Associate. Business Associate shall retain no copies of the PHI.
            2. In the event that Business Associate determines that returning or destroying the PHI is infeasible, Business Associate shall provide to MSDH notification of the conditions that make return or destruction infeasible. Upon notification in writing that return or destruction of PHI is infeasible, Business Associate shall extend the protections of this Agreement to such PHI and limit further Uses and Disclosures to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.
            3. Reproductive Health Care Disclosure Prohibited: Business Associate shall not disclose or respond to any request or demand for PHI that is actually or potentially related to reproductive health care where the request or demand is for the purpose of health oversight activities, law enforcement activities, judicial or administrative proceedings, or disclosures to coroners and medical examiners. Business Associate agrees that it will not use, disclose, transmit, or otherwise provide PHI for the purpose(s) of a) identifying an individual, conducting a criminal, civil or administrative investigation about an individual, or imposing criminal, civil or administrative liability upon an individual, for the mere act of seeking, obtaining, providing or facilitating lawful reproductive health care services.
            4. Business Associate will require that any request or demand for PHI under this section be accompanied by a signed and valid attestation ensuring that the PHI sought is not for a prohibited purpose. Any request or demand for such PHI must be forwarded to the Department for review, together with the signed attestation from the requesting party.
    • Ability to Perform

      The vendor may be required before the award of any contract to show to the complete satisfaction of the agency that it has the necessary facilities, ability, and financial resources to provide the service specified therein in a satisfactory manner. The vendor may also be required to give a past history and references in order to satisfy the agency in regard to the vendor’s qualifications. The agency may make reasonable investigations deemed necessary and proper to determine the ability of the vendor to perform the work, and the vendor shall furnish to the agency all information for this purpose that may be requested. The agency reserves the right to reject any quote if the evidence submitted by, or investigation of, the vendor fails to satisfy the agency that the vendor is properly qualified to carry out the obligations of the contract and to complete the work described therein. Evaluation of the vendor’s qualifications shall include:

        1. the ability, capacity, skill, and financial resources to perform the work or provide the service required;
        2. the ability of the bidder to perform the work or provide the service promptly or within the time specified, without delay or interference;
        3. the character, integrity, reputation, judgment, experience, and efficiency of the vendor; and,
        4. the quality of performance of previous contracts or services.
    • VII. Miscellaneous
          1. Statutory and Regulatory References. A reference in this Agreement to a section in HIPAA, its implementing regulations, or other applicable law means the section as in effect or as amended, and for which compliance is required.
          2. Amendments/Changes in Law.
            1. General. Modifications or amendments to this Agreement may be made upon mutual agreement of the Parties, in writing signed by the Parties hereto and approved as required by law. No oral statement of any person shall modify or otherwise affect the terms, conditions, or specifications stated in this Agreement. Such modifications or amendments signed by the Parties shall be attached to and become part of this Agreement.
            2. Amendments as a Result of Changes in the Law. The Parties agree to take such action as is necessary to amend this Agreement as is necessary to effectively comply with any subsequent changes or clarifications of statutes, regulations, or rules related to this Agreement. The Parties further agree to take such action as is necessary to comply with the requirements of HIPAA, its implementing regulations, and other applicable law relating to the security and privacy of PHI.
            3. Procedure for Implementing Amendments as a Result of Changes in Law. In the event that there are subsequent changes or clarifications of statutes, regulations or rules relating to this Agreement, or the Parties’ compliance with the laws referenced in Section (VII)(b) of this Agreement necessitates an amendment, the requesting party shall notify the other party of any actions it reasonably deems are necessary to comply with such changes or to ensure compliance, and the Parties promptly shall take such actions. In the event that there shall be a change in the federal or state laws, rules or regulations, or any interpretation of any such law, rule, regulation, or general instructions which may render any of the material terms of this Agreement unlawful or unenforceable, or materially affects the financial arrangement contained in this Agreement, the Parties may, by providing advanced written notice, propose an amendment to this Agreement addressing such issues.
          3. Survival. The respective rights and obligations of Business Associate provided for in Sections (III)(j) and (VI)(c) of this Agreement shall survive the termination of this Agreement.
          4. Interpretation. Any ambiguity in this Agreement shall be resolved to permit MSDH to comply with HIPAA, its implementing regulations, and other applicable law relating to the security and privacy of PHI.
          5. Indemnification. To the fullest extent allowed by law, Business Associate shall indemnify, defend, save and hold harmless, protect, and exonerate MSDH, its employees, agents, and representatives, and the State of Mississippi from and against all claims, demands, liabilities, suits, actions, damages, losses, and costs of every kind and nature whatsoever including, without limitation, court costs, investigative fees and expenses, and attorney’s fees, arising out of or caused by Business Associate and/or its partners, principals, agents, and employees in the performance of or failure to perform this Agreement. In MSDH’s sole discretion, Business Associate may be allowed to control the defense of any such claim, suit, etc. In the event Business Associate defends said claim, suit, etc., Business Associate shall utilize legal counsel acceptable to MSDH. Business Associate shall be solely responsible for all costs and/or expenses associated with such defense, and MSDH shall be entitled to participate in said defense. Business Associate shall not settle any claim, suit, etc. without MSDH’s concurrence, which MSDH shall not unreasonably withhold.

            MSDH’s liability, as an entity of the State of Mississippi, is determined and controlled in accordance with Mississippi Code Annotated § 11‐46‐1 et seq., including all defenses and exceptions contained therein. Nothing in this Agreement shall have the effect of changing or altering the liability or of eliminating any defense available to the State under statute.
          6. Disclaimer. MSDH makes no warranty or representation that compliance by Business Associate with this Agreement, HIPAA, its implementing regulations, or other applicable law will be adequate or satisfactory for Business Associate’s own purposes or that any information in Business Associate’s possession or control, or transmitted or received by Business Associate, is or will be secure from unauthorized Use or Disclosure. Business Associate is solely responsible for all decisions made by Business Associate regarding the safeguarding of PHI.
          7. Notices. Any notice from one party to the other under this Agreement shall be in writing and may be either personally delivered, emailed, or sent by registered or certified mail in the United States Postal Service, Return Receipt Requested, postage prepaid, addressed to each party at the addresses which follow or to such other addresses provided for in this Agreement or as the Parties may hereinafter designate in writing:

            MSDH: (Covered Entity)

            Privacy Officer
            Mississippi State Department of Health
            570 East Woodrow Wilson
            Suite O-150
            P.O. Box 1700
            Jackson, MS 39215
            601-576-7874

            IT Security Officer
            Mississippi State Department of Health
            570 East Woodrow Wilson
            Suite O-450
            P.O. Box 1700
            Jackson, MS 39215
            601-576-7821

            Business Associate:

            Name of Business: _____________
            Attn: ________________________
            Title: ________________________
            Address: _____________________
            Phone: ______________________
            Email: _______________________

            Any such notice shall be deemed to have been given as of the date transmitted.
          8. Severability. It is understood and agreed by the Parties hereto that if any part, term, or provision of this Agreement is by the courts or other judicial body held to be illegal or in conflict with any law of the State of Mississippi or any federal law, the validity of the remaining portions or provisions shall not be affected and the obligations of the parties shall be construed in full force as if this Agreement did not contain that particular part, term, or provision held to be invalid.
          9. Applicable Law. This Agreement shall be construed broadly to implement and comply with the requirements relating to HIPAA and its implementing regulations. All other aspects of this Agreement shall be governed by and construed in accordance with the laws of the State of Mississippi, excluding its conflicts of laws provisions, and any litigation with respect thereto shall be brought in the courts of the State. Business Associate shall comply with applicable federal, state, and local laws, regulations, policies, and procedures as now existing and as may be amended or modified. Where provisions of this Agreement differ from those mandated by such laws and regulations, but are nonetheless permitted by such laws and regulations, the provisions of this Agreement shall control.
          10. Non‐Assignment and Subcontracting. Business Associate shall not assign, subcontract, or otherwise transfer this Agreement, in whole or in part, without the prior written consent of MSDH. Any attempted assignment or transfer of its obligations without such consent shall be null and void. No such approval by MSDH of any subcontract shall be deemed in any way to provide for the incurrence of any obligation of MSDH in addition to the total compensation agreed upon in this Agreement. Subcontracts shall be subject to the terms and conditions of this Agreement and to any conditions of approval that MSDH may deem necessary. Subject to the foregoing, this Agreement shall be binding upon the respective successors and assigns of the parties. MSDH may assign its rights and obligations under this Agreement to any successor or affiliated entity.
          11. Entire Agreement. This Agreement contains the entire agreement between the Parties and supersedes all prior discussions, instructions, directions, understandings, negotiations, agreements, and services for like services.
          12. No Third Party Beneficiaries. Nothing express or implied in this Agreement is intended to confer, nor shall anything herein confer, upon any person other than the Parties and their respective successors, heirs, or permitted assigns, any rights, remedies, obligations, or liabilities whatsoever.
          13. Assistance in Litigation or Administrative Proceedings. Business Associate shall make itself and any workforce members, contractors, subcontractors, representatives, agents, affiliates, or subsidiaries assisting Business Associate in the fulfillment of its obligations under this Agreement, available to MSDH, at no cost to MSDH, to testify as witnesses, or otherwise, in the event of litigation or administrative proceedings being commenced against MSDH, its directors, officers, or any other workforce member based upon claimed Violation of HIPAA, its implementing regulations, or other applicable law, except where Business Associate or its workforce members, contractors, subcontractors, representatives, agents, affiliates, or subsidiaries are a named adverse party.

       

      [Signature Page Follows]

       

      Business Associate:   
      __________________________________________          
                         
      By:_____________________________________  By:_____________________________________
       (Authorized Signature)   (Authorized Signature)
                         
      Print Name:_______________________________  Print Name:______________________________
      Title:____________________________________  Title:____________________________________
      Address:_________________________________  Address:_________________________________
      Phone Number:___________________________  Phone Number:____________________________
      Date:___________________________________  Date:____________________________________
            
      Mississippi State Department of Health    
           
      By:_____________________________________    
       (Authorized Signature)          
                         
      Print Name:_______________________________          
      Title:___________________________________          
      Address:_________________________________          
      Phone Number:___________________________          
      Date:___________________________________          
    • Insurance

      The Vendor shall ensure that the professional staff and other decision-making staff shall be required to carry professional liability insurance in an amount commensurate with the professional responsibilities and liabilities under the terms of this Solicitation.

      The Vendor shall obtain, pay for and keep in force during the Contract period general liability insurance against bodily injury or death in an amount commensurate with the responsibilities and liabilities under the terms of this Solicitation.

    Submission Requirements

    • MAGIC Vendor ID Number (required)

      Enter your MAGIC Vendor Number here. This is a ten (10) digit number that begins with 310. This information must be submitted accurately.

      Please see below for additional guidance:

      • If you ARE registered with the MAGIC eProcurement system and do not know your MAGIC Vendor number, you may contact the MAGIC helpdesk by calling (601) 359-1343 or by emailing mash@dfa.gov for assistance. Webpage Call Center.                  (Do NOT create a new vendor number)
      • If you are NOT registered, please visit the registration page here: MAGIC eProcurement system. If you require assistance, you may access the Call Center page for both a phone number and email as well as business hours for assistance.  

       

    • Vendor Signatory Authority (required)

      If awarded a contract, who would sign on behalf of the company. Please list the full name and title of the individual signing.

      EXAMPLE
      Name, Title

    • Licences and Certifications (required)

      Provide notarized copies of all valid licenses and certificates required for performance of the work.

    • Independently Audited Financial Statements (required)

      Submit copies of the most recent years independently audited financial statements as well as financial statements for the preceding three years, if they exist. 

    • Conflicts of Interest
    • Other Current MSDH Contracts (required)

      List all other current agreements/contracts with MSDH, including the dollar amount associated with the agreement/contract and the beginning and ending dates. If no other funds are received, please mark N/A.

      Please provide each entry in the following format:

      MSDH Program or Agreement/Contract Name #1

      • Dollar Amount
      • Contract Beginning Date
      • Contract Ending Date
    • Organization Governing Body (required)

      Please list the name of each member of your organization’s Board of Directors or other governing body (i.e., trustee, alderman, partner, owner).

    • Governing Body or Project Staff Affiliations (required)

      Are any members of the governing body or project staff also MSDH employees, MSDH Board Members, or spouses, parents, or children of MSDH employees?

    • Governing Body or Staff Affiliations - Explanation (required)

      You have indicated that one or more members of your governing body or project staff are also MSDH employees, MSDH Board Members, or spouses, parents, or children of MSDH employees.

      Please provide the following for all such individuals:

      • Name of Individual
      • Indicate if individual is an MSDH Employee, MSDH Board Member, or relative type of MSDH employee.
      • Applicable position held with MSDH
    • Income From Business (required)

      Does the MSDH Board Member, Employee, or Relative receive more than $2,500.00 per year in income from the business?

    • Ownership Status - Percentage (required)

      Does the MSDH Board Member, Employee, or Relative own ten (10%) percent or more of the fair market value in the business, either directly or indirectly through another business?

    • Ownership Status - Amount (required)

      Does the MSDH Board Member, Employee, or Relative have ownership interest in the business, in which the fair market value exceeds $5,000.00?

    • Position Within Business (required)

      Is the MSDH Board Member, Employee, or Relative a director, officer, or employee of the business?

    • Conflict of Interest Certification (required)

      I hereby certify that the information set forth above is true and complete to the best of my knowledge and that no MSDH employee, spouse, parent, or child of an MSDH employee, serves as a member of the governing body, project staff, or has an ownership or pecuniary interest in the agreement/contract or organization. I agree to notify MSDH within thirty (30) days if any of these conditions change during the agreement/contract.

    • Additional Information
    • Debarment, Suspension, and Eligibility (required)

      The bidder certifies that they or any of its principals _____ presently debarred, suspended, proposed for debarment, or declared ineligible for award of federal or state contracts.

      Select the answer which best fills in the blank for the applicant.

    • Charges From A Government Agency (required)

      The bidder certifies that they or any of its principals _____ presently indicted for, or otherwise criminally or civilly charged by a government entity.

      Select the answer which best fills in the blank for the applicant.

    • Conviction or Acknowledgment of Fault (required)

      The bidder certifies that they or any of its principals _____ within the last five (5) years, been the subject of a federal or state criminal proceeding resulting in a conviction or other acknowledgment of fault, been the subject of a federal or state civil or administrative proceeding resulting in a finding of fault with a monetary fine, penalty, reimbursement, restitution, and/or damages greater than $5,000 or other acknowledgment of fault;  convicted of or had a civil judgment rendered against them for commission of fraud or criminal offense in connection with obtaining, attempting to obtain, or performing a public (federal, state or local) contract or subcontract; violation of Federal or State antitrust statues relating to the submission of offers; or commission of embezzlement, theft, forgery, bribery, falsification or destruction of records, making false statements or receiving stolen property.

      Select the answer which best fills in the blank for the applicant.

    • Contract Termination By Default (required)

      The bidder certifies that they or any of its principals _____ within the last three (3) years preceding this offer, had one or more contracts terminated for default by any federal agency.

      Select the answer which best fills in the blank for the applicant.

    • Felony Criminal Violations (required)

      The bidder certifies that they or any of its principals _____ within the last twenty-four (24) months, been convicted of a felony criminal violation under federal or state law.

      Select the answer which best fills in the blank for the applicant.

    • Financial Records (required)

      Does the applicant have a financial management system that provides records that can identify the source and award-supported activities and provides control and accountability of project funds, property, and other assets?

    • Audit Status / Fiscal Responsibility (required)

      Does the applicant receive an annual audit in accordance with Uniform Guidance §200.514 (formerly A-133)?

    • Most Recent Audit (required)

      What is the most recent fiscal year for which this audit was completed?

    • Report Findings (required)

      Were there any audit findings in the most recent report?

      If "Yes", please be sure to provide an explanation in the applicable upcoming question. Failure to provide an explanation may cause your submittal to be deemed non-responsive.

    • Recent Audit Report (required)

      Please upload a copy of your most recent Uniform Guidance §200.514 (formerly A-133) Audit Report.

    • Explanation or Other Information (required)

      Please provide any additional information around your Audit Status that you feel is necessary here. This includes an explanation regarding any audit findings in your most recent audit.

      If you have nothing to add here, please state that you have no additional information to provide.

    • No Annual Audit (required)

      You have stated that the applicant does not receive an annual audit in accordance with Uniform Guidance §200.514 (formerly A-133).

      Please select the option which best fits the reason why.

    • No Annual Audit - Other (required)

      If you selected "Other" in the previous question regarding why you do not receive an annual audit in accordance with Uniform Guidance §200.514 (formerly A-133) please specify here.

      If your answer to the previous question was not "Other", please respond here with "N/A".

    • W9 (required)

      Upload a copy of your current W9 here.

    • SOQ Confirmation (required)

      Bidder confirms and acknowledges that they have read this SOQ in its entirety and fully understands all requirements. Submitting party further confirms that they are authorized on behalf of the vendor to submit such a quote.

    • RELEASE OF BID, PROPOSAL or QUALIFICATION AS PUBLIC RECORD (required)

      Bidders or Offerors shall acknowledge which of the following statements is applicable regarding release of its bid, proposal or qualification as a public record. A bidder or offeror may be deemed non-responsive if the bidder or offeror does not acknowledge either statement, acknowledges both statements, or fails to comply with the requirements of the statement acknowledged. Choose one:

      OPTION ONE:

      ____ Along with a complete copy of its bid, proposal or qualification, bidder or offeror has submitted a second copy of the bid, proposal or qualification in which all information bidder or offeror deems to be confidential commercial and financial information and/or trade secrets is redacted in black. Bidder or Offeror acknowledges that it may be subject to exclusion pursuant to Chapter 15 of the PPRB OPSCR Rules and Regulations if the Agency or the Public Procurement Review Board determine redactions were made in bad faith in order to prohibit public access to portions of the bid, proposal or qualification which are not subject to Mississippi Code Annotated §§ 25-61-9, 75-26-1 through 75-26-19, and/or 79-23-1. Bidder or Offeror acknowledges and agrees that MSDH may release the redacted copy of the bid, proposal or qualification at any time as a public record without further notice to bidder or offeror. A bidder or offeror who selects this option but fails to submit a redacted copy of its bid, proposal or qualification may be deemed non-responsive.

      OPTION TWO:

      ____ Bidder or Offeror hereby certifies that the complete unredacted copy of its bid, proposal or qualification may be released as a public record by the MSDH at any time without notice to bidder or offeror. The proposal or qualification contains no information bidder or offeror deems to be confidential commercial and financial information and/or trade secrets in accordance with Mississippi Code Annotated §§ 25-61- 9, 75-26-1 through 75-26-19, and/or 79-23-1. Bidder or Offeror explicitly waives any right to receive notice of a request to inspect, examine, copy, or reproduce its bid as provided in Mississippi Code Annotated § 25-61-9(1)(a). A bidder or offeror who selects this option but submits a redacted copy of its bid, proposal or qualification may be deemed non-responsive.

      In addition to the complete unredacted version of the bid, if applicable the bidder shall also submit a copy of the bid with information the bidder deems confidential commercial and financial information and/or trade secrets in accordance with Mississippi Code Annotated §§ 25-61-9, 75-26-1 through 75-26-19, and/or 79-23-1 redacted in black ink.

      By submission bidder acknowledges that it may be subject to exclusion pursuant to Chapter 15 of the PPRB OPSCR Rules and Regulations if the MSDH or the Public Procurement Review Board determine redactions were made in bad faith in order to prohibit public access to portions of the bid which are not subject to Mississippi Code Annotated §§ 25-61-9, 75-26-1 through 75-26-19, and/or 79-23-1.

      Bidder acknowledges and agrees that MSDH may release the redacted copy of the bid document at any time as a public record without further notice to bidder. A bidder who selects this option but fails to submit a redacted copy of its bid may be deemed non-responsive. Bidder or Offeror hereby certifies that the complete unredacted copy of its bid may be released as a public record by the MSDH at any time without notice to bidder. Bidder explicitly waives any right to receive notice of a request to inspect, examine, copy, or reproduce its bid as provided in Mississippi Code Annotated § 25-61-9(1)(a). The bid contains no information bidder deems to be confidential commercial and financial information and/or trade secrets in accordance with Mississippi Code Annotated §§ 25-61-9, 75-26-1 through 75-26-19, and/or 79-23-1. A bidder who selects this option but submits a redacted copy of its bid may be deemed nonresponsive.

    • Work Performed Payment Notice (required)

      I/We understand and acknowledge work performed prior to execution is done at the vendor’s own risk and may not be eligible for payment. MSDH reserves the right, in its sole discretion, to determine on a case-by-case basis whether payment is allowable based on the particular circumstances.

    • Vendor Signatory Authority (required)

      If awarded a contract, who would sign on behalf of the company. Please list the full name and title of the individual signing.

      EXAMPLE
      Name, Title

    • Contract Terms and Conditions (required)

      I/We certify that we have read and understand the "Mississippi Department of Health Contract Terms and Conditions” contained in Attachment A. If awarded the terms and conditions will be followed accordingly. 

      I/We understand that all confirmations and any attachments, as well as my/our responses to this solicitation will be fully incorporated by reference in the terms and conditions of any contract that may be executed as a result of this solicitation.

      Failure to confirm and agree to these terms or request exception to those contained will result in disqualification of any submitted bid.

    • Electronic Pricing Table (required)

      Do you wish to use the electronic pricing table available within OpenGov?

    • Period of Performance - Start (required)

      What is the estimated calendar date on which the period of performance for services obtained through this SOQ shall begin?

      EXAMPLE:
      July 1, 2025

    • Period of Performance - End (required)

      What is the estimated calendar date on which the initial period of performance for services obtained through this SOQ shall end?

      EXAMPLE:
      December 31, 2025

    • Minimum Qualifications?

      Are there minimum requirements or prerequisites for vendors submitting a quote for this SOQ?

      If so, which of the following apply?

      If there are no prerequisites or minimum requirements for this SOQ then you may skip this question.

    • Number of Years (required)

      What is the minimum number of years of experience required by the vendor?

      Your answer should be structured as if filling in the highlighted area below:

      Contractor must have been in business and provided services similar in requirements and scale to those described in this SoQ for a minimum of ____ years.

    • Independently Audited Financial Statements? (required)

      Will the vendor be required to submit Independently Audited Financial Statements as part of their submittal to this SOQ?

    • Licenses and/or Certifications (required)

      Will the vendor be required to provide notarized copies of all valid licenses and/or certificates as part of their response to this SOQ? This does not include items required after the notice of intent to award.

    • Federal Grant? (required)

      Is there any federal grant money being used with this procurement?

    • Business Associate Agreement? (required)

      Will the business associate agreement be used?

    • Funding Information
    • Cost Center (required)

      Please specify the cost center information. Be sure to include the % of each cost center. If there are multiple cost centers, please separate each with a comma and be sure they add up to 100% or your posting will not be approved.

      EXAMPLE 1
      1301010707  100%

    • Functional Area (required)

      Please specify the functional area information. Be sure to include the % of each functional area. If there are multiple functional areas, please separate each with a comma and be sure they add up to 100% or your posting will not be approved.

      EXAMPLE 1
      13010101000000DV  100%

    • Internal Order (required)

      Please specify the internal order information. Be sure to include the % of each internal order. If there are multiple internal orders, please separate each with a comma and be sure they add up to 100% or your posting will not be approved.

      EXAMPLE 1
      30000035771  100%

    Key dates

    1. April 6, 2026Published
    2. April 20, 2026Responses Due

    AI classification tags

    furniture installationfurniture removaldelivery servicessurplus managementgovernment contractinghealth department services

    Frequently asked questions

    SLED stands for State, Local, and Education. These are solicitations issued by state governments, counties, cities, school districts, utilities, and higher education institutions — as opposed to federal agencies.

    SamSearch Platform

    Stop searching. Start winning.

    AI-powered intelligence for the right opportunities, the right leads, and the right time.

    Book a Demo