The D.C. Primary Care Association will occasionally issue Requests for Information/Proposals (RFI/RFP) and will post them here, along with other associated documentation. The applicant must be registered on SAM.gov and comply with federal guidance.

Emergency Preparedness Training & Technical Assistance (T/TA) Program

Issued by: D.C. Primary Care Association (DCPCA), Emergency Preparedness Program Coordinator

Health Center/FQHC Cybersecurity Needs Assessment and Training 

Introduction 

DCPCA is seeking proposals from qualified vendors to conduct a Healthcare Cybersecurity Needs Assessment and provide Cybersecurity Training for our members. This initiative is critical in strengthening the security of our member organization’s IT systems, protecting sensitive patient data, and ensuring compliance with industry regulations such as HIPAA. The goal is to identify potential vulnerabilities, address cybersecurity gaps, and equip staff with the knowledge and skills necessary to maintain a secure healthcare environment. 

The selected vendor will be responsible for assessing the current cybersecurity posture and delivering tailored training to ensure that staff understand their role in maintaining robust cybersecurity defenses.  

Objective 

  • Conduct a Healthcare Cybersecurity Needs Assessment: Assess the current cybersecurity status of health center members, identifying gaps and vulnerabilities in systems, policies, and practices. 

  • Provide Cybersecurity Training: Design and deliver cybersecurity training tailored to healthcare staff, including both general staff and IT personnel, to enhance their awareness and practical skills in maintaining cybersecurity. 

Scope of Work 

The selected vendor will be responsible for the following: 

A. Cybersecurity Needs Assessment 

  • Current State Assessment: Review and analyze the current cybersecurity policies, practices, and infrastructure to identify potential vulnerabilities. 

  • Risk Assessment: Evaluate the potential risks and impacts to sensitive healthcare data (e.g., PHI), medical devices, and systems. 

  • Recommendations for Improvement: Provide a comprehensive report detailing the findings of the assessment and actionable recommendations to strengthen our cybersecurity posture. 

B. Cybersecurity Training for Health Center Staff 

  • Training Design: Develop a tailored cybersecurity training program that addresses the needs of different employee groups (e.g., clinical staff, administrative staff, and IT staff). The training should focus on:  

  • Basic cybersecurity awareness 

  • Protection of patient data (PHI) 

  • Preventing phishing attacks and social engineering 

  • Safe use of devices and networks 

  • Responding to potential security breaches or data leaks 

  • Understanding and complying with HIPAA and other regulations 

  • Ongoing Learning Resources: Provide materials and resources for ongoing learning, including refresher courses and training updates. 

Proposal Requirements 

Interested vendors must include the following elements in their proposals: 

  • Technical Proposal detailing approach, curriculum structure, and methodology. 

  • Budget Proposal including costs for development, facilitation, and materials. 

  • Organizational/Individual Qualifications with references and past experience. 

  • Timeline for program implementation aligned with internal timeline. 

Evaluation Criteria 

Proposals will be evaluated based on the following criteria: 

  • Experience and Qualifications (30%) 

  • Relevant experience working in the FQHC and clinic industry and expertise in cybersecurity 

  • Certifications, such as CISSP, CISM, or equivalent, held by trainers 

  • Approach to Cybersecurity Needs Assessment and Training (30%) 

  • Cost and Value for Money (20%) 

  • Post-Training Evaluation and Reporting (20%) 

 

All proposals must be submitted by 03/03/2025 to Cade Pickette, a cpickette@dcpca.org

Project Anticipated Start Date: 05/01/2025  Please Email: cpickette@dcpca.org 

Posted via Website: 02/03/2025