Subpart 802.1 - Definitions

802.101 Definitions.

A/E means architect/engineer.

Business associate (or associate) means an entity, including an individual (other than a member of the workforce of a covered entity), company, organization, or another covered entity, as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. 104-191) Privacy Rule (45 CFR part 160), that performs or assists in the performance of a function or activity on behalf of the Veterans Health Administration (VHA) that involves the creating, receiving, maintaining, transmitting of, or having access to, protected health information (PHI), or that provides to or for VHA, certain services as specified in the HIPAA Privacy Rule that involve the disclosure of PHI to a contractor by VHA. The term also includes a subcontractor of a business associate that creates, receives, maintains, or transmits PHI or that stores, generates, accesses, exchanges, processes, or utilizes such PHI on behalf of the business associate.

Business Associate Agreement (BAA) means the agreement, as dictated by the HIPAA Privacy Rule (45 CFR part 160), between VHA and a business associate, which must be entered into in addition to the underlying contract for services and before any release of PHI can be made to the business associate, in order for the business associate to perform certain functions or activities on behalf of VHA.

Chief Acquisition Officer (CAO) means the Principal Executive Director, Office of Acquisition, Logistics, and Construction.

COR means Contracting Officer's Representative.

FAR means the Federal Acquisition Regulation.

GAO means the Government Accountability Office.

Gray market items means original equipment manufacturer goods intentionally or unintentionally sold outside an authorized sales territory or sold by non-authorized dealers in an authorized sales territory.

HCA means the Head of the Contracting Activity, an individual appointed in writing by the SPE.

Information system means, pursuant to 38 U.S.C. 5727, a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information whether automated or manual.

Information technology (see FAR 2.101) also means Information and Communication Technology (ICT).

Information technology-related contracts means those contracts which include services (including support services) and related resources for information technology as defined in this section.

OGC means the Office of the General Counsel.

Ordering officer means the VA official authorized to order supplies and services against a FAR-based contract or agreement in accordance with the ordering limits identified in the contract or agreement or the specific ordering guide in accordance with 801.601(b).

Privacy officer means the VA official with responsibility for implementing and oversight of privacy related policies and practices that impact a given VA acquisition.

Public Law (Pub. L.) 109-461 means the Veterans Benefits, Health Care and Information Technology Act of 2006, as codified in 38 U.S.C. 8127 and 8128.

SDVOSB/VOSB when used as an initialism means a service-disabled veteran-owned small business (SDVOSB) and/or veteran-owned small business (VOSB) that has been found by VA eligible to participate in the Veterans First Contracting Program implemented at subpart 819.70 and listed in the Vendor Information Pages. The term is synonymous with VA or VIP-verified small business concerns owned and controlled by Veterans.

Security plan means a formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.

Sensitive personal information means, with respect to an individual, any information about the individual maintained by VA, including but not limited to the following:

(1) Education, financial transactions, medical history, and criminal or employment history.

(2) Information that can be used to distinguish or trace the individual's identity, including but not limited to name, Social Security Number, date and place of birth, mother's maiden name, or biometric records.

Service-disabled veteran-owned small business (SDVOSB) or small business concern owned and controlled by Veterans with service-connected disabilities has the same meaning as service-disabled veteran-owned small business concern defined in FAR 2.101, except that for acquisitions authorized by 38 U.S.C. 8127 and 8128 for the Veterans First Contracting Program, these businesses must be listed as verified in the VIP database. In addition, some SDVOSB listed in the VIP database may be owned and controlled by a surviving spouse. See definition of surviving spouse in this section.

Small business concern has the same meaning as defined in FAR 2.101.

SPE means the Senior Procurement Executive who is also the Executive Director, Office of Acquisition and Logistics. The SPE is responsible for the management direction of the VA acquisition system.

Surviving spouse means an individual who has been listed in the Department of Veterans Affairs' (VA) Veterans Benefits Administration (VBA) database of veterans and family members. To be eligible for inclusion in the VetBiz.gov VIP database, the following conditions must apply:

(1) If the death of the veteran causes the small business concern to be less than 51 percent owned by one or more service-disabled veterans, the surviving spouse of such veteran who acquires ownership rights in such small business shall, for the period described below, be treated as if the surviving spouse were that veteran for the purpose of maintaining the status of the small business concern as a service-disabled veteran-owned small business.

(2) The period referred to above is the period beginning on the date on which the veteran dies and ending on the earliest of the following dates:

(i) The date on which the surviving spouse remarries;

(ii) The date on which the surviving spouse relinquishes an ownership interest in the small business concern;

(iii) The date that is 10 years after the date of the veteran's death; or

(iv) The date on which the business concern is no longer small under federal small business size standards.

(3) The veteran must have had a 100 percent service-connected disability rating or the veteran died as a direct result of a service-connected disability.

VA means the Department of Veterans Affairs.

VAAR means the Department of Veterans Affairs Acquisition Regulation.

VA Information Security Rules of Behavior for Organizational Users/VA National Rules of Behavior means a set of VA rules that describes the responsibilities and expected behavior of users of VA information or information systems.

VA Rule of Two means the determination process mandated in 38 U.S.C. 8127(d)(1) whereby a contracting officer of the Department shall award contracts on the basis of competition restricted to small business concerns owned and controlled by veterans if the contracting officer has a reasonable expectation that two or more small business concerns owned and controlled by Veterans will submit offers and that the award can be made at a fair and reasonable price that offers best value to the United States. For purposes of this VA specific rule, a service-disabled veteran-owned small business (SDVOSB) or a veteran-owned small business (VOSB), must meet the eligibility requirements in 38 U.S.C. 8127(e), (f) and VAAR 819.7003 and be listed as verified in the Vendor Information Pages (VIP) database.

VA sensitive information means all VA data, on any storage media or in any form or format, which requires protection due to the risk of harm that could result from inadvertent or deliberate disclosure, alteration, or destruction of the information and includes sensitive personal information. The term includes information where improper use or disclosure could adversely affect the ability of VA to accomplish its mission, proprietary information, records about individuals requiring protection under various confidentiality provisions such as the Privacy Act and the HIPAA Privacy Rule, and information that can be withheld under the Freedom of Information Act. Examples of VA sensitive information include the following: individually-identifiable medical, benefits, and personnel information; financial, budgetary, research, quality assurance, confidential commercial, critical infrastructure, investigatory, and law enforcement information; information that is confidential and privileged in litigation such as information protected by the deliberative process privilege, attorney work-product privilege, and the attorney-client privilege; and other information which, if released, could result in violation of law or harm or unfairness to any individual or group, or could adversely affect the national interest or the conduct of Federal programs.

Vendor Information Pages (VIP) or VIP database means the Department of Veterans Affairs Office of Small and Disadvantaged Business Utilization (OSDBU) Center for Verification and Evaluation (CVE) Vendor Information Pages (VIP) database at https://www.vetbiz.va.gov/vip/. This site's database lists businesses that VA CVE has determined eligible for the Veterans First Contracting Program.

Veteran-owned small business (VOSB) has the same meaning as veteran-owned small business concern defined in FAR 2.101, except that for acquisitions authorized by 38 U.S.C. 8127 and 8128 for the Veterans First Contracting Program, these businesses must be listed as verified in the VIP database. SDVOSBs, including businesses whose SDVOSB status derive from ownership and control by a surviving spouse, are also considered VOSBs, as long as they are listed as eligible in VIP.

Veterans First Contracting Program means the program authorized by Public Law 109-461 (38 U.S.C. 8127 and 8128), as implemented in subpart 819.70. This program applies to all VA contracts (see FAR 2.101 for the definition of contracts) as well as Blanket Purchase Agreements (BPAs), Basic Ordering Agreements (BOAs), and orders against the Federal Supply Schedules (FSS), unless otherwise excluded by law.

VISN means Veterans Integrated Service Network, an integrated network of VA facilities that are focused on pooling and aligning resources to best meet local needs in the most cost-effective manner and provide greater access to care.