Bidders to provide comprehensive language access services to support MSDH across public Health programs.
Project Information
- Bid Title
- Bidders to provide comprehensive language access services to support MSDH across public Health programs.
- Issuing Agency
- State Government of Mississippi
- Location
- Mississippi
- Published Date
- Jun 10, 2026
- Closing Date
- Jul 1, 2026
- Government Level
- State & Local
- Status
- Closed
- Ref. #
- 1301-26-R-IFBD-00071
- Original Source
- Join to Access Full Details
- Bid Inquiries
- Join to Access Full Details
- Bid Documents
- Join to Access Full Details
- Project Description
-
Procurement Details
Smart Number 1301-26-R-IFBD-00071 Advertised Date 06/10/2026 10:00 AM RFx # 3160008084 Submission Date 07/01/2026 2:00 PM RFx Status Open Major Procurement Category PERSONNEL SERVICES NON-IT RFx Opening Date 07/01/2026 2:00 PM Sub Procurement Category PERSONNEL SERVICE - NON-TECHNOLOGY RFx Type Invitation for Bid Agency MS DEPT OF HEALTH RFx Description Bidders to provide comprehensive language access services to support MSDH across public Health programs.
Contact InformationName Patricia Slack Email PATRICIA.SLACK@MSDH.MS.GOV Phone 6013593225 Fax
RFx ItemsPRODUCT CATEGORY PRODUCT DESCRIPTION 96146 Serv MiscNo1InterFrn
AwardedVENDOR NAME VENDOR NUMBER AWARD DATE AWARD AMOUNT FUNDING SOURCE
Bid Attachments
- Attachment Preview
-
MISSISSIPPI STATE DEPARTMENT OF HEALTHBUSINESS ASSOCIATE AGREEMENTThis Business Associate Agreement is entered into by and between the Mississippi State Department ofHealth (“MSDH”) the Covered Entity and(“Business Associate”), hereinafter referred to as the Parties, and modifies any other prior existingagreement or contract for this purpose. In consideration of the mutual promises below and the exchangeof information pursuant to this Agreement and in order to comply with all legal requirements for theprotection of this information, the Parties therefore agree as follows:I. RECITALSa.MSDH is a state agency with a principal place of business at 570 East Woodrow Wilson,Jackson, MS 39215b. Business Associate is a corporation qualified to do business in Mississippi that will act toperform business services for MSDH with a principal place of business at.c.This Business Associate Agreement (“Agreement”) is entered into pursuant to the HealthInsurance Portability and Accountability Act (“HIPAA”) of 1996, as amended by the GeneticInformation Nondiscrimination Act (“GINA”) of 2008 and the Health Information Technologyfor Economic and Clinical Health Act (“HITECH Act”), Title XIII of Division A,and Title IV of Division B of the American Recovery and Reinvestment Act (“ARRA”) of 2009,and its implementing regulations, including, but not necessarily limited to, 45 C.F.R. Part 160, and45 C.F.R. Part 164 Subparts A and C (“Security Rule”), and 45 C.F.R. Part 160 Subparts A and E(“Privacy Rule”). These statutes and regulations are hereinafter collectively referred to as HIPAA.MSDH, as a covered entity, is required to enter into this Agreement to obtain satisfactoryassurances that Business Associate will comply with and appropriately safeguard all ProtectedHealth Information (“PHI”) Used, Disclosed, created, or received by Business Associate on behalfof MSDH. Certain provisions of HIPAA and its implementing regulations apply to BusinessAssociate in the same manner as they apply to MSDH, and such provisions must be incorporatedinto this Agreement.d. MSDH desires to engage Business Associate to perform certain functions for, or on behalf of,MSDH involving the Disclosure of PHI by MSDH to Business Associate, or the creation or Use ofPHI by Business Associate on behalf of MSDH, and Business Associate desires to perform suchfunctions, as set forth in the Underlying Agreement(s) which involve the exchange of information,and wholly incorporated herein.II. DEFINITIONSa. “Breach” shall mean the acquisition, access, Use or Disclosure of PHI in a manner notpermitted by the Privacy Rule which compromises the security or privacy of the PHI,and subject to the exceptions set forth in 45 C.F.R. § 164.402.b. “Business Associate” shall mean,including all workforce members, representatives, agents, successors, heirs, and permittedassigns.MSDH BAAPage 1 of 14Form 1063Rev. February 2026c. “Covered Entity” shall mean the Mississippi State Department of Health, an agency of the Stateof Mississippi.d. “Data Aggregation” shall have the same meaning as the term “Data aggregation” in 45 C.F.R.§164.501.e.“Designated Record Set” shall have the same meaning as the term “Designated Record Set” in45 C.F.R. §164.501.f.“Disclosure” shall have the same meaning as the term “Disclosure” in 45 C.F.R. § 160.103.g. “MSDH” shall mean the Mississippi State Department of Health, an agency of the State ofMississippi.h. “Individual” shall have the same meaning as the term “Individual” in 45 C.F.R. § 160.103 andshall include a person who qualifies as a personal representative in accordance with 45C.F.R. § 164.502(g).i.“Privacy Officer” shall mean the person designated by MSDH to oversee its implementation ofand compliance with HIPAA.j.“Privacy Rule” shall mean the Standards for Privacy of Individually Identifiable HealthInformation at 45 C.F.R. Parts 160 and 164, Subparts A and E.k. “Protected Health Information” or “PHI” shall have the same meaning as the term “Protectedhealth information” in 45 C.F.R. § 160.103, limited to the information created or received byBusiness Associate from or on behalf of MSDH.l.“Qualified Service Organization” shall have the same meaning as defined in 42 CFR § 2.11.m. “Required by Law” shall have the same meaning as the term “Required by law” in 45 C.F.R.§ 164.103.n. “Secretary” shall mean the Secretary of the Department of Health and Human Services orhis/her designeeo. “Security Incident” shall have the same meaning as the term “Security incident” in 45 C.F.R.§164.304.p. “Security Rule” shall mean the Security Standards for the Protection of Electronic ProtectedHealth Information at 45 C.F.R. Parts 160 and 164, Subparts A and C.q. “Standard” shall have the same meaning as the term “Standard” in 45 C.F.R. § 160.103.r.“Underlying Agreement” shall mean any applicable Memorandum of Understanding (“MOU”),agreement, contract, or any other similar device, and any proposal or Request for Proposal(“RFP”) related thereto and agreed upon between the Parties, entered into between MSDH andBusiness Associate. Under this Business Associate Agreement, “Underlying Agreement” shall.refer to the following:MSDH BAAPage 2 of 14Form 1063Rev. February 2026s. “Unsecured Protected Health Information” shall have the same meaning as the term“Unsecured protected health information” in 45 C.F.R. § 164.402.t.“Use” shall have the same meaning as the term “Use” in 45 C.F.R. § 160.103u. “Violation” or “Violate” shall have the same meaning as the terms “Violation” or “Violate” in 45C.F.R. § 160.103.All other terms not defined herein shall have the meanings assigned in HIPAA and its implementingregulations.III. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATEa.Business Associate agrees to not Use or Disclose PHI other than as permitted or required by thisAgreement and the Underlying Agreement(s), or as Required by Law.b.Business Associate agrees to utilize appropriate safeguards and comply, where applicable,with the HIPAA Privacy and Security Rules, to prevent Use or Disclosure of the PHI otherthan as permitted or provided for by this Agreement and shall: (i) implement administrative,physical, and technical safeguards that reasonably and appropriately protect theconfidentiality, integrity, and availability of Protected Health Information and ElectronicProtected Health Information that Business Associate creates, receives, maintains, or transmitson behalf of MSDH; (ii) ensure that any subcontractor to whom Business Associate providessuch information agrees to implement reasonable and appropriate safeguards to protect it; and(iii) report to MSDH any Security Incident of which Business Associate becomes aware.c.Business Associate shall implement and maintain a comprehensive written informationsecurity program that:- Is aligned with NIST SP 800-53 Rev. 5 Moderate baseline controls, including but not limitedto the Access Control (AC), Identification and Authentication (IA), Audit and Accountability(AU), System and Communications Protection (SC), Risk Assessment (RA), and IncidentResponse (IR) control families.- Incorporates administrative, technical, and physical safeguards consistent with HIPAA, theHITECH Act, and Zero Trust Architecture principles.- Is reviewed at least annually and updated based on risk assessments, emerging threats, andregulatory changes.d. Business Associate shall implement and enforce the Principle of Least Privilege, ensuringthat workforce members, systems, applications, and automated processes are granted only theminimum access necessary to perform authorized functions.- Access rights shall be:o Approved through documented authorization procedureso Reviewed at least quarterlyo Immediately revoked upon termination or role changeo Technically enforced through centralized access control mechanisms.e.Business Associate shall implement:MSDH BAAPage 3 of 14Form 1063Rev. February 2026- Role-Based Access Control (RBAC) to ensure access to PHI is provisionedbased on defined job roles and responsibilities.- Attribute-Based Access Control (ABAC) or equivalent dynamic access controlswhere appropriate, incorporating contextual attributes such as:o User Roleo Device trust levelo Geographic locationo Time of accesso Risk score or authentication strength- Access decisions shall be centrally managed and logged.f.Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is knownto Business Associate of a Use or Disclosure of PHI by Business Associate in Violation of therequirements of this Agreement and/or state or federal laws and regulations.g. Breaches and Security Incidents. During the term of this Agreement, Business Associateagrees to implement reasonable systems for the discovery and prompt reporting of any actual orsuspected Breach or Security Incident. Business Associate agrees to take the following steps:Notice to MSDH. (1) To notify their MSDH Point-of-Contact, MSDH IT Security Officer andMSDH Privacy Officer without unreasonable delay, and no later than five (5) days afterdiscovery, by telephone call and email or registered or certified mail upon the discovery ofan actual or suspected Breach of Unsecured PHI in electronic media or in any other media. (2)To notify their MSDH Point-of-Contact, MSDH IT Security Officer and MSDH Privacy Officerwithout unreasonable delay, and no later than five (5) days after discovery, by telephonecall and email or registered or certified mail of any actual or suspected Security Incidentaffecting this Agreement, including but not limited to an actual or suspected Security Incidentthat involves data provided to MSDH by the Social Security Administration. A Breach orSecurity Incident shall be treated as discovered by Business Associate as of the first day onwhich the Breach or Security Incident is known, or by exercising reasonable diligence wouldhave been known, to any person (other than the person committing the Breach or SecurityIncident) who is a workforce member, officer, or other agent of Business Associate.The notification shall include, to the extent possible and subsequently as the information becomesavailable, a reasonably detailed description of the actual or suspected Breach or Security Incident,the identification of all Individuals whose Unsecured PHI is reasonably believed by BusinessAssociate to have been affected by the Breach or Security Incident along with any other availableinformation that is required to be included in the notification to the Individual, HHS and/or themedia, all in accordance with the data breach notification requirements set forth in 42 U.S.C. §17932 and 45 C.F.R. Parts 160 and 164, Subparts A, D, and E, or any other applicable notificationrequirements.Upon discovery of an actual or suspected Breach or Security Incident, Business Associate shalltake:- Prompt corrective action to mitigate any risks or damages involved with the Breach orSecurity Incident and to protect the operating environment; andMSDH BAA- Any action pertaining to such unauthorized Disclosure required by applicable Federaland State laws and regulations.Page 4 of 14Form 1063Rev. February 2026Investigation. To immediately investigate any such actual or suspected Breach or SecurityIncident upon discovery in order to determine if the actual or suspected Breach or SecurityIncident is a Violation of any applicable federal or state laws or regulations, and to submitupdated information by email or registered or certified mail, as it becomes available, to theMSDH IT Security Officer and MSDH Privacy Officer.Complete Report. To provide a complete written report by email or registered or certified mail ofthe investigation to the MSDH IT Security Officer and MSDH Privacy Officer within ten (10)working days of the discovery of any actual or suspected Breach or Security Incident. The reportshall include:- the identification of each Individual whose PHI was or is believed to have beeninvolved;- a reasonably detailed description of the types of PHI involved; and- a full, detailed corrective action plan, including information on measures that weretaken to halt and/or contain any suspected or actual Breach of security, intrusion orunauthorized Use or Disclosure.If MSDH requests information in addition to that provided in the written report, BusinessAssociate shall make reasonable efforts to provide MSDH with such information. If necessary, asupplemental report may be utilized to submit revised or additional information after thecompleted report is submitted.Notification of Individuals. If the cause of an actual Breach of PHI is attributable to BusinessAssociate or its subcontractors, agents or vendors, Business Associate shall notify each Individualof the Breach when notification is required under state or federal law and shall pay any costs ofsuch notifications, as well as any costs associated with the Breach. The notifications shall complywith the requirements set forth in 42 U.S.C. § 17932 and its implementing regulations. TheMSDH IT Security Officer and MSDH Privacy Officer shall approve the time, manner, andcontent of any such notifications and their review and approval must be obtained before thenotifications are made.Responsibility for Reporting of Breaches. If the cause of a Breach of PHI is attributable toBusiness Associate or its agents, subcontractors, or vendors, and Business Associate is a coveredentity as defined under HIPAA and the HIPAA regulations, Business Associate is responsible forall required reporting of the Breach as specified in 42 U.S.C. § 17932 and its implementingregulations, including notification to media outlets and to the Secretary of the U.S. Department ofHealth and Human Services. If Business Associate has reason to believe that duplicate reportingof the same Breach or Security Incident may occur because its subcontractors, agents or vendorsmay report the Breach or Security Incident to MSDH in addition to Business Associate, BusinessAssociate shall notify MSDH, and MSDH and Business Associate may take appropriate action toprevent duplicate reporting. The Breach reporting requirements of this paragraph are in addition tothe reporting requirements set forth above.h.Business Associate agrees to ensure that any subcontractors that create, receive, maintain, ortransmit PHI on behalf of the Business Associate agree to the same restrictions and conditionsthat apply to the Business Associate with respect to such information, all in accordance with 45C.F.R. §§ 164.308 and 164.502.i.If Business Associate stores, processes, or transmits MSDH data in cloud environments:MSDH BAAPage 5 of 14Form 1063Rev. February 2026
- Commodity Codes
-
- NAICS 541512Computer Systems Design Services
- NAICS 541611Administrative Management and General Management Consulting Services
- NAICS 541990All Other Professional, Scientific, and Technical Services
* Disclaimer: Government BidHub provides information on bids, RFPs (Requests for Proposals), and RFQs (Requests for Qualifications) solely for convenience and informational purposes. This site is not an official public notice board. For official details, responses, or inquiries, please contact the relevant government agency directly.
Empower Your Bidding Strategy
Unlock Government BidHub's unparalleled access to high-quality, tailored bid information.
- Access an extensive database of bids, including comprehensive local and state opportunities.
- Receive customized alerts for the bids that matter most to your business.
- Explore detailed specifications to ensure precise and competitive submissions.
- Gain a competitive edge with up-to-date information and exclusive opportunities.
See Also
Procurement Details Smart Number 1301-26-R-IFBD-00074 Advertised Date 06/30/2026 10:30 AM RFx # 3160008132
State Government of Mississippi
Bid Due: 7/27/2026
Contractor to provide occupat...
Procurement Details Smart Number 3374-26-R-RFIN-00016 Advertised Date 06/30/2026 12:00 AM RFx # 3150006898
State Government of Mississippi
Bid Due: 7/16/2026