Credit Card Devices and Software Upgrade Services

The vendor is required to provide credit card processing devices and associated software to ensure compliance with PCI requirements, improve operational efficiency, and enhance patient payment experience.
- Technical specifications
• Current network and infrastructure and operating software
o Devices currently rely on USB connections to windows 10/11 workstations and are not wired ethernet or wi-fi enabled.
• Current devices in use
o The current deployment includes approximately 850 devices, including the SREDKey, and limited-use sredkey2 models.
• Current integration with epic
o Existing integrations utilize middleware or APIS for payment workflows within epic hyperspace. integration varies between clinical and non-clinical environments (e.g., epic).
• Desired device capabilities
o Tap-to-pay (NFC), chip (EMV), manual entry, and magstripe transactions
o Apple pay, google pay, and other mobile wallets
o Minimum five (5)-year lifecycle support and firmware update capabilities
• Required infrastructure and software
o Required infrastructure for example: wired ethernet, wi-fi, or USB device support
o Any middleware or software components
o Device management tools, remote update capabilities, and security protocols
• Required integrations
o Epic hyperspace (clinical workflows)
o Merchant processor (Wells Fargo)
o Enterprise finance systems for reconciliation
o PCI-compliant encryption and tokenization services
• USB configuration requirements
o Supported USB interface standards (e.g., usb 2.0/3.0)
o Driver and software dependencies for workstation-based connections
o Encryption and security protocols for USB-connected data transfers
• Wired ethernet requirements
o Network configuration requirements (e.g., static IP vs. DHCP)
o VLAN tagging, firewall exceptions, and port requirements
o Remote configuration and device monitoring capabilities over the network
• Wi-Fi connectivity requirements
o Supported wireless standards (e.g., 802.11ac/n)
o Authentication protocol support (e.g., wpa2-enterprise)
o Device behavior during network interruptions or handoffs
• Software and management tools
o Any required middleware or applications to enable integration with epic or payment gateways
o Device management platform features, including remote software and firmware updates, diagnostics, and asset tracking
o Logging and audit capabilities aligned with PCI DSS requirements
• Security compliance
o End-to-end encryption, tokenization, and secure boot processes
o Compliance with PCI DSS v4.0 and support for maintaining ongoing compliance through configuration and update management
• Epic integration
o Certified or proven compatibility with epic hyperspace workflows
o Ability to initiate and process payments directly within epic modules (e.g., prelude, resolute)
o Support for device mappings and epic workstation configuration best practices
o Middleware or API-based communication as required for epic integration
• Banking and payment processor integrations
o Full compatibility with current merchant services vendors
o Ability to support tokenization and point-to-point encryption (p2pe)
o Support for reconciliation and reporting workflows required by finance and revenue cycle operations
o Direct routing of transactions through established merchant acquirers and banking relationships
• Security and compliance frameworks
o Real-time or batch integration with enterprise financial systems for transaction records
- Qualitative specifications
• Post-implementation support model
o Dedicated support contacts, available customer service channels (phone, email, online portal)
o Onboarding and training resources
o Helpdesk, ticketing, or escalation procedures and account management contacts
o Hours of operation, including support for nights, weekends, and holidays
o Onsite vs. remote support capabilities
• Service level agreements (SLAS)
o Device uptime, average response and resolution times
o Monitoring and proactive support (if available)
o Priority level definitions and triage processes
o Uptime guarantees for connected devices
• Warranties and guarantees
o Warranty duration and coverage for both hardware and software components
o Replacement process and timelines for defective or failed equipment
o Coverage for software bugs or failures post-deployment
o Availability of extended warranty or service plan options
• Vendor relationship expectations
o Commitment to long-term customer satisfaction and relationship management
o Flexibility and responsiveness to changes in scope or operational needs
o Experience working within healthcare or similarly regulated environments
o Training and onboarding resources available to staff
o Use of customer satisfaction tracking tools and feedback mechanisms
o Relevant case studies or references from comparable healthcare organizations
o Commitment to sustainability, security best practices, and accessible product design
• Procurement and sourcing transparency
o Vendors must clearly identify how and where proposed devices are sourced
o Indicate whether the devices must be procured exclusively through the vendor or a third-party partner.
o Disclose any restrictions that would prevent the university from sourcing identical devices through alternate channels
o Outline how the vendor ensures pricing transparency and prevents procurement conflicts
• Environmental compatibility
o Existing workstation configuration (e.g., windows 10/11, USB connection)
o Epic hyperspace integration standards
o PCI-compliant security and encryption requirements
o Support for the university's network and authentication protocols.
- Contract Period/Term: 3 years
- Questions/Inquires Deadline: July 1, 2025