Vendors
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property | Faculty |
Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training
Policy No.: 6063
Effective Date: 03/17/03
Revised Date:
Revised Date:
Vendor Policy
Basis for Policy
Vendors and sales representatives play an important role as providers of information and services to UNMC. Vendors are guests at UNMC and shall conduct their business in accordance with good business practices.
Policy
Departments shall not provide vendors access to any confidential information, including patient information (protected health information or “PHI”) and proprietary information, unless the information is necessary to perform services on behalf of UNMC. A business associate agreement or addendum must be signed prior to any service performed (see UNMC Policy No. 8009, Contracts and Business Associate Agreements and Addendums Procedures).
Purpose
- Identify vendors as visitors who are present in UNMC facilities for a legitimate business purpose
- Prohibit disclosure of confidential patient and proprietary information to vendors unless the information is necessary to perform services on behalf of UNMC as defined by the business associate agreement/addendum
Definitions
Protected Health Information (PHI)
Individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:
- is created or received by UNMC; and
- relates to the past, present or future physical or mental health or condition of an Individual; the provision of health care to an Individual; or the past, present or future payment for the provision of health care to an Individual and identifies the Individual or with respect to which there is a reasonable basis to believe the information can be used to identify the Individual.
PHI includes genetic information, which includes information about:
- an Individual’s genetic tests;
- the genetic tests of an Individual’s family members; or
- the manifestation of a disease or disorder in such Individual’s family members (i.e., family medical history).
PHI excludes:
- individually identifiable health information of a person who has been deceased for more than fifty (50) years.
- education records covered by the Family Educational Rights and Privacy Act (FERPA); and
- employment records held by UNMC in its role as employer.
Vendor Any supplier or sales representative offering or providing services, supplies, or equipment to UNMC, its patients and healthcare providers practicing at UNMC.
Additional information
- Contact the Chief Compliance Officer
- Contact the Assistant Vice Chancellor for Business and Finance
- See UNMC Policy No. 8009, Contracts
- See Business Associate Agreements and Addendums Procedures
This page maintained by dkp