From University of Nebraska Medical Center
Jump to: navigation, search
Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property

Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training



Vendor Policy

NOTE: These guidelines are provided to assist UNMC workforce, including those in the patient treatment areas of the Munroe-Meyer Institute, the College of Medicine Optical Shop, the Lions Eye Bank and the College of Dentistry, as applicable, comply with HIPAA regulations. Those departments and clinics which fall under the jurisdiction of The Nebraska Medical Center and/or University Medical Associates should consult the policies and procedures of those entities for authoritative guidance.

Basis for Policy

Vendors and sales representatives play an important role as providers of information and services to UNMC. Vendors are guests at UNMC and shall conduct their business in accordance with good business practices.


Departments shall not provide vendors access to any confidential information, including patient information (protected health information or “PHI”) and proprietary information, unless the information is necessary to perform services on behalf of UNMC. A business associate agreement or addendum must be signed prior to any service performed (see UNMC Policy No. 8009, Contracts and Business Associate Agreements and Addendums Procedures).


  • Identify vendors as visitors who are present in UNMC facilities for a legitimate business purpose
  • Prohibit disclosure of confidential patient and proprietary information to vendors unless the information is necessary to perform services on behalf of UNMC as defined by the business associate agreement/addendum


Protected Health Information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:

  • is created or received by UNMC; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record.

Protected health information excludes education records covered by the Family Educational Rights and Privacy Act (FERPA), and employment records held by UNMC in its role as employer.

Vendor. Any supplier or sales representative offering or providing services, supplies, or equipment to UNMC, its patients and healthcare providers practicing at UNMC.

For additional information, please contact the Compliance Officer or the Director, Business Services, or see UNMC Policy No. 8009, Contracts and Business Associate Agreements and Addendums Procedures.

Contract Signature Authority Table / Business Partner Agreement or Addendum / Business Associate Agreements and Addendums Procedures

This is a new UNMC Policy. This page updated on dkp.