Contracts: Difference between revisions
No edit summary |
Mhurlocker (talk | contribs) |
||
(74 intermediate revisions by 3 users not shown) | |||
Line 14: | Line 14: | ||
<td style="border-bottom:2px solid #A3B1BF" width="3"> </td> | <td style="border-bottom:2px solid #A3B1BF" width="3"> </td> | ||
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Intellectual Property]]</td> | <td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Intellectual Property]]</td> | ||
<td style="border-bottom:2px solid #A3B1BF" width="3"> </td> | |||
<td style="padding:0.5em; background-color:#e5e5e5; font-size:90%; line-height:0.95em; border:1px solid #A3B1BF; border-bottom:solid 2px #A3B1BF" width="20">[[Faculty]]</td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
<br /> | <br /> | ||
[[Compliance Program]] | [[Compliance Hotline]] | [[Investigations by Third Parties]] | [[Research Integrity | [[Compliance Program]] | [[Compliance Hotline]] | [[Investigations by Third Parties]] | [[Research Integrity]] | [[Export Control]] | [[Code of Conduct]] | [[Use of Human Anatomical Material]] | [[Clinical Research and Clinical Trial Professional and Technical Fee Billing]] | [[Contracts]] | [[Conflict of Interest]] | [[Red Flag Identity Theft Prevention Program]] | [[Principles of Financial Stewardship]] | [[Human Tissue Use and Transfer]] | [[Disclosing Foreign Support and International Activities]] | [[Health Care Vendor Interactions]] | [[Credit Hour Definition]] | [[Whistleblower]] | [[Electronic Digital Signatures and Records]]<br /> | ||
<br /><br /> | <br /> | ||
Policy No.: '''8009'''<br /> | |||
Effective Date: '''11/01/06'''<br /> | |||
Revised Date: '''07/09/24'''<br /> | |||
Reviewed: '''07/09/24'''<br /> | |||
<br /> | |||
<big>'''Contracts Policy'''</big> | |||
== Basis for Policy == | == Basis for Policy == | ||
The purpose of this policy is to provide guidance on who is authorized to sign contracts on behalf of the University of Nebraska Medical Center and to make clear that individuals must have specific authority, as delegated in [https://nebraska.edu/offices-policies/policies Board of Regents Policy], in [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/delegation-of-administrative-authority-to-approve-certain-personnel-actions.pdf Executive Memorandum No. 13] and [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/delegation-of-administrative-authority-to-approve-certain-types-of-university-contracts.pdfExecutive Memorandum No. 14], and as specifically provided for in the UNMC Contract Signature Authority Tables ([https://wiki.unmc.edu/images/8/83/UNMC_Exec.Memo.13_Signature_Authority.pdf Executive Memorandum 13 Contract Signature Authority] by position, [https://wiki.unmc.edu/index.php/Executive_Memo_14 Executive Memorandum 14 Contract Signature Authority] by position) to sign such contracts. . In addition, the purpose of this policy is to address the use of electronic and digital signatures in contracts. | |||
==Policy== | |||
==Policy== | |||
=== Written Agreements Required === | === Written Agreements Required === | ||
Written contracts are required, and all contracts shall be entered into by the Board of Regents of the University of Nebraska, a public body corporate, on behalf of the University of Nebraska Medical Center. | |||
<br /> | |||
<br /> | '''Delegation of Signature Authority''' | ||
{| class="wikitable" | Pursuant to University of Nebraska Executive Memorandum No. 14, the President has delegated authority to each Chancellor to approve specific types of contracts described in Section 4 of RP -6.3.1. Pursuant to University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/delegation-of-administrative-authority-to-approve-certain-personnel-actions.pdf Executive Memorandum No. 13] and [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/delegation-of-administrative-authority-to-approve-certain-types-of-university-contracts.pdf Executive Memorandum No. 14], the Chancellor may further delegate contract signature authority. Individuals with the authority to sign contracts on behalf of UNMC are listed in the UNMC [https://wiki.unmc.edu/images/8/83/UNMC_Exec.Memo.13_Signature_Authority.pdf Executive Memorandum 13 Contract Signature Authority] and UNMC [https://wiki.unmc.edu/index.php/Executive_Memo_14 Executive Memorandum 14 Contract Signature Authority] Tables. No individual shall sign a contract on behalf of the University of Nebraska Medical Center unless having specifically been delegated the authority to do so. | ||
| | ===Electronic and Digital Signatures=== | ||
====Contractually Binding Signatures Governed by Executive Memoranda No. 13 and No. 14==== | |||
UNMC employees delegated signature authority through Executive Memoranda No. 13 and No. 14 shall utilize UNMC approved digital and electronic signatures in compliance with the [https://nebraskalegislature.gov/laws/statutes.php?statute=86-611 Nebraska Digital Signatures Act] or the Uniform Electronic Transactions Act [https://nebraskalegislature.gov/laws/statutes.php?statute=86-612 Neb. Rev. Stat. § 86-612 ''et seq''.]. <br /> | |||
Internal documents, meaning documents signed between UNMC employees for purposes of internal UNMC business, may be executed with wet signatures, exchanged via email or via electronic or digital signature.<br /> | |||
Contracts with parties external to UNMC should be signed via DocuSign. DocuSign is the current technology utilized by UNMC through an agreement with Nebraska Medicine (software license holder).<br /> | |||
Access to DocuSign requires the submission of the proposed use case by the UNMC department and approval by the Assistant Vice Chancellor for Business and Finance. There are four (4) approved use cases:<br /> | |||
*'''Level 1''' contracts that a signatory listed in Executive Memorandum No. 13 or 14 acting as a University Authorized Party will execute. | |||
*'''Level 2''' research participant e-consents (when DocuSign requires the sponsor to contractually require use and the research is NOT subject to FDA regulations). | |||
*'''Level 3''' non-binding signatures (internal forms/internal approvals). | |||
*'''Level 4''' employment offer letters or designated Human Resource forms that are routed to a third party. | |||
Use case applications can encompass multiple levels if the DocuSign envelope creators are tasked with multiple uses of DocuSign.<br /> | |||
Audits of DocuSign activity are performed periodically to ensure that envelope creators are using DocuSign in compliance with the approved use case application. Use of DocuSign for unapproved use cases can result in the removal of access.<br /> | |||
Please refer to Standard Operating Procedures No. [https://info.unmc.edu/management/finance/business_services/SOP_8009_1_Digital_Signatures_Docusign.pdf 8009.1] for additional information. | |||
===Executive Memorandum No. 14=== | |||
{| class="wikitable" | |||
|- | |||
!Category!! Authorities | |||
|- | |||
| RESEARCH CONTRACTS, meaning federal awards, research grants and contracts and externally funded research related projects|| Sponsored Programs Administration, 402-559-7456, https://www.unmc.edu/spa/about/contact.html | |||
Authorized Organization Representative and [mailto:ckratoch@unmc.edu Associate Vice Chancellor for Clinical Research] | |||
UNeHealth, https://www.unmc.edu/spa/clinical-trials/unehealth/ | |||
Clinical Research Center, https://www.unmc.edu/cctr/resources/crc/index.html | |||
|- | |||
| PURCHASES OF GOODS AND SERVICES || Procure to Pay, [mailto:contracts@nebraska.edu contracts@nebraska.edu] | |||
|- | |||
| LICENSED TECHNOLOGY || UNeMed, 402-559-3274, https://www.unemed.com/contact-us/staff-directory | |||
|- | |- | ||
| | | BUSINESS FUNCTIONS || Business and Finance | ||
When UNMC is expending funds or procuring goods or services: Procure to Pay, [mailto:contracts@nebraska.edu contracts@nebraska.edu] | |||
When UNMC is receiving revenue: 402-559-5221, [mailto:alamer@unmc.edu Amy Lamer, Business Services, Risk Management Specialist] and copy [mailto:mhrncirik@unmc.edu Assistant Vice Chancellor for Business and Finance] | |||
Stewardship and management of resources issues: [mailto:mhrncirik@unmc.edu Assistant Vice Chancellor for Business and Finance and Controller], 402-559-5837 | |||
|- | |- | ||
| | | ACADEMIC AGREEMENTS || Academic Affairs, 402-559-5130, https://info.unmc.edu/policies/academicaffairs/affiliation-agreements.html, https://www.unmc.edu/academicaffairs/, https://www.unmc.edu/academicaffairs/about/index.html | ||
|- | |- | ||
| All Others || See Contract Signature Authority Tables: [https://wiki.unmc.edu/images/8/83/UNMC_Exec.Memo.13_Signature_Authority.pdf Executive Memorandum 13 Contract Signature Authority] by position and | |||
[https://wiki.unmc.edu/index.php/Executive_Memo_14 Executive Memorandum 14 Contract Signature Authority] by position | |||
|} | |} | ||
=== | Direct any questions related to the Contract Signature Authority to the [mailto:sarah.glodencarlson@unmc.edu Chief Compliance Officer] at 402-559-9576. | ||
== | ===Contract Types and Signatories=== | ||
====Research Contracts==== | |||
In compliance with Federal regulations, an individual designated as Authorized Organization Representative (AOR) is the only official authorized to sign on behalf of the institution. Signature by the AOR signifies that the University agrees to comply with regulations and laws. Sponsored Programs Administration is the authorized signature official of UNMC for sponsored programs grants and contracts. | |||
<br /> | ====Expenditure Contracts==== | ||
=====Purchases of Goods and Services===== | |||
Procure to Pay (P2P) is responsible for contracts where University funds are spent. The Board of Regents Policies and Bylaws provide thresholds that trigger bidding requirements, signature authority and other requirements. Contracts for procurements utilizing state funding must be reported to the Nebraska State Contracts Database in accordance with the Nebraska Taxpayer Transparency Act [https://nebraskalegislature.gov/laws/statutes.php?statute=84-602.03 Neb. Rev. Stat. § 84-602.01 ''et seq.'']. P2P ensures that information security requirements are met for all purchases. | |||
====Licensed Technology==== | |||
[https://www.unemed.com/contact-us/staff-directory UNeMed] focuses on promoting the advancement and commercialization of UNMC technologies. UNeMed authorized signatories execute agreements such as material transfer agreements, confidentiality and nondisclosure agreements, and licensing agreements where rights to UNMC intellectual property are utilized. | |||
====Business Functions==== | |||
Agreements involving University stewardship, management of resources and revenue generating contracts are executed by authorized signatories in Business and Finance. | |||
====Academic Agreements==== | |||
[https://info.unmc.edu/policies/academicaffairs/affiliation-agreements.html Academic Affiliation Agreements] are required for all organizations accepting UNMC students and for all students who come to UNMC from other educational institutions for clinical or nonclinical experience [mailto:jobshadow@nebraskamed.com (Office of Health Professions Education)]. Academic Affiliation Agreements are approved by the [https://www.unmc.edu/academicaffairs/about/index.html Office of the Senior Vice Chancellor for Academic Affairs]. Contact your college representative responsible for drafting and negotiating Academic Affiliation Agreements or Academic Affairs at 402-559-5130 with questions. | |||
==Data Security/Protected Health Information== | |||
UNMC, as a party to an [https://www.unmc.edu/hipaa/about/affiliated-covered-entity-structure.pdf Affiliated Covered Entity Agreement (ACE)], is obligated to protect patient information under HIPAA. Any UNMC contract that involves the disclosure of protected health information (PHI) outside of UNMC and/or Nebraska Medicine must ensure that procedures and policies are followed to secure PHI. <br /> | |||
<br /> | <br /> | ||
When contracting outside of the ACE for software, equipment purchases or transfer of PHI electronically, a security review is required by [https://wiki.unmc.edu/index.php/Privacy/Information_Security Information Security]. | |||
==Protected Student Financial Information (PSFI)== | |||
== | [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf University of Nebraska Executive Memorandum No. 26] describes protections of Student Financial Information required under Gramm Leach Bliley Act (GLBA), and protection of credit card information received in the course of business. When an activity requires use of protected financial information under Executive Memorandum No. 26, a GLBA Addendum must be added to the contract (the Addendum is attached as an exhibit to Memorandum 26). | ||
==Business Associate Agreement/Addendum== | |||
A business associate relationship exists when a person/entity outside of the ACE performs a function or activity on behalf of the ACE that requires business associates to use or disclose protected health information (PHI) in order to perform the function. If a business associate relationship exists with no written contract, a business associate agreement must be signed. If there is an existing contract with the business associate, a business associate addendum must be added. The [https://www.unmc.edu/hipaa/forms/index.html Business Associate Agreement template] can be located at https://www.unmc.edu/hipaa/forms/index.html. Refer to the [https://www.unmc.edu/hipaa/forms/docs/wedi-ba-decision-tree-v2.pdf Business Associate Decision Tree] as needed. All Business Associates are required to implement all HIPAA Security Rule Safeguards. In the event that a vendor cannot meet a specific requirement of the [[Business Associate Agreements and Addendums Procedures|Business Associate Agreement or Addendums Procedure]], an exception can only be approved by the Vice Chancellor for Business, Finance and Business Development and the University’s Office of the Vice President and General Counsel. | |||
==Additional Information== | |||
*[mailto:sarah.glodencarlson@unmc.edu Chief Compliance Officer] | |||
*[mailto:mhrncirik@unmc.edu Assistant Vice Chancellor for Business and Finance] | |||
*Standard Operating Procedures No. [https://info.unmc.edu/management/finance/business_services/SOP_8009_1_Digital_Signatures_Docusign.pdf 8009.1] | |||
*[https://sos.nebraska.gov/licensing/digital-signatures-certification-authorites Digital Signatures Certification Authorities certified by the Nebraska Secretary of State] | |||
*[https://nebraskalegislature.gov/laws/statutes.php?statute=86-611 Nebraska Digital Signatures Act] | |||
*[https://nebraskalegislature.gov/laws/statutes.php?statute=86-612 Uniform Electronics Transactions Act] | |||
*[[Business Associate Agreements and Addendums Procedures]] | |||
[ | *[https://www.unmc.edu/hipaa/forms/index.html Business Associate Agreement template] | ||
== | *[https://info.unmc.edu/policies/academicaffairs/affiliation-agreements.html Academic Affiliation Agreements] | ||
*[https://nebraska.edu/docs/board/bylaws.pdf Section 6.4 of the Bylaws of the Board of Regents] of the University of Nebraska Board of Regents Policy on Administrative Approval of University Contracts ([https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/board-governing-documents/board-of-regents-policies.pdf RP – 6.3.1]) | |||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/delegation-of-administrative-authority-to-approve-certain-personnel-actions.pdf Executive Memorandum 13], Delegation of Administrative Authority to Approve Academic-Administrative Personnel Actions | |||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/delegation-of-administrative-authority-to-approve-certain-types-of-university-contracts.pdf Executive Memorandum 14], Delegation of Administrative Authority to Approve Certain Types of University Contracts, and Requirements for Submittal and Execution of Contracts Requiring Approval by the Board of Regents | |||
*University of Nebraska Executive Memorandum No. 26 [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/university-of-nebraska-information-security-plan.pdf Information Security Plan - Gramm Leach Bliley Compliance] | |||
*University of Nebraska [https://nebraska.edu/-/media/unca/docs/offices-and-policies/policies/executive-memorandum/hipaa-compliance-policy.pdf Executive Memorandum No. 27], HIPAA Compliance Plan | |||
*[http://www.gpo.gov/fdsys/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf Health Insurance Portability and Accountability Act of 1996] (HIPAA) [45 CFR §164.502(e)(1)] | |||
*[http://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf Gramm-Leach-Bliley Act](GLBA) 12 CFR §225.28] | |||
*Contract Signature Authority Tables | |||
**[https://wiki.unmc.edu/images/8/83/UNMC_Exec.Memo.13_Signature_Authority.pdf Executive Memorandum 13 Contract Signature Authority] by position | |||
**[https://wiki.unmc.edu/index.php/Executive_Memo_14 Executive Memorandum 14 Contract Signature Authority] by position | |||
*IRS Publication [http://www.irs.gov/pub/irs-pdf/p15a.pdf 15-A] | |||
[ | |||
[http:// | |||
This page maintained by [mailto:mhurlocker@unmc.edu mh]. | |||
This page maintained by [mailto: |
Latest revision as of 13:06, July 26, 2024
Human Resources | Safety/Security | Research Compliance | Compliance | Privacy/Information Security | Business Operations | Intellectual Property | Faculty |
Compliance Program | Compliance Hotline | Investigations by Third Parties | Research Integrity | Export Control | Code of Conduct | Use of Human Anatomical Material | Clinical Research and Clinical Trial Professional and Technical Fee Billing | Contracts | Conflict of Interest | Red Flag Identity Theft Prevention Program | Principles of Financial Stewardship | Human Tissue Use and Transfer | Disclosing Foreign Support and International Activities | Health Care Vendor Interactions | Credit Hour Definition | Whistleblower | Electronic Digital Signatures and Records
Policy No.: 8009
Effective Date: 11/01/06
Revised Date: 07/09/24
Reviewed: 07/09/24
Contracts Policy
Basis for Policy
The purpose of this policy is to provide guidance on who is authorized to sign contracts on behalf of the University of Nebraska Medical Center and to make clear that individuals must have specific authority, as delegated in Board of Regents Policy, in Executive Memorandum No. 13 and Memorandum No. 14, and as specifically provided for in the UNMC Contract Signature Authority Tables (Executive Memorandum 13 Contract Signature Authority by position, Executive Memorandum 14 Contract Signature Authority by position) to sign such contracts. . In addition, the purpose of this policy is to address the use of electronic and digital signatures in contracts.
Policy
Written Agreements Required
Written contracts are required, and all contracts shall be entered into by the Board of Regents of the University of Nebraska, a public body corporate, on behalf of the University of Nebraska Medical Center.
Delegation of Signature Authority
Pursuant to University of Nebraska Executive Memorandum No. 14, the President has delegated authority to each Chancellor to approve specific types of contracts described in Section 4 of RP -6.3.1. Pursuant to University of Nebraska Executive Memorandum No. 13 and Executive Memorandum No. 14, the Chancellor may further delegate contract signature authority. Individuals with the authority to sign contracts on behalf of UNMC are listed in the UNMC Executive Memorandum 13 Contract Signature Authority and UNMC Executive Memorandum 14 Contract Signature Authority Tables. No individual shall sign a contract on behalf of the University of Nebraska Medical Center unless having specifically been delegated the authority to do so.
Electronic and Digital Signatures
Contractually Binding Signatures Governed by Executive Memoranda No. 13 and No. 14
UNMC employees delegated signature authority through Executive Memoranda No. 13 and No. 14 shall utilize UNMC approved digital and electronic signatures in compliance with the Nebraska Digital Signatures Act or the Uniform Electronic Transactions Act Neb. Rev. Stat. § 86-612 et seq..
Internal documents, meaning documents signed between UNMC employees for purposes of internal UNMC business, may be executed with wet signatures, exchanged via email or via electronic or digital signature.
Contracts with parties external to UNMC should be signed via DocuSign. DocuSign is the current technology utilized by UNMC through an agreement with Nebraska Medicine (software license holder).
Access to DocuSign requires the submission of the proposed use case by the UNMC department and approval by the Assistant Vice Chancellor for Business and Finance. There are four (4) approved use cases:
- Level 1 contracts that a signatory listed in Executive Memorandum No. 13 or 14 acting as a University Authorized Party will execute.
- Level 2 research participant e-consents (when DocuSign requires the sponsor to contractually require use and the research is NOT subject to FDA regulations).
- Level 3 non-binding signatures (internal forms/internal approvals).
- Level 4 employment offer letters or designated Human Resource forms that are routed to a third party.
Use case applications can encompass multiple levels if the DocuSign envelope creators are tasked with multiple uses of DocuSign.
Audits of DocuSign activity are performed periodically to ensure that envelope creators are using DocuSign in compliance with the approved use case application. Use of DocuSign for unapproved use cases can result in the removal of access.
Please refer to Standard Operating Procedures No. 8009.1 for additional information.
Executive Memorandum No. 14
Category | Authorities |
---|---|
RESEARCH CONTRACTS, meaning federal awards, research grants and contracts and externally funded research related projects | Sponsored Programs Administration, 402-559-7456, https://www.unmc.edu/spa/about/contact.html
Authorized Organization Representative and Associate Vice Chancellor for Clinical Research UNeHealth, https://www.unmc.edu/spa/clinical-trials/unehealth/ Clinical Research Center, https://www.unmc.edu/cctr/resources/crc/index.html |
PURCHASES OF GOODS AND SERVICES | Procure to Pay, contracts@nebraska.edu |
LICENSED TECHNOLOGY | UNeMed, 402-559-3274, https://www.unemed.com/contact-us/staff-directory |
BUSINESS FUNCTIONS | Business and Finance
When UNMC is expending funds or procuring goods or services: Procure to Pay, contracts@nebraska.edu When UNMC is receiving revenue: 402-559-5221, Amy Lamer, Business Services, Risk Management Specialist and copy Assistant Vice Chancellor for Business and Finance Stewardship and management of resources issues: Assistant Vice Chancellor for Business and Finance and Controller, 402-559-5837 |
ACADEMIC AGREEMENTS | Academic Affairs, 402-559-5130, https://info.unmc.edu/policies/academicaffairs/affiliation-agreements.html, https://www.unmc.edu/academicaffairs/, https://www.unmc.edu/academicaffairs/about/index.html |
All Others | See Contract Signature Authority Tables: Executive Memorandum 13 Contract Signature Authority by position and
Executive Memorandum 14 Contract Signature Authority by position |
Direct any questions related to the Contract Signature Authority to the Chief Compliance Officer at 402-559-9576.
Contract Types and Signatories
Research Contracts
In compliance with Federal regulations, an individual designated as Authorized Organization Representative (AOR) is the only official authorized to sign on behalf of the institution. Signature by the AOR signifies that the University agrees to comply with regulations and laws. Sponsored Programs Administration is the authorized signature official of UNMC for sponsored programs grants and contracts.
Expenditure Contracts
Purchases of Goods and Services
Procure to Pay (P2P) is responsible for contracts where University funds are spent. The Board of Regents Policies and Bylaws provide thresholds that trigger bidding requirements, signature authority and other requirements. Contracts for procurements utilizing state funding must be reported to the Nebraska State Contracts Database in accordance with the Nebraska Taxpayer Transparency Act Neb. Rev. Stat. § 84-602.01 et seq.. P2P ensures that information security requirements are met for all purchases.
Licensed Technology
UNeMed focuses on promoting the advancement and commercialization of UNMC technologies. UNeMed authorized signatories execute agreements such as material transfer agreements, confidentiality and nondisclosure agreements, and licensing agreements where rights to UNMC intellectual property are utilized.
Business Functions
Agreements involving University stewardship, management of resources and revenue generating contracts are executed by authorized signatories in Business and Finance.
Academic Agreements
Academic Affiliation Agreements are required for all organizations accepting UNMC students and for all students who come to UNMC from other educational institutions for clinical or nonclinical experience (Office of Health Professions Education). Academic Affiliation Agreements are approved by the Office of the Senior Vice Chancellor for Academic Affairs. Contact your college representative responsible for drafting and negotiating Academic Affiliation Agreements or Academic Affairs at 402-559-5130 with questions.
Data Security/Protected Health Information
UNMC, as a party to an Affiliated Covered Entity Agreement (ACE), is obligated to protect patient information under HIPAA. Any UNMC contract that involves the disclosure of protected health information (PHI) outside of UNMC and/or Nebraska Medicine must ensure that procedures and policies are followed to secure PHI.
When contracting outside of the ACE for software, equipment purchases or transfer of PHI electronically, a security review is required by Information Security.
Protected Student Financial Information (PSFI)
University of Nebraska Executive Memorandum No. 26 describes protections of Student Financial Information required under Gramm Leach Bliley Act (GLBA), and protection of credit card information received in the course of business. When an activity requires use of protected financial information under Executive Memorandum No. 26, a GLBA Addendum must be added to the contract (the Addendum is attached as an exhibit to Memorandum 26).
Business Associate Agreement/Addendum
A business associate relationship exists when a person/entity outside of the ACE performs a function or activity on behalf of the ACE that requires business associates to use or disclose protected health information (PHI) in order to perform the function. If a business associate relationship exists with no written contract, a business associate agreement must be signed. If there is an existing contract with the business associate, a business associate addendum must be added. The Business Associate Agreement template can be located at https://www.unmc.edu/hipaa/forms/index.html. Refer to the Business Associate Decision Tree as needed. All Business Associates are required to implement all HIPAA Security Rule Safeguards. In the event that a vendor cannot meet a specific requirement of the Business Associate Agreement or Addendums Procedure, an exception can only be approved by the Vice Chancellor for Business, Finance and Business Development and the University’s Office of the Vice President and General Counsel.
Additional Information
- Chief Compliance Officer
- Assistant Vice Chancellor for Business and Finance
- Standard Operating Procedures No. 8009.1
- Digital Signatures Certification Authorities certified by the Nebraska Secretary of State
- Nebraska Digital Signatures Act
- Uniform Electronics Transactions Act
- Business Associate Agreements and Addendums Procedures
- Business Associate Agreement template
- Academic Affiliation Agreements
- Section 6.4 of the Bylaws of the Board of Regents of the University of Nebraska Board of Regents Policy on Administrative Approval of University Contracts (RP – 6.3.1)
- University of Nebraska Executive Memorandum 13, Delegation of Administrative Authority to Approve Academic-Administrative Personnel Actions
- University of Nebraska Executive Memorandum 14, Delegation of Administrative Authority to Approve Certain Types of University Contracts, and Requirements for Submittal and Execution of Contracts Requiring Approval by the Board of Regents
- University of Nebraska Executive Memorandum No. 26 Information Security Plan - Gramm Leach Bliley Compliance
- University of Nebraska Executive Memorandum No. 27, HIPAA Compliance Plan
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) [45 CFR §164.502(e)(1)]
- Gramm-Leach-Bliley Act(GLBA) 12 CFR §225.28]
- Contract Signature Authority Tables
- IRS Publication 15-A
This page maintained by mh.