🛈 Note: We are performing scheduled upgrades to this wiki on Monday, February 13, 2023. During the upgrade process:
Everyone will still be able to view this wiki.
Editors will not be able to change this wiki.
The wiki may be unavailable for several minutes.


From University of Nebraska Medical Center
Jump to navigation Jump to search
Human Resources   Safety/Security   Research Compliance   Compliance   Privacy/Information Security   Business Operations   Intellectual Property   Faculty

Identification Card | Secure Area Card Access | Privacy/Confidentiality | Computer Use/Electronic Information | Retention and Destruction/Disposal of Private and Confidential Information | Use and Disclosure of Protected Health Information | Notice of Privacy Practices | Access to Designated Record Set | Accounting of PHI Disclosures | Patient/Consumer Complaints | Vendors | Fax Transmissions | Psychotherapy Notes | Facility Security | Conditions of Treatment Form | Informed Consent for UNMC Media | Transporting Protected Health Information | Honest Broker | Social Security Number | Third Party Registry | Information Security Awareness and Training

Policy No.: 6063
Effective Date: 03/17/03
Revised Date:
Revised Date:

Vendor Policy

Basis for Policy

Vendors and sales representatives play an important role as providers of information and services to UNMC. Vendors are guests at UNMC and shall conduct their business in accordance with good business practices.


Departments shall not provide vendors access to any confidential information, including patient information (protected health information or “PHI”) and proprietary information, unless the information is necessary to perform services on behalf of UNMC. A business associate agreement or addendum must be signed prior to any service performed (see UNMC Policy No. 8009, Contracts and Business Associate Agreements and Addendums Procedures).


  • Identify vendors as visitors who are present in UNMC facilities for a legitimate business purpose
  • Prohibit disclosure of confidential patient and proprietary information to vendors unless the information is necessary to perform services on behalf of UNMC as defined by the business associate agreement/addendum


Protected Health Information (PHI) is individually identifiable health information. Health information means any information, whether oral or recorded in any medium, that:

  • is created or received by UNMC; and
  • relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Records containing PHI, in any form, are the property of UNMC. The PHI contained in the record is the property of the individual who is the subject of the record.

Protected health information excludes education records covered by the Family Educational Rights and Privacy Act (FERPA), and employment records held by UNMC in its role as employer.

Vendor Any supplier or sales representative offering or providing services, supplies, or equipment to UNMC, its patients and healthcare providers practicing at UNMC.

Additional information

This page maintained by dkp