University of Michigan Health System

Vendor Visitation Information

Home
Training and Education
Policies
Forms
Contact Us

Training and Education

HIPAA

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. While the title suggests that this rule only applies to insurance information, a major part of HIPAA addresses the privacy of "Protected Health Information," the patient's health information (PHI). Download the HIPAA in a Nutshell pdf here.

PHI is information:

Sent or stored in any form
That identifies the patient, or can be used to identify the patient
That is created or received by a covered entity
That generally is about a patient’s past, present, and/or future treatment and payment of services

How does HIPAA affect vendors doing business with the University of Michigan?

HIPAA requires the University of Michigan to sign confidentiality agreements with all Business Associates. A Business Associate is someone who does not work for the University of Michigan and needs access to our patients’ protected health information (PHI).

In order for the University to share PHI with a Business Associate, a Business Associate Agreement must be signed by both parties.

What are some examples of when a Business Associate Agreement may or may not be required?

Scenario	Business Associate Agreement with Vendor
1. Technical vendors who have access into computer systems or database containing PHI	Required
2. Accreditation organizations	Required
3. Temporary agencies that place personnel in areas where they may have access to PHI	Required
4. Record storage facilities	Required
5. Lawyers, accountants, consultants (non-university employees)	Required
6. A non-covered entity with access to PHI (e.g. orthotics manufacturer)	Not required if the entity is also a health care provider
7. Vendors who only have incidental access usually are not considered Business Associates (e.g., copy repair technicians)	Not required

Who should I contact if I have questions about my contract with the University of Michigan?

Vendors uncertain of their status as a Business Associate should contact the Procurement buyer handling their current contract. Contact information for the Procurement Teams is available on the Contacts page.

Where can I find more information about HIPAA?

Visit the United States Department of Health and Human Services.

Safety Orientation

For information visit the Safety Orientation Web site.

[an error occurred while processing this directive]

University of Michigan Health System, 1500 E. Medical Center Drive Ann Arbor, MI 48109 734-936-4000
© copyright 2012 Regents of the University of Michigan / Template developed & maintained by: Public Relations & Marketing Communications. Contact UMHS

The University of Michigan Health System Web site does not provide specific medical advice and does not endorse any medical or professional service obtained through information provided on this site or any links to this site. Complete disclaimer and Privacy Statement