Data Confidentiality Policy for Contractors

Originally Issued: July 2015

Contacts: Don Diener Lori Temple

Download Policy Document Download Procedure Document

Policy

Contractors who receive or are provided access to university data will use the data solely for the purposes for which they have been contracted. Contractors who are exposed to protected information during the scope of services will use and disclose protected information solely and exclusively for the purposes for which such information, or access to it, is provided in order to perform services. Contractors are fully responsible and liable for all acts, omissions, and work performed by their representatives or subcontractors.

Contractors hired through the UNLV procurement process are bound by the terms and conditions associated with the protection of university data included in the executed contract.

Contractors hired to work specifically with Protected Health Information must complete a HIPAA Business Associate Agreement. 

All other contractors must comply with all provisions of the Contractor Confidentiality Agreement. The agreement can be modified with approval of General Counsel. 

Employees are responsible for ensuring contractors who receive or are provided access to university data comply with their responsibilities as set forth in this policy.

Related Documents

UNLV HIPAA Units

  • Dental School and any associated clinics
  • Student Health Center and Pharmacy
  • Student Wellness
  • Athletic Training Department
  • Center for Individual and Family Counseling
  • Center for Health Information Analysis
  • National Supercomputing Center for Energy and the Environment

Statement of Purpose

The purpose of this policy is to:

  • Ensure employees understand their responsibilities when they contract with individuals or companies who may have access to campus data during their engagement with the university.
  • Ensure contractors understand their responsibilities for the protection of data during the performance of their contracted services.
  • Ensure contractors who access data, directly or indirectly, are in compliance with all applicable laws and regulations, as well as relevant UNLV policies and procedures.

Entities Affected by Policy

Entities affected by this policy include parties that enter into contracts with UNLV and UNLV representative(s) responsible for those contracts.

Who Should Read This Policy

UNLV employees who develop, manage, oversee, and/or execute contracts should read this policy. Additionally, any individual or company contracted by UNLV should read this policy.

Exceptions

There are no exceptions to this policy.