Vendor Information

Medica is committed to conducting business with the highest ethical standards and applies the same standards to contracted business partners and their subcontractors. As a result, we have implemented various programs and documents that support these standards. It is important that all vendors read and understand the following documents as part of their contractual responsibilities when providing goods or services to Medica or its members.

• Medica's Standard of Conduct for Business Partners (PDF)
• Medica's Reporting Policy (PDF)
• FDR Vendor Compliance and FWA Training (PDF)

Our mission is to ensure our vendors conduct their business with the highest ethical standards in accordance with all laws, regulations, contractual obligations, and corporate standards of conduct, while we protect, prevent, and detect compliance concerns. Questions? Contact Medica Compliance at [email protected]

• Medica's Standard of Conduct for Business Partners (PDF)
• Medica's Reporting Policy (PDF)
• Medica's Travel and Other Reimbursable Expenses for Third Party Provider of Goods/Services (PDF)
• Regulatory Addendum
• Qualified Health Plan Services Addendum

Medica places the highest priority on protecting and securing our members' protected health information and our business confidential information. We demonstrate this with our HITRUST Certification, by complying with laws, regulations, agreements, and with our professional and ethical written standards. We place the same high standards on our business associates. It is important for business associates to understand the following responsibilities:

• Use and disclose PHI solely as required to perform your obligations under your agreement(s) with Medica and as otherwise permitted or required by law
• Use and disclose only the minimum amount of PHI or business confidential information necessary to perform the required activity
• Implement appropriate administrative, physical, and technical safeguards to protect PHI in accordance with HIPAA and your business associate agreement
• Ensure Medica's business confidential information is never sent to another entity and that PHI is not sent to another entity unless permitted by the business associate agreement
• Transmit data securely when releasing PHI or business confidential information by using appropriate encryption, Virtual Private Network or other secure transmission
• Prior to disclosure of PHI to any subcontractor, require the subcontractor to agree in writing to the same terms and restrictions that apply to you
• Know the right channels to promptly report to Medica any impermissible use or disclosure of PHI or security incident of which you become aware
• Mitigate, to the extent practicable, any harmful effect of an impermissible use or disclosure of PHI
• Upon termination of your agreement(s) with Medica, take appropriate action to manage PHI according to the terms of the business associate agreement
• Understand business associates are directly liable under the privacy, security and breach regulations for impermissible uses and disclosures of PHI and subject to the same federal civil and criminal penalties as a covered entity

Reporting a privacy or security incident:

If you become aware of an impermissible use or disclosure of PHI or a security incident, you must promptly notify Medica by completing the Privacy & Security Incident Report Form (PDF) and sending it in a secure manner to:

• [email protected] (preferred)
• Your Medica Contract Manager
• Medica's Privacy Officer

1. Introductory of program
   • We take a disciplined approach to managing contracts with vendors, consultants, temporary contractors and others who assist Medica in meeting its business objectives. This approach ensures requirements are defined clearly and fosters strong working relationships.
2. Request for proposals, quote, or information
   • Business owners drive these request initiatives and are the primary point of contact. The Vendor Management Office may assist with communication and coordination in support of the business owner.
     • Proposals (RFP)
     • Quote (RFQ)
     • Information (RFI)
3. Policies
   • It is Medica's policy to enter into contracts for the purchase of goods and services from vendors in an effective, prudent and fiscally sound manner, and in compliance with all applicable legal and regulatory requirements.
4. General contact info and guidance
   • General inquiries and communications may be directed to us at [email protected].
5. New vendor account setup guidance
   • When establishing a business relationship in purchasing goods or services from vendors, we may require the following documentation:
     • Non-Disclosure Agreement
     • Business Associate Agreement
     • W-9
     • Disclosure of Ownership
     • Privacy and Security Assessment