Due to a UPMC Enterprise Network outage, the secure UPMC Health Plan web portals may be unavailable or operating with limited functionality from Saturday April 29, 2017 at 10:00PM until Sunday April 30, 2017 at approximately 6:00AM. If you experience any issues during that time, please try again outside of the downtime window. Thank you for your patience.

HIPAA Guidelines for Business Associates

UPMC Health Plan and its affiliates (collectively referred to on this page as "UPMC Health Plan") are required to adhere to the rules established by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), a federal law governing, among other things:

  • The privacy of identifiable health information — referred to as protected health information ("PHI") — regardless of the format in which it exists (this includes electronic, written, and verbal communication)
  • Electronic data interchange and code set standards
  • Security of PHI

HIPAA applies to health care providers, health plans, health care clearinghouses and certain third parties that perform services involving PHI or the exchange of electronic data on behalf of UPMC Health Plan (referred to as "Business Associates"). HIPAA has been modified on a number of occasions since its enactment in 1996, most recently with the passage of the 2013 HIPAA Omnibus Rule.

In order to comply with HIPAA, UPMC Health Plan has developed the "UPMC Terms and Conditions (PDF) for Business Associates" to which all UPMC Health Plan’s Business Associates must adhere.

HIPAA Omnibus Rule (2013)

In January 2013, HIPAA was amended and revised by what is known as the HIPAA Omnibus Rule. The HIPAA Omnibus Rule includes changes to the obligations of Business Associates. As a result, UPMC Health Plan has adopted a web-based Business Associate Agreement, referred to as "UPMC Health Plan Terms and Conditions for Business Associates."

If UPMC Health Plan negotiated a HIPAA Business Associate Agreement with you prior to September 23, 2013, by continuing to perform services after September 23, 2013, you agree that your Business Associate Agreement is amended to comply with the HIPAA Omnibus Rule Terms and Conditions for Business Associates. Please click on the link to the Terms and Conditions for Business Associates located on this page for further information.

If you are a new Business Associate after September 23, 2013, your underlying agreement to provide services to the Covered Entity will require you to comply with the HIPAA Omnibus Rule Terms and Conditions for Business Associates. Please click on the link to the Terms and Conditions for Business Associates located on this page for further information.

Apple Store Google Play