Awareness : Newsletter Articles

Industry Representatives in Clinical Areas: What you need to know

At UHealth, vendors and industry representatives play an important role in patient care, education and research.  From the purchasing of devices to implementation in operating rooms, medical faculty and staff often interact with vendors and industry representatives at various levels.  These interactions support UHealth but must be properly managed to maintain patient safety and the integrity of the Health System.

Under the HIPAA Privacy Rule, vendors that receive, use, or disclose Protected Health Information (PHI) on behalf of UHealth are required to enter into a Business Associate Agreement (BAA), with few exceptions.  Generally, HIPAA requires that patients provide written authorization before their PHI is disclosed for any reason other than Treatment, Payment or Health Care Operations (TPO). 

Interactions between medical personnel and industry representatives are intended to enhance the practice of medicine without compromising patient privacy.  UHealth follows regulatory requirements, therefore has specific requirements pertaining to industry representatives and their involvement in clinical areas:

  • Industry representatives are not permitted in patient care areas (few exceptions apply).
  • Industry representatives are not permitted to see patients, medical records, or attend rounds or surgery.
  • Industry representatives may be allowed in patient care areas to provide training on devices or equipment only if appropriate patient authorization is obtained prior to the interaction and the Clinical Chair is notified.
  • Industry representatives may be allowed in patient care areas without patient authorization if they are acting as a health care provider as defined by the Privacy Rule.  In this circumstance, the representative’s involvement is directly related to the health care of an individual.
  • Industry representatives may be allowed in patient care areas without patient authorization if they are facilitating with operation of the medical device.

It is critical to remember that under the HIPAA regulation and UMMG policy, an industry representative’s access to patient care areas must meet highly specific requirements.  In order to facilitate positive and meaningful interactions with industry representatives, it is vital to consider patients’ privacy rights and regulatory implications.  Determinations as to whether an industry representative’s presence in clinical areas is appropriate must be done on a case by case basis.  For further guidance, please refer to Interactions with Health Industry Entities policy or contact the contact the Office of Privacy and Data Security.

Additional Resources:
Office of Regulatory Compliance
Vendors & Privacy: What you need to know