Our centralized shared service organization, Enterprise Procurement, is dedicated to driving measurable and positive impact for our business stakeholders, members and the organization by optimizing supplier engagement.

We are committed to fostering inclusive representation as a key part of our procurement strategy. By working with local and diverse suppliers, we can tap into new ideas that add value to our businesses and help us provide innovative solutions to our members. Learn more about our Supplier Diversity program.

If you are interested in becoming a supplier for 不良研究所, please register on our Supplier Portal.

counselor with members during a discussion session

Supplier Requirements

We expect our suppliers to provide high-quality goods and services that drive optimal performance and diligent oversight of compliance requirements.

不良研究所鈥檚 suppliers are expected to meet our standard performance, operational, contract and legal/regulatory compliance requirements.

We provide resources to guide our delegates through compliance program requirements for working with our Managed Health Care Programs (e.g., Medicare, Medicaid, Marketplace). Delegates will participate in a pre-delegation audit, which consists of a review of the supplier鈥檚 policies for applicable services, compliance program and may include an evaluation of their information security program and financial solvency.听

Access 不良研究所鈥檚 standard terms and conditions for the procurement of goods and services. Additional contract documents may be required with 不良研究所鈥檚 legal and compliance programs before commencing services. 听

不良研究所 uses the Coupa platform for interacting with existing suppliers, including requests for proposals (RFP) and transaction processing. Current suppliers may leverage the . Selected bidders invited to respond to an RFP should follow the invite instructions provided via email. 听

  • Watch the .

Suppliers with potential access to 不良研究所鈥檚 confidential data or systems are required to participate in our Third-Party Risk Management Program. This program includes assessment and validation of necessary certifications and ensures all potential suppliers maintain necessary processes in place to protect 不良研究所 confidential data and support other risk management activities. Required certifications and polices may include, but are not limited to: 听听听听

Certifications:听听听

  1. Service Organization Control (SOC) Full Report 2, Type 1 or 2 report;听听and/or听
  2. HiTrust CSF Validated Assessment Full Report; and/or听
  3. Federal Risk and Authorization Management Program (Fed Ramp); and/or听
  4. PCI DSS Certification; and/or听5. ISO 27001 Full Report听

Organizational Policies (as applicable to the scope of services):听听听

  1. Business Continuity Plan听
  2. Documented Information Security Policy/Program听
  3. Proof of background check policy听
  4. Documented Privacy Program or equivalent听
  5. HIPAA Evaluation (if available)听
  6. Proof of data classification scheme听
  7. Incident Response Plan听
  8. Proof of network diagrams听
  9. Documented Physical Security Program听
  10. Proof of Employee Nondisclosure Agreement听

An annual review and attestation to听不良研究所鈥檚 Code of Conduct听may also be required.

We may request suppliers to work closely with 不良研究所鈥檚 performance management teams to support service level agreements, key performance indicators or address any issues.

Our standard payment term is 60 days or greater, with special considerations available for diverse and small businesses. 听

The Enterprise Procurement team manages the supplier onboarding process, which begins with the issuance of required documents via email.听听听听

Onboarding Requirements:听听听

  1. Supplier may not be excluded from working with healthcare payers. Our team will validate eligibility based on data from Office of the Inspector General, System for Award Management and Office of Foreign Asset Controls.听
  2. Supplier is required to submit:听听

a. W-9 Form

b. Payment Authorization Form

If ACH payment is preferred, a voided check or signed bank letter is needed.听