Home
Procedures
SOP-AP-03: Access to Invoices with Protected Health Information (PHI)

SOP-AP-03: Access to Invoices with Protected Health Information (PHI)

Number: SOP-AP-03

Subject: Access to Invoices with Protected Health Information (PHI)

Summary: How to request access to view BUY.IU invoice images containing PHI.

Source: University Procurement Services

Date of Issue: 04/30/2024

Disclaimer

The information provided in this Standard Operating Procedure (SOP) is designed to provide helpful information on this procedure. The Office of Procurement Services reserves the right to determine on a case-by-case basis if a SOP should be adjusted for a particular situation. This SOP is not intended to cover each and every situation nor can it anticipate specific circumstances.

Rationale

Access to invoice attachments in BUY.IU containing PHI is limited to Fiscal Officers who have current HIPAA training certification. Delegates do not have access. PHI is considered critical data and is defined in the Knowledge Base article About Protected Health Information.

In a few instances, the Fiscal Officer can request access for a non-fiscal officer for a limited period. Reasons for exceptions include:

Fiscal Officer will be out of the office for more than 10 business days.
Fiscal Officer is leaving the university, and a new Fiscal Officer has not been appointed.

Very specific exceptions that do not meet the criteria above will be considered by Accounts Payable management on a case-by-case basis.

Procedure

Exception requests being requested for the reasons stated in the Rationale section above must be submitted using the Procurement support form.

Select the following form options:

Support Form Topic: Approvers
Support Form Subject: Request Temporary PHI Invoice Access
Select one of the following reasons:
- The department FO will be on leave for more than 10 business days.
- The current FO is leaving the University, and a replacement has not been identified.
Complete the following fields:
- Start date of access: (Required)
- End date of access: (Required)
- Additional details:
Submit the form.

Exceptions other than those listed in the Rationale section will be considered if they will significantly impact the business processes of an organization. In those cases, the Fiscal Officer can request an exception for a limited number of staff. Exceptions should be directed to Mary Byrde, Director of Accounts Payable, at mbyrde@iu.edu and Ali Piovesan, Manager of Accounts Payable, at epiovesa@iu.edu.

Only requests from Fiscal Officers will be accepted. Exception requests must include the following:

First name, last name, username, and title of the staff who require access.
A detailed reason for why the exception is required.

Accounts Payable will respond within 2 days regarding the access request.

Definitions

Fiscal Officer:: The person responsible for the day-to-day management of the funds associated with an account. Specified by account in the Kuali Financial System.

Office of Procurement Services

SOP-AP-03: Access to Invoices with Protected Health Information (PHI)

Rationale

Procedure

Definitions

References

Additional links and resources