Campus Alert: Find the latest UMMS campus news and resources at umassmed.edu/coronavirus

Search Close Search
Page Menu

Non-Employee Accounts

Please consult the HR Quick Policy Reference Guide before submitting a request for a Non-Employee account.

Non-UMMS Employee Account Requests:

To request a non-employee account, please complete/provide the following:

Please submit all documentation above via email to the Information Security Department (UMMSInformationSecurity@umassmed.edu).  Information Security will review the request and ensure that the approporiate agreements are in place.  Once approved, the request will be sent to the HR Department.

The HR Department will then enter the non-employee information into the PeopleSoft HR system.  The account requestor will receive an email from the HR Department notifying them that the PeopleSoft record has been created.

The Information Technology Department (IT) will automatically receive this information via a data feed and will create network and email accounts. Once an account has been provisioned, an email will be sent to the account requestor.  This email will contain the non-employee's account details and logon instructions. 

The process from account request submittal to account creation will take no more than 8 business days. 

Account Requestor Obligations:

  • Accounts must be requested by an active UMMS user. The account requestor is responsible for recertifying access annually and notifying the HR department when this individual no longer requires access.
  • Network and email accounts will be provided for all new requests.  A UMMS email address may only be used to conduct Medical School business.
  • A SSN is required for all account requests.

Account Renewal/Extension:

  • Per HR policy, accounts will expire once every six months and will require recertification to be extended for an additional six months. 
    • Approx. 4 and then again at 2 weeks PRIOR to the account termination date, an email will be sent from the HR Department to the account requestor.  This email will include instructions to extend the account if necessary.   
    • Accounts can be extended by completing the HR Account Extension form.

Definitions:

Protected Health Information (PHI): Individually identifiable health information as defined by HIPAA, maintained or transmitted by a Covered Entity, its Business Associates acting for the Covered Entity, or by a Subcontractor of a Business Associate, which is maintained or transmitted in any form or medium. This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse.

Personal Identifiable Information (PII): Any information that can be used to uniquely identify an individual, including: (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical (PHI), educational, financial (PI), and employment information.

Business Associate Agreement (BAA): Business Associate Agreement (BAA): An agreement between a Business Associate (BA) and a HIPAA Covered Entity, or a BA and a Subcontractor who creates, receives, maintains, or transmits PHI on behalf of the BA.

Data Management Agreement (DMA): Satisfactory assurances in writing between UMMS and another entity, that the entity has in place adequate safeguards to protect the PII received, created or disclosed in accordance with a contract.

Data Use Agreement (DUA): An agreement that governs the sharing of data between UMMS and covered entities under the HIPAA Privacy Rule. DUA’s must be entered into before there is any use or disclosure of a limited data set to an outside institution or party.  A limited data set is still protected health information (PHI), and for that reason, covered entities must enter into a data use agreement with any recipient of a limited data set.