Our centralized shared service organization, Enterprise Procurement, is dedicated to driving measurable and positive impact for our business stakeholders, members and the organization by optimizing supplier engagement.

We are committed to fostering inclusive representation as a key part of our procurement strategy. By working with local and diverse suppliers, we can tap into new ideas that add value to our businesses and help us provide innovative solutions to our members. Learn more about our Supplier Diversity program.

If you are interested in becoming a supplier for ¶¶Òõ, please register on our Supplier Portal.

counselor with members during a discussion session

Supplier Requirements

We expect our suppliers to provide high-quality goods and services that drive optimal performance and diligent oversight of compliance requirements.

¶¶Òõ’s suppliers are expected to meet our standard performance, operational, contract and legal/regulatory compliance requirements.

We provide resources to guide our delegates through compliance program requirements for working with our Managed Health Care Programs (e.g., Medicare, Medicaid, Marketplace). Delegates will participate in a pre-delegation audit, which consists of a review of the supplier’s policies for applicable services, compliance program and may include an evaluation of their information security program and financial solvency.Ìý

Access ¶¶Òõ’s standard terms and conditions for the procurement of goods and services. Additional contract documents may be required with ¶¶Òõ’s legal and compliance programs before commencing services. Ìý

¶¶Òõ uses the Coupa platform for interacting with existing suppliers, including requests for proposals (RFP) and transaction processing. Current suppliers may leverage the . Selected bidders invited to respond to an RFP should follow the invite instructions provided via email. Ìý

  • Watch the .

Suppliers with potential access to ¶¶Òõ’s confidential data or systems are required to participate in our Third-Party Risk Management Program. This program includes assessment and validation of necessary certifications and ensures all potential suppliers maintain necessary processes in place to protect ¶¶Òõ confidential data and support other risk management activities. Required certifications and polices may include, but are not limited to: ÌýÌýÌýÌý

Certifications:ÌýÌýÌý

  1. Service Organization Control (SOC) Full Report 2, Type 1 or 2 report;ÌýÌýand/orÌý
  2. HiTrust CSF Validated Assessment Full Report; and/orÌý
  3. Federal Risk and Authorization Management Program (Fed Ramp); and/orÌý
  4. PCI DSS Certification; and/orÌý5. ISO 27001 Full ReportÌý

Organizational Policies (as applicable to the scope of services):ÌýÌýÌý

  1. Business Continuity PlanÌý
  2. Documented Information Security Policy/ProgramÌý
  3. Proof of background check policyÌý
  4. Documented Privacy Program or equivalentÌý
  5. HIPAA Evaluation (if available)Ìý
  6. Proof of data classification schemeÌý
  7. Incident Response PlanÌý
  8. Proof of network diagramsÌý
  9. Documented Physical Security ProgramÌý
  10. Proof of Employee Nondisclosure AgreementÌý

An annual review and attestation toÌý¶¶Òõ’s Code of ConductÌýmay also be required.

We may request suppliers to work closely with ¶¶Òõ’s performance management teams to support service level agreements, key performance indicators or address any issues.

Our standard payment term is 60 days or greater, with special considerations available for diverse and small businesses. Ìý

The Enterprise Procurement team manages the supplier onboarding process, which begins with the issuance of required documents via email.ÌýÌýÌýÌý

Onboarding Requirements:ÌýÌýÌý

  1. Supplier may not be excluded from working with healthcare payers. Our team will validate eligibility based on data from Office of the Inspector General, System for Award Management and Office of Foreign Asset Controls.Ìý
  2. Supplier is required to submit:ÌýÌý

a. W-9 Form

b. Payment Authorization Form

If ACH payment is preferred, a voided check or signed bank letter is needed.Ìý