Contract Requirements and Guidelines

This downloadable Kaiser Permanente Business Associate Agreement (“BAA”) applies to any supplier that has a business relationship with Kaiser Permanente that involves the receipt, creation, maintenance, access, transmission, use and/or disclosure of Protected Health Information to the extent the supplier qualifies as a business associate under HIPAA regulations and unless the supplier has entered into a separately signed BAA with Kaiser Permanente that covers this business relationship.

These downloadable Kaiser Permanente Mutual Non-Disclosure Terms and Conditions (“NDA”) apply to transactions or interactions between a supplier/contractor and a Kaiser Permanente entity which involve the disclosure of confidential or proprietary information, unless the parties have agreed in writing to use other terms and conditions. The NDA also applies to written agreements which incorporate by reference the NDA, including, without limitation, a Mutual Non-Disclosure Letter Agreement.

Kaiser Permanente upholds high ethical standards in its business practices, and our vendors play an integral role in making this happen. The Vendor Code of Conduct contains the minimum standards by which a supplier is expected to conduct itself when providing services to Kaiser Permanente.

Each region of has their own established policies regarding interface with any pharmaceutical manufacturing representatives and/or their contracted vendors. KAISER PERMANENTE WASHINGTON ONLY. *For all other regions, please consult the KP National Pharmaceutical Contracting Team.

Kaiser Permanente requires Suppliers to maintain and routinely test comprehensive Business Continuity Plans to ensure appropriate and timely recovery of services to KP during times of business interruption. All Suppliers in contract with KP must provide a 24/7 contact.

If a Supplier is unable to provide a Business Continuity Plan, the Supplier will complete a KP Business Continuity Planning and Resiliency Survey to confirm evidence of a Business Continuity Plan and understanding of their Business Continuity Program.

If Kaiser Permanente has agreed in the agreement or Statement of Work (SOW), as applicable, to reimburse supplier’s travel and associated expenses, then the supplier must comply with the Travel and Expense Guidelines.

Kaiser Permanente’s trademarks, service marks, trade names and logos are valuable assets, which are actively managed and protected by Kaiser Permanente. Vendors and other third parties are not permitted to use Kaiser Permanente marks or logos without written authorization. These Non-Endorsement Guidelines contain the minimum requirements for a vendor’s use of any Kaiser Permanente marks or logos and the process by which a vendor may request this authorization.

If the supplier is providing goods or services to Kaiser Permanente that are used in a licensed or accredited health care facility, the supplier shall participate in the Kaiser Permanente Quality Assurance Program.

In order to facilitate timely and accurate payment of invoices, Kaiser Permanente requires vendors, contractors and suppliers to comply with the Kaiser Permanente Invoice and Accounts Payable Requirements. Failure to follow these requirements may lead to processing delays or the non-payment of invoices.

Kaiser Permanente recently implemented company-wide, eInvoicing submission and is discontinuing paper-based invoicing. All suppliers transacting with KP will be required to submit invoices electronically. Electronic invoice submission is the ONLY authorized channel for invoice submission to receive timely payment(s).

Clinical Technology Services include: Preventative Maintenance, Corrective Maintenance, and other related services on the medical equipment used in the monitoring, diagnosis, and treatment of the Kaiser Permanente members and patients.

Kaiser Foundation Health Plan, Inc. and its health plan subsidiaries have entered into contracts with the U.S. Government Office of Personnel Management and The Centers for Medicare and Medicaid Services that require certain federal contract provisions be made a part of any subsequent agreement with vendors, contractors and suppliers who provide services to support these Federal contracts. Each supplier providing services is required to review and, where applicable, comply with the Kaiser Permanente Federal Flow-Down Requirements

The California Department of Managed Health Care Regulatory Program Requirements for Vendors, Contractors and Suppliers contains the additional contractual provisions required by the California Department of Managed Health Care (DMHC) to be included in certain agreements between Kaiser Foundation Health Plan, Inc. and its suppliers. Each supplier providing services is required to review and, where applicable, comply with the California Department of Managed Health Care Regulatory Program Requirements.

Kaiser Permanente, as a Medi-Cal managed care contractor of the California Department of Health Care Services, must require its suppliers with access to Medi-Cal member information, to comply, with certain HIPAA Requirements. If supplier will create, receive, maintain transmit, use or disclose Medi-Cal member information, then supplier must review, and if applicable, comply with the provisions applicable to contractors in the Medi-Cal HIPAA Flow-Down Requirements.

If a supplier is providing services to customer, the supplier shall comply with the background check requirements.

Upon request, supplier will comply with Kaiser Permanente's drug screening requirements.

If a supplier is providing services at a facility in which in-person patient care is provided to Kaiser Permanente patients, then supplier will comply with the Kaiser Permanente health screening requirements.

Supplier will comply with KP’s Vendor Portal Registration Program Requirements. Supplier is responsible for entering and maintaining the accuracy of their company information residing on the Vendor Portal.

Supplier will comply with KP’s Vendor Financial Risk Assessment Program Requirements. Supplier is responsible for responding to a request for financial information within ten business days of receipt of request.

If a supplier will have access to Kaiser Permanente's computer system to perform services, then the supplier shall comply with the computer system access requirements.

Kaiser Permanente is committed to providing access to its healthcare services, programs, and activities free from discrimination on any basis, including disability. This commitment includes ensuring the digital products and services we provide to our members, patients, and other users are accessible. The Digital Products and Services Accessibility Requirements contain the minimum accessibility requirements for Suppliers of digital products and services.

Suppliers must comply with Kaiser Permanente's Data Security Requirements if supplier will be accessing, generating, processing, hosting, or storing* personally identifiable information, data, or records relating to any patient, member, employee, or contractor of any Kaiser Permanente entity. (* Examples include application management, data processing, hosting, or system integration services.)

Suppliers must comply with Kaiser Permanente's Edge Security Requirements if supplier will be supplying or supporting a device that falls into the governance of Kaiser Permanente’s Edge Cybersecurity Program, which includes medical, lab, clinical research and imaging devices, pharmacy devices, facilities automation and security systems, and IoT devices.

If supplier’s services include processing, storing, using or transmitting payment cardholder data, then supplier will comply with the Kaiser Permanente Payment Card Industry Data Security Requirements.

All Kaiser Permanente IT vendors, contractors and suppliers who provide IT solutions are required to comply with Kaiser Permanente's standard for quality IT solution delivery, based on the Solution Delivery Life Cycle (SDLC) defined framework and affiliated sub-processes.

Learn more about the distribution, transportation, and packaging requirements for doing business with Kaiser Permanente.

Kaiser Permanente supports the implementation of the GS1® Device Identification System in the health care industry as the standardized system for marking medical devices with unique device identifiers. Each supplier of medical devices to Kaiser Permanente shall comply with the GS1® Healthcare Requirements for vendors, contractors, and suppliers. Learn More.

This document provides Kaiser Permanente requirements for vendor submission of their medical products for clinical evaluation.

These updated requirements shall apply to all vendor representatives visiting any Kaiser Permanente facility within all regions. Some facilities and departments may also have their own additional requirements. Please Note: Kaiser has implemented additional provisions during COVID-19 which augment these requirements.

This brochure is a focused summary highlighting the key business and procurement practices supporting and enabling vendors to work effectively with Kaiser Permanente.

Third party entities, including third party providers, must enter into this agreement to access Kaiser Permanente HealthConnect® through Kaiser’s Affiliate Link program.  This agreement provides the terms and conditions under which Kaiser will grant such access to certain third parties.