How do I make a payment in HCOM when the invoice has confidential information?

Any data deemed confidential according to the guidelines of the Health Insurance Portability and Accountability Act (HIPAA) or Harvard’s High Risk Confidential Information (HRCI) guidelines should be omitted or removed from Purchase Orders and Invoices. Examples of this type of information include:

  • Social Security Numbers
  • Credit card numbers
  • Driver’s license numbers
  • Health insurance ID numbers

It is the local unit's responsibility to ensure these standards are met on their own POs and associated invoices. AP does not pre-audit for confidential data on invoices. Vendor invoices containing confidential information must be received at the local unit and confidential information must be removed prior to forwarding these invoices to UFS AP for processing.

Local units may also choose to keep original invoices with specific confidential information locally. However, a notation must be made on the documentation submitted to Accounts Payable that this is being done. The notation is required for audit purposes.

See also: