The Sourcing Compliance section includes a series of questions related to proprietary information, data storage, protected health information, personal data and GDPR.

Sourcing Compliance Instructions

  1. Select Yes or No for each of the following Sourcing Compliance questions:

  • Will GE Healthcare provide any of the following proprietary information to the supplier?

  • Will the supplier store, transmit, or process GEHC data in a non GEHC environment or will the supplier have access to Highly Confidential Data?

  • Will the supplier (regardless of where the supplier is located in the world) have access to any protected health information from U.S. health care providers or health plans?

  • Will the supplier (regardless of where the supplier is located in the world) have access to any personal data belonging to EU citizens?

2. Attach additional forms to the Document Upload Grid, if applicable.

A Non-Disclosure Agreement (NDA) is required if GE Healthcare is supplying proprietary information to the supplier. SOAR provides a link to generate the NDA.

A Personal Health Information Agreement (PHIA) is required if the supplier has access to protected health information. SOAR provides a link to generate the PHIA.

Personal Health Information Definition: Any information about health status, provision of health care or payment for health care that can be linked to a specific individual that is held or transmitted in any form.

3. If the supplier is given access to personal data, select one or more data types in the dropdown.

Personal Data Definition: Any data relating to an identified or identifiable living individual. This includes data that, even if not directly attributable to an individual, if combined with other data might allow for identification. E.G. - Name, E-mail Address, ID Number, IP Address, Phone Number, Patient Data.