Skip to main content

System Status: 

Responsible Buying

Information about buyer roles and responsibilities, policies, practices, and ethics when it comes to buying for UC San Diego.


The Integrated Procure-to-Pay Solutions division of Business and Financial Services (BFS) fosters and promotes fair and ethical business practices while acting in the best interest of the University of California and the people of the State of California. This includes adhering to a strict code of ethics.

Purchasing Code of Ethics

If you are involved in any aspect of purchasing goods and services for UCSD, you are expected to adhere to the Purchasing Code of Ethics:

  • First, give consideration to UCSD's mission and Principles of Community.
  • Obtain maximum value for each dollar spent.
  • Decline personal favors, gifts, and gratuities.
  • Grant all competitive suppliers fair and equal consideration.
  • Conduct business with potential and current suppliers in an atmosphere of good faith.
  • Demand honesty in sales representation.
  • Receive consent of originator for use of proprietary ideas and designs.
  • Make reasonable effort to obtain equitable settlement of any controversy with a supplier.
  • Accord a prompt and courteous response to all who call on legitimate business.
  • Foster fair, ethical, and legal business practices.
  • Protect the University's interest by ensuring suppliers honor all terms of their contracts.

Maintaining university contractual information as sensitive information:

University faculty and staff have access to information about the contracts with suppliers engaged in doing business with UC San Diego. This information, including terms and conditions, pricing and/or sourcing documents must not be shared with any other party except as allowed by the California Public Records Act and the Information Practices Act.

The Office of the President for UC Procurement ensures that the university policy on ethics is circulated to all campuses. Each department chair/ head must make this policy available to all department business officers and staff having authority to conduct business on behalf of the university. Procurement & Contracts' responsibility is to foster and promote fair and ethical business practices and provide assistance in support of the policy.

Maintaining Confidentiality

Protected Health and Personally Identifiable Information

Protected health information (PHI) and personally identifiable information (PII) is confidential and shall not be accessed or viewed other than for the sole purpose of performing employment duties and responsibilities. Do not attach, upload, or include PHI or PII to any Oracle requisition.

What is Personally Identifiable Information (PII)?

PII refers to information which can be used to distinguish or trace an individual’s identity (e.g. name, Social Security Number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual (e.g. date and place of birth, mother’s maiden name). 

Cal. Civil Code § 1798.29 defines personal information as an individual’s first name or first initial and last name in combination with any one or more of the following data elements (when either the name or the data elements are not encrypted):

  • Social Security Number;
  • Driver’s License number or California Identification Card number; or
  • Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to the individual’s financial account.

What is Protected Health Information (PHI)?

PHI is any individually identifiable health information that UC San Diego uses, creates, or maintains in the course of providing treatment, obtaining payment for services, or while engaged in health care operations, including teaching and research activities. 

Individually identifiable health information is information, including demographic data that relates to:

  • the individuals’ past, present, or future physical or mental health or condition;
  • the provision of health care to the individual; or
  • the past, present, or future payment for the provision of health care to the individual.

The information must identify the individual or there must be a reasonable basis to believe that it can be used to identify the individual.  Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number, etc).

See complete list of 18 PHI identifiers

Training and Additional Information

  • Do not attach, upload, or include PHI or PII to any Oracle requisition. PHI and/or PII should not be included on supplier invoices unless absolutely necessary.  If PHI and/or PII must be included on invoices to verify a supplier’s services, the department should contact Accounts Payable via UC San Diego Services & Support portal prior to submitting the requisition.
  • For UC San Diego Health Science’s Annual Online HIPAA Training, please access UC Learning Center and search keyword, “HIPAA”. 
  • For questions about Oracle contact UC San Diego Services & Support.
Find answers, request services, or get help from our team at the UC San Diego Services & Support portal.