UnitedHealth Group’s centralized shared service organization, Enterprise Sourcing and Procurement, delivers collaborative, constituent-based, innovative supply chain solutions.

Potential Suppliers

We welcome the opportunity to potentially work with your organization on future engagements. As a supplier with UnitedHealth Group, you will partner with one of our vendor relationship owners to ensure your organization meets relevant performance, operational, contract, and legal/regulatory compliance requirements. At a minimum, your organization will be required to:

  • Follow UnitedHealth Group’s supplier onboarding process.

  • Partner and comply with UnitedHealth Group assessments and assurance activities. These activities may consist of, but are not limited to:

    • Supporting your vendor relationship owner on requests for business process information and documentation;
    • Implementing key processes internally to support risk management programs, regulations and legal requirements; and
    • Partnering with your vendor relationship owner on key performance measurements and concerns.

  • Complying with all other laws and regulations applicable to your business and/or the goods or services you are providing.

  • Complying with the UnitedHealth Group Vendor Code of Conduct.


Existing Suppliers


UnitedHealth Group suppliers are required to comply with important policies including purchase order terms and conditions.

Ariba Platform

UnitedHealth Group uses the Ariba network platform for electronic transaction processing. Our suppliers transact with us via the Ariba network and are responsible for any associated fees. More information about the Ariba network, is available from Ariba.

HITRUST CSF Certification Requirement

On June 29, 2015, the Health Information Trust Alliance (HITRUST) announced an expansion of the health care industry’s use of the Common Security Framework (CSF) Assurance Program. UnitedHealth Group places the utmost importance on the protection of our data and information systems, and we are continually working to align our operations and risk management expectations with evolving standards and industry best practices and in response to new threats. In support of that objective, and along with our HITRUST partners, we require that third-party suppliers with access to our information systems and/or customer or health plan member data obtain and maintain a HITRUST CSF certification.

External Vendor Portal

UnitedHealth Group uses our eGRC (Enterprise Governance, Risk & Compliance)  External Vendor Portal to provide select delegates a single entry point to respond to our risk questionnaire(s)/compliance attestations and subsequently document any required remediation.

Delegated Entity Compliance Program

We provide resources to guide delegates through compliance program requirements including information for working with our Medicare and Medicaid programs.