ServiceNow is the cloud-based tool that members of the university community use to request help from the ITS Service Center and LSA IT. The Service Center and LSA IT use it to manage, track, and resolve help requests.
ServiceNow is a university contracted-for service provided by ServiceNow and the U-M agreement includes confidentiality and security clauses. ServiceNow is ISO 27001-certified and provides a secure environment in which to maintain or share the university's sensitive unregulated data, as well as some types of sensitive regulated data.
U-M's agreement with ServiceNow includes a Business Associate Agreement. This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. While information captured in ServiceLink could contain Protected Health Information (PHI), ServiceNow is not designed to store or maintain this type of data.Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in ServiceNow are responsible for complying with HIPAA safeguards, including:
- Using and disclosing only the minimum necessary PHI for the intended purpose.
- Obtaining all required authorizations for using and disclosing PHI.
- Ensuring that PHI is seen only by those who are authorized to see it.
- Obtaining all necessary data-sharing agreements and Business Associate Agreements for using and disclosing PHI.
- Following any additional steps required by your unit to comply with HIPAA.
Similarly, while ServiceNow provides a secure environment, and could contain Social Security numbers, it is not designed to store or maintain this type of data. Users should use UMIDs instead of Social Security numbers when an employee ID number is necessary.
ServiceNow may not be used for Export Controlled Research because some ServiceNow support staff are non-U.S. persons.