ServiceLink

Description of Service: 

ServiceLink is the cloud-based tool that members of the university community use to request help from the ITS Service Center and LSA IT. The Service Center and LSA IT use it to manage, track, and resolve help requests.

Description of Compliance: 

ServiceLink is a university contracted-for service provided by ServiceNow and the U-M agreement includes confidentiality and security clauses.  ServiceLink is ISO 27001-certified and provides a secure environment in which to maintain or share the university's sensitive unregulated data, as well as some types of sensitive regulated data.

U-M's agreement with ServiceLink includes a Business Associate Agreement. This means individuals may use this service to maintain Protected Health Information (PHI) regulated by HIPAA. While information captured in ServiceLink could contain Protected Health Information (PHI), ServiceLink is not designed to store or maintain this type of data.Complying with HIPAA's requirements is a shared responsibility. Users sharing and storing PHI in ServiceLink are responsible for complying with HIPAA safeguards, including:

  • Using and disclosing only the minimum necessary PHI for the intended purpose.
  • Obtaining all required authorizations for using and disclosing PHI.
  • Ensuring that PHI is seen only by those who are authorized to see it.
  • Obtaining all necessary data-sharing agreements and Business Associate Agreements for using and disclosing PHI.
  • Following any additional steps required by your unit to comply with HIPAA.

Similarly, while ServiceLink provides a secure environment, and could contain Social Security numbers, it is not designed to store or maintain this type of data. Users should use UMIDs instead of Social Security numbers when an employee ID number is necessary.

ServiceLink may not be used for Export Controlled Research because some ServiceLink support staff are non-U.S. persons.

Don't see the service you need? Contact the ITS Service Center.