Threshold
eVisitor Login    Become A Distributor    Your Account Login    Your Cart    Contact    1-800-243-1969
Logo for: Threshold Visitor Management Systems
Home of Expiring Technology

About this blog

We write articles mainly about visitor management, which helps you to know who is (or has been) in your facility. It is just part of an organization’s physical security processes that protect people and property within and around a building or campus.

Categories

Search

Meet the bloggers

Paul Kazlauskas About me › My posts ›

Andrew Jones About me › My posts ›

Blog

How does your healthcare facility manage your vendors?

by Paul Kazlauskas

How does your healthcare facility manage your vendors?

In 2008 hospitals began requiring that medical sales representatives have a set of credentials in order to access and do business with them. The vendor credentialing security concept made sense in theory, but the details in its initial execution were unclear, such as what credentials to have and where to store them. Since then, vendor representative credentialing has grown significantly in priority for healthcare facilities across the United States.

An important part of vendor credentialing involves the exclusion lists maintained by the U.S. Department of Health and Human Services’ Office of the Inspector General (OIG). The Federal Government has the right to dictate whom federally funded healthcare organizations may contract with. If a hospital bills Medicaid or Medicare for services performed by a vendor on the OIG’s List of Excluded Individuals/Entities (LEIE), it can face fines. Vendor credentialing helps prevent organizations from engaging third parties that could potentially get them in trouble with the OIG.

The important first step is knowing and understanding who your current vendors are. Traditional vendor management software contains such information as name, address, Federal Employer Identification Number (FEIN), contract pricing, contact, account number, and the terms of the contract. It would be a good idea to ask your procurement department if they have all of this information; if not, have them collect any information that is missing from the database. It isn’t easy to keep vendor credentialing system data clean, accurate, and free of duplicates, but it’s an important step in good vendor management.

Once you know who your vendors are, the next thing to consider is if they are approved to conduct their business in your healthcare facility. A company (a.k.a. vendor) is a legal organization authorized to conduct business by a State Secretary of State. A Secretary of State (or equivalent) is responsible for registering companies and enforcing their compliance with required documents and reporting. A company is issued a Certificate of Good Standing if it can demonstrate compliance with certain required filings, such as annual reports, tax certificates, and registration. Annual compliance is required. Failing to file or register yearly can result in a company losing its registration, and subject it to fines and penalties if it continues to do business with healthcare facilities.

Making sure one of your vendors is not excluded by the Office of the Inspector General is your responsibility. After making sure a vendor isn’t excluded, you should seek to obtain a contractual commitment from your vendor stating they will not send an excluded individual to you. Just because a vendor is approved doesn’t mean every one of their employees is approved. It’s a good idea to not only conduct monthly audits of your vendors, but also any vendor employee that visits as well. Here are two online resources to check on your vendor’s compliance:

What information should you collect and check from your vendors when they visit?

  • Legal name of entity
  • DBA , if applicable
  • Federal Employer ID Number (FEIN)
  • Address of company
  • Secretary of State ID number (helpful, when available)
  • Information of owners with 5% or more ownership stake (Name, SSN, Address, DOB)
  • State of incorporation
  • Dunn & Bradstreet Number (helpful when searching SAM.gov)
  • Whether the vendor handles personal identifiable information (PII) or personal health information (PHI)
  • Whether or not the vendor has signed a business associate agreement (BAA)

Vendors are a vital piece in the group of people that contribute to quality care in healthcare facilities everywhere, eventhough they won’t be working directly with a patient. Outsourcing to any vendor carries some degree of inherent risk; allowing representatives of a vendor into your facility only increases that risk. Vendors may be on an exclusion list—and if they are, there is probably a good, risk-based reason why. It is the healthcare facility’s responsibility to ensure initial compliance as well as monthly monitoring for exclusions. Failure to do so will bring civil fines and penalties from the Office of the Inspector General. 

What tips can you offer for a successful client-vendor relationship? How do you handle vendor management in your facility? Please add your thoughts in the “Comments” section below.

Want the latest, best security practices delivered straight to your inbox? Enter your email address in the "Subscribe" area (on the left side navigation).


Our visitor badges “VOID” overnight to prevent reuse. 
See them for yourself request free samples!

 

 

Posted on 8/10/2016