What Is Vendor Credentialing?
Vendor credentialing, or VC, is the process companies use to make sure the vendors they choose to work with have the necessary training and background required to access their facilities. A wide range of industries, including healthcare, banking, food processing, and oil refinement need credentialing.
Why Vendor Credentialing is Important
Vendor credentialing is essential in any industry that has strict regulations to follow at the local, state, and federal levels. If vendors aren’t properly confidential credentialed when they come onto the property, it creates a risk for the company. It’s another form of risk management and helps keep organizations in compliance with governing regulations.
Just 20 years ago, hospitals were relaxed about allowing non-employees to access their buildings and even patient files, which sometimes were left out in the open in public areas. Sign-in policies that did exist weren’t consistently enforced.
Today, state and federal regulations govern hospitals more stringently than in the past. Regulations designed to protect patient privacy, such as the Health Insurance Portability and Accountability Act (HIPAA), mandate that patient information must be protected. As such, this means taking measures, such as hospital vendor credentialing, to ensure private information does not fall into the wrong hands.
Facility executives started to understand that they needed to go beyond regulatory and compliance to improve their overall security. Over time, hospitals and other facilities have established policies to require credentials for any non-employees who require periodic access, including industry vendors.
In the case of the healthcare industry, hospitals have become more strict about their vendor credentialing programs because of the need for:
- Better patient privacy and confidentiality
- Improved control of healthcare facilities supply chains
- Reduced risk to patients’ health from the spread of communicable diseases
- More accountability in Healthcare systems
- Better security protections for employee and patient safety
How Healthcare Systems Implement Vendor Credentialing
Generally speaking, healthcare facilities use one of two ways to address their vendor credentialing. A small portion of the industry has its employees (through either a hospital-created process or software) check the credentials of anyone who wants facility access. The majority, however, rely on a third-party provider, known as a vendor credentialing service or vendor credentialing company, to establish what credentials vendors require and check compliance. These organizations need vendors to register with them and provide the information. In exchange, they get access to the facilities that use that credentialing organization.
The vendor credentialing process flow looks like this:
- Choose the vendor credentialing organization (VCO) that works best for your facility
- Setup access points in the facility where staff can access the VCO information and where vendors need to check-in.
- Check whether the vendor information has been submitted in your database. If not, give vendors information about how to submit their credentials to the database through the online portal. Check to see that they’ve completed all necessary training and met your facility-specific requirements.
- Approve them as an appropriately credentialed vendor within your credentialing system.
- Give them badge access to the limited access to the facility in the areas where they are approved. Using an electronic badge system can show you when a vendor is at a facility in real-time, and some alert you to when a vendor has been in the area longer than the allotted period.
- Continually monitor the VCO throughout the year to make sure all vendors remain in compliance. The VCO will alert you if any issues surrounding vendor certification or requirements should arise.
The leading VCOs include Vendormate, Symplr, Reptrax, Intellicentrics, and ProTech.
Models for Vendor Credentialing
Vendors for healthcare organizations take different approaches to ensure their team gets the credentials they need. Most vendors opt for one of the following models:
- Representative-Managed: The company asks each employee to secure the credentials they need on their own.
- Company-Managed: The company takes care of the entire credentialing process for their employees.
- Hybrid: The company and employee each take a portion of the credentialing work.
- Outsource: The company hires a third-party to handle the credentialing process.
Vendor credentialing organizations have to meet standards or requirements from several groups or face the consequences. The federal Department of Health and Human Services fines any organization that doesn’t follow regulations and standards on credentialing vendors.
What Information is Required in Vendor Credentialling?
Several organizations have influenced vendor credentialing standards and requirements, including:
- The Joint Commission
- Centers for Disease Control and Prevention (CDC)
- Association of periOperative Registered Nurses (AORN)
- The American College of Surgeons (ACS)
Many healthcare facilities vary in the certifications and credentials their vendors who want to access their patients and facilities need. Typical requirements for vendors include:
- A criminal background check
- Drug screening
- Proof of liability insurance
- Knowledge of and a promise to follow Hospital procedures and policies
- Proof of CPR and other certifications
- Proof of immunizations
- Proof of Education and Training in specific federal and governmental policies
- Evidence that the name and taxpayer identification number provided by the vendor representative and the vendor company are accurate
- Verification that the vendor or vendor representative is not on an exclusion list that is maintained by the Department of Health and Human Services’ Office of the Inspector General. People and organizations are placed on the exclusion list if they were found guilty of Medicare or Medicaid fraud or have had convictions, license suspensions, or any other sanctions relating to inappropriate healthcare practices. (There are more than 40 of these lists for both federal and state, that need to be checked monthly.)
If your company is seeking to become a vendor for a health system, one way to ensure you meet their vendor credentialing requirements is to ask a few questions in your first discussions with the organization. Start with some of these:
- How does your facility’s credentialing program define a vendor?
- Where can I get more information about your vendor management policies and program?
- How would my company register in your credentialing system?
- Is there a fee for registering in the system? Does the cost vary depending on the type of vendor?
- Will I get a badge when my credentialing is approved? How and where do I pick it up?
- What is the procedure for my first-time visit to the facility?
- If a company colleague joins me on some visits, do they need credentials as well?
- Will I need full credentials if your staff requires my assistance during a patient emergency?
- Are volunteers or clergy required to register with your vendor credentialing program as well?
Levels of Vendor Credentials
Healthcare facilities offer various types of vendor credentials, depending on the access they want or need in the facility. Most commonly, they provide one of three levels of access:
- No Clinical Area Access: These vendors aren’t providing technical assistance to healthcare providers. They don’t operate equipment or consult with providers.
- Clinical Area Access: These vendors may provide technical support for products or consult with healthcare providers. Sales representatives may get this level of access so they can speak with doctors and other medical staff.
- Access to Patient Care Areas and Sterile or Restricted Areas: These vendors often provide technical support when providers are performing a patient procedure with a specific medical device or technology. Vendors providing equipment used in the operating room will require access to those areas to perform maintenance on the machines.
Hospital access is available to all vendors with the right credentials, with the levels adjusted to what’s required for each vendor.
Issues with Vendor Credentialing
Over the past decade or so, vendor representatives and companies have faced many problems with the hospitals and other healthcare facilities performing vendor credentialing, such as:
- Disparate Requirements: Facilities have different requirements for how vendors can get the necessary credentials for access to the site.
- Redundancy: Facilities may have similar requirements, but each of them asks for a new proof of compliance. Because there is a lack of accepted standards, people have to submit multiple background checks or drug screens. Some drug screens test for five drugs, while others test for seven, and still others test for ten or more. Similar issues occur with background checks and training.
- Access isn’t Quick: It’s challenging to get quick access, particularly for medical technology representatives who may require it in an emergency when a doctor requires their support.
- Hard to Secure a Single Set of Verified Credentials: Vendors must be able to get a single set of verified credentials that serve as a universal passport, that most healthcare systems would accept.
- Costs and Fees: Companies and their representatives are being hit with high costs to comply with each facility’s requirements and to pay fees required by VCOs. Beyond this, there is not a standard credentialling fee that those services charge to vendors to submit their required information.
While efforts to work with healthcare industry representatives and vendors to standardize the process and streamline it for everyone involved are underway, we are still a long way from seeing it happen.