Vendor management A through Z

J. Veronica Xu

J. Veronica Xu

J. Veronica Xu (veronica.xu@saberhealth.com) is the Chief Compliance Officer for Saber Healthcare Group, headquartered in Cleveland, OH.

by J. Veronica Xu, Esq., CHC, CHPC, CCEP

How many vendors does your organization work with? Do all your vendors have the proper credentials and qualifications to do the job you expect them to do? Did your organization exercise its due diligence by screening all your vendors? How and where is all the documentation (including credentialing and screening, legal contracts, training, and education) stored? Do your vendors receive any orientation or periodic training from you? Do your vendors understand your organization’s expectations in terms of compliance? These seem to be simple questions, but not so easy to answer. Depending on your organization’s size and line of business, there may be hundreds—even thousands—of vendors and contractors it interacts with regularly. Hence, it may be complicated and challenging for your compliance team to have all the answers right away—especially when the internal processes are fragmented. From a risk-control perspective, vendor management is not an area that should be missed or taken lightly, given the amount of risk and liability that vendors could potentially cause to your organization’s bottom line.

Because each entity’s set-up or structure varies, vendor management may be under another job function. Some may ask, “So, where does compliance fit in all of this?” Since promoting lawful and ethical behavior and ensuring the organization has hired law-abiding vendors are part of compliance’s responsibility, compliance’s focus on and participation in vendor management will not only help minimize the organization’s exposure to unnecessary liability and risk but also protect it from any reputational damage in the court of public opinion.

It is no secret that government agencies have emphasized the importance of vendor management and compliance through their guidelines and publications, but how to truly operationalize and implement those recommendations is what many compliance teams often struggle with. This article aims to outline the concrete action items that fellow compliance professionals can take to help reduce their exposure to risks and liabilities in connection with vendor management.

Screening and credentialing

As obvious as it may seem, the intake process is the first critical step that sets the foundation for formalizing a business relationship between an organization and a vendor. Considering its significance, it is worth highlighting that the intake process is more than just recording the names and addresses of the vendors. Instead, it often entails multiple key elements dictated by regulatory requirements, industry standards, and compliance procedures, making it an integral part of the organization’s business operations. In certain sectors, such as healthcare which involves more rigorous and stringent rules, credentialing and screening are the necessary steps that healthcare providers must take before a vendor can be engaged to render services or supplies. For instance, a long-term care provider needs to check and ensure that a physician has all the required qualifications and credentials prior to contracting with such physician. In addition, the U.S. Department of Health & Human Services, Office of Inspector General (OIG) mandates that vendors shall be checked against its list of excluded individuals and entities before a provider is allowed to use the vendors’ services.[1]

To streamline the intake process and maintain consistency in practices, creating a standardized vendor form and a checklist with all the required items (e.g., tax IDs/employer identification numbers, license and certification numbers, legal and doing business as names) and necessary steps (e.g., criminal background checks, OIG’s List of Excluded Individuals and Entities,[2] the federal System for Award Management,[3] The Ohio State Medicaid Provider Exclusion and Suspension List[4] ) will be a huge time-saver for teams responsible for handling the information intake, providing clarity, and enhancing efficiency. Whether your organization is utilizing an automated system or manually entering data, it is imperative to verify and validate the credentialing and screening search results.

To ensure accountability, it is equally important to designate appropriate personnel to manage and oversee the intake process. Not only will it clearly delineate duties and expectations, but it will also make team communication much easier and more efficient, particularly when compliance conducts audits on such subject matters. Furthermore, vendor management is a collaborative effort that requires interdepartmental cooperation and cross-functional buy-in. Seeking input and feedback from the groups directly involved in and affected by the new process is an effective way to engage people; they may identify barriers and obstacles that the compliance team is not previously privy to or aware of. After all, a sound system provides a strong foundation for developing efficient business models, leading the organization to reach optimal performance and achieve long-term success.

This document is only available to members. Please log in or become a member.
Become a Member Login
 

What to read next...

Telehealth compliance after the public health emergency


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings