What Are You in For?
The question seems innocuous enough. But it becomes loaded with concerns about patient privacy when a hospital contractor not on the medical staff asks it.
Hospitals and ASCs that concentrate their rep and vendor credentialing programs on device reps in clinical areas overlook the large number of vendors and reps in their halls that aren’t providing clinical products and services, but still present HIPAA, liability, and other risks to their patients and daily operations.
Facilities contractors in particular move virtually unnoticed through the hospital yet have extensive access. Facilities vendors range from general contractors to plumbers to painters, to name a few. Because of the services they provide, their relationship is quite different compared to that of a medical device rep. So, thinking about facilities vendors and credentialing, a few areas you may want to consider:
- Immunizations: Although they’re not working directly with your patients, they may be working in patient care areas. Ensure they are not unnecessarily exposing themselves—or others—to certain diseases that could easily be prevented by an immunization.
- Training and Licensing: Considering the impact a facilities vendor mishap could have on your hospital, you should ensure that the individuals working in your hospital are qualified to do the job, have any necessary licenses, and do not have a criminal history.
- HIPAA Awareness: Many of our hospital and ASC customers are very sensitive to potential patient privacy breaches. You will want to know these reps are aware of HIPAA regulations…and won’t be inclined to ask one of your patients “what are you in for?”
- Insurance: Adequate insurance coverage is an absolute must. A New York hospital recently had to pay over a million dollars to a contracted facilities worker who fell off the roof while doing maintenance. His employer didn’t have proper workers comp insurance coverage, which prompted the individual to sue the hospital. This could have been prevented had the hospital captured and verified necessary insurance through its credentialing process.
Although facilities vendors may not be as keenly aware of the countless rules and regulations in the healthcare world as your clinical vendors, they should provide you with documents and information you need to mitigate the risks they do pose. If you have a process in place today that allows you to rest easy at night in regards to facilities vendors, that’s great. But, if you don’t, you should consider adding these service providers to your vendor credentialing program.
Guest post by Colby Leggett, Vendormate, Provider Account Management Team Manager
Drug Shortages, the Gray Market, and Vendor Credentialing
Discussion of drug shortages and the gray market is certainly rising. And while the media frenzy may seem hyped, the storm has been brewing through most of this year.
The American Hospital Association released a survey in July of this year noting that a staggering 99.5% of all hospitals have experienced drug shortages in previous 6 months and 82% of them had to delay patient treatment due to these shortages.
On the heels of that, the Institute for Safe Medication Practices released a survey indicating that gray market vendors are soliciting 92% of hospitals.
In a gray market, vendors distribute through channels that while legal are unofficial, unauthorized, or unintended by the original manufacturer. Typical prices of drugs in a gray market can exceed ten times the standard contract price.
The survey also noted that half of all hospitals had actually purchased from these gray market sources and 12% of respondents indicated some type of adverse reaction from using these products.
The combination of drug shortages, gray market vendors and reps working outside the system makes credentialing the pharmaceutical vendor company, distributors, and associated representatives critical.
An effective vendor credentialing program can help providers deal with some aspects of this situation.
- Know your suppliers: Use the company level information in your vendor credentialing program to highlight manufacturers and authorized distributors. Identify Verified-Accredited Wholesale Distributor (VAWD). Make this one of the credentials you track. Try to restrict your purchasing to these sources. Start reaching out to your distributor and manufacturer base now – before a shortage – to establish relationships that will help keep you from being surprise by shortages later.
- Identify and track gray market rep activities: Having reps register and sign in before visiting your clinicians or your buyers may be enough to put the brakes on aggressive sales actions. At the very least, you’ll have more insight into the sources of gray market sales activities.
- Run any gray market suppliers you do use through your vendor credentialing program before buying anything. Credentialing at the corporate and rep level ensures the vendor is eligible to participate in federal reimbursement programs, is not on the FDA debarment list, the company is in good financial and legal health and that expectations for doing business with the health system have been properly set through policy presentment.
- Reach out to your distributor and manufacturer base now – before a shortage – to establish relationships that will help keep you from being surprise by shortages later. Stockpiling isn’t the answer. Creating strong relationships with distributors and manufacturers during the good times will pay off during a crisis.
When to Credential Healthcare Contractors
A fundamental definition of “vendor” is anyone who is paid for a product or service. In healthcare, vendor credentialing needs to be done for both the vendor company and for any individual with a direct relationship to the provider.
This seems straightforward enough, but the reality in healthcare is actually complex. And credentialing contract staff members is the epitome of this complexity.
Contracted staff members are essential in healthcare delivery today. And hospitals and ASCs have a number of options in managing the contractor relationship. In some cases the contractor is paid directly by the healthcare provider. In others, an agency is responsible for recruiting, supplying, and managing qualified contractors.
Who then should the hospital credential? The individual? The agency? Both?
Contracted staffing agencies fall into two categories:
- CVO (Credentials Verification Organizations): certified by an accreditation agency (e.g. Joint Commission) to conduct their own credential verification and report the credentialing information to their clients (health systems/providers)
- Non-CVO: not accredited to conduct internal credentialing for their employees
Although CVOs take on the responsibility of credentialing their employees, the hospital still needs to know that the contracted employees are current in any licenses or other requirements and that the CVO itself is currently accredited. In this case, the healthcare provider should make these requirements clear as part of the contract process. As far as credentialing goes, the healthcare provider should credentialing the CVO agency as a company, but would not need to credential the individual contractors.
For non-CVOs, the healthcare providers themselves would need to handle any individual level credential verification directly. This means completing credential verification on contracted employees that may include license to serve patients, background check attestation from the agency, hospital policy acknowledgments and immunizations.
Still trying to figure it out? Try this decision tree:
The provider needs to be sure that the credentialing is being done by an accredited organization. So only when the provider is hiring the contracted staff through a CVO is the provider off the hook for credentialing the individual. Even then, the provider should credential the agency itself — searching for any sanctions as well as financial due diligence.
Filling the Gaps in Vendor Credentialing
Many healthcare systems focus their vendor credentialing efforts on the vendor representatives in the halls. These representatives certainly pose a high risk to the hospital in terms of access to patients and patient care areas. Additionally, they are more likely to glean the attention of a Joint Commission auditor.
However, with unemployment back on the rise, the rate of uncompensated care is also increasing which cuts into healthcare’s already slim operating margins. While leveraging their buying power to help maintain a profitable business, healthcare systems cannot afford to turn a blind eye to fully credentialing all of their suppliers. Unanticipated supplier bankruptcies, particularly in the case of strategic suppliers, can cause significant supply chain disruptions that run the risk of impacting patient care, in addition to having a financial impact on the healthcare system.
In addition to credentialing onsite vendor representatives, world-class health systems ensure the following populations are properly credentialed, as well:
- IT vendors. Before investing in costly new hardware/software endeavors, ensure that your suppliers are financially viable and have disaster recovery plans in place to maintain continuity of service. With 13% of data breeches occurring in healthcare settings, it is critical to know your IT vendors properly maintain the security of all PHI (patient health information).
- Pharmaceutical vendors. With 99.5% of hospitals reporting pharmaceutical shortages in the last six months and 70% of hospitals indicating that patients received less effective substitute medications, there is no more important time to credential your pharmaceutical manufacturers and distributors to ensure financial and supply chain stability that can have life or death consequences.
- Contracted staffing agencies. Ensure these service providers will be available to provide continuity of service to the health system and its patients and avoid putting the hospital at staffing and reputational risk.
- Facilities vendors. Guarantee partnerships with financially viable and properly insured facilities vendors. While it’s easy to find another plumber or electrician if your current provider is no longer in business, it is not always easy to find dependable, well-trained and properly insured service providers.
Many health care systems started their vendor credentialing program simply focused on access control. The key drivers for implementing a program were tracking who is in the facility, managing infection control and limiting direct selling to physicians.
But now it is important to start looking at the whole vendor, not just the reps in the hallways. Ensuring you are working with valid business partners who are financially and legally sound.
This post guest written by Adrienne Johnston, Vendormate’s VP of Customer Engagement
Hospitals Call For Flu Vaccine for Healthcare Reps
Effective October 1, 2011: All reps visiting hospitals requiring the influenza vaccine must have proof of their influenza vaccination uploaded into the Vendormate system.
Fortunately, preparations for the 2011-2012 Flu Season are going better than last year. Last year’s supply shortages meant that the medical community focused on getting the highest risk populations, such as the elderly, vaccinated before supplies ran out.
This year, however, manufacturers are already shipping what looks like a plentiful supply of this seasons vaccine. With supplies in good shape, hospitals and other medical care providers are expanding their call for nearly every one to get vaccinated. In fact, hospitals in Ohio and in Michigan are requiring the vaccine for most workers, barring religious or documented medical reasons. Non-compliance can lead to discipline or even job loss for these workers.
Hospitals take flu vaccines seriously because influenza /pneumonia are leading causes of death in the U.S. The CDC’s preliminary 2009 mortality figures place influenza / pneumonia as the 8th leading cause of death, causing more than 50,000 deaths that year. And while the workers at the hospitals may be able to withstand a bout of the flu, they can easily unintentional spread the virus to an already compromised patient who can’t.
These 45 health systems using Vendormate VISION for vendor credentialing currently have flu vaccine requirements in place for healthcare industry representatives in patient care areas. The requirement is typically annual, in place only during flu season, and has options for those who do not get vaccines for medical or religious reasons. Representatives should log into Vendormate VISION to see what each system requires specifically.
Fixin’ To Credential
Anyone who lives in Texas knows the phrase, “fixin’ to.” “Fixin’ to” is a useful way of saying something is on your to-do list but it hasn’t been started yet, as in “I’m fixin’ to make dinner.” Conveniently, “fixin’ to” has no time limit. I can be “fixin’ to make dinner” as I pull ingredients out of the refrigerator. Or I can be “fixin’ to make dinner” when I still need to make a list and go to the grocery store.
My mother, who is not from Texas, had no patience for the teenage boy who was always fixin’ to do his homework, take out the trash, or do whatever else was on the list. To her, “fixin’ to” meant it wasn’t done. And done was what mattered.
Hospitals that are fixin’ to fully implement their vendor credentialing and access programs are getting a response from some Joint Commission auditors similar to what my mother gave me.
We’ve heard from hospitals in Ohio and Illinois that Joint Commission auditors have looked at their procedures for tracking and credentialing onsite representatives. In one case, the hospital had registered representatives but did not manage the onsite access element. In another, the program was present but enforcement was lax. In both, the Joint Commission auditors noted the gap between the planned program and the actual performance.
Vendor credentialing programs with onsite tracking are no longer the exception. Healthcare vendor representatives are familiar with these programs and are willing to participate. Reps consistently tell us that they just need to know what the requirements are and that the hospitals need to behave consistently.
So if your hospital hasn’t fully and consistently implemented your vendor credentialing program, it’s time to move from “fixin’ to” to “done.”
Whooping Cough Requirements Clarified
Tdap immunizations requirements have already been in place for healthcare vendor reps in patient care areas for many hospitals. But because Tdap covers tetanus, diphtheria, and pertussis, the objective of the immunization hasn’t always been clear. Which of these diseases is the hospital really concerned about?
Many reps reason that the hospital isn’t really concerned about pertussis, or whooping cough. After all, whooping cough is a funny-named disease from the past like “consumption.” No one really gets that any more. The line of reasoning continues that the hospital is actually concerned about tetanus. If that’s true, then a DT or Td vaccination should meet the hospital’s needs. Reps load a DT or Td record, and Vendormate analysts reject it.
Why?
Because the rising rate of pertussis is a concern for the public health sector. And the Centers for Disease Control and Prevention (CDC) name the Tdap vaccine as the recommended vaccination.
Vendormate is making the requirement clearer to registering reps. Requirements formerly labeled “Tdap” are being renamed “Pertussis Immunization.” Emails are being sent to representatives registered at hospitals with this requirement reinforcing the pertussis element. DT or Td doesn’t include the key ingredient of pertussis immunization, so it won’t be accepted by the hospitals. In the end, proof of Tdap is still the accepted document, but the new labeling alerts reps that pertussis is the objective.
Much of Vendormate’s vendor credentialing efforts are directly at clear communication. At creating transparency between the hospital and the vendors. These changes are aimed at doing just that for pertussis.
Shocking Requirement: Electrical Safety for Healthcare Vendors
Recently, Vendormate has received a number of questions about whether or not electrical safety training should be required of vendor representatives. As with many protocols related to vendor reps, a “yes” or “no” answer isn’t clear.
Right now, electrical safety training is not a very common requirement among Vendormate hospitals. Our customers that do require it are likely doing so based on their interpretation of Joint Commission and OSHA requirements.
OSHA states, “All hospital staff members should have training on electrical and fire safety, hazard communication, and infection control by qualified personnel. Some educators recommend hands on training with pre- and post-tests.” Also, “[Electrical] Exposure may occur when there is lack of maintenance to any electrical equipment, abuse, and lack of understanding of the equipment and/or its controls. Oxygen-enriched atmospheres and water may contribute to hazardous conditions.” Reading this, hospitals typically mandate electrical safety training for employees in clinical areas.
Layer onto that the Joint Commission guidelines in HR.01.02.05 EP7: ”that before providing care, treatment, and services, the hospital confirms that non-employees who are brought into the hospital by a licensed independent practitioner to provide care, treatment, or services have the same qualifications and competencies required of employed individuals performing the same or similar services at the hospital.” This can lead hospitals to the conclusion that clinical reps in oxygen-enriched atmospheres should have electrical safety training.
Electrical safety is another area where regulatory or industry guidance from organizations like OSHA and the Joint Commission are not clear cut and leave room for interpretation. Hospitals respond by juggling effective protocols, perceived regulatory requirements, and operating efficiency.
For hospitals concerned about electrical safety requirements, we point out that OR Protocol Training built in accordance with AORN guidelines includes electrical and fire safety. And as with all of Vendormate’s recommendations, we note that all vendor representatives do not have the same level of exposure in the hospital and, therefore, should not have the same requirements.
But in the end, each hospital makes its own choice about how to balance these competing interests.
NSAP ASAP: Protection for Data Breach Exposure
With 13% of all publicly reported sensitive data breaches taking place in healthcare, it is critical to your operations that all healthcare IT vendors with access to protected health information (PHI) be covered by a thorough network security and privacy (NSAP) insurance. EHR implementations are prime examples of the potential for PHI exposure. EHR expands PHI access from hospital staff to hundreds, if not thousands, of IT vendor employees who handle databases and other functions for hospitals.
Based on ARRA/HITECH rules, healthcare providers are required to send a written notification to all affected individuals in the event of a breach. In addition, a notice to the media and the Secretary of Health and Human Services (HHS) is required if there are more than 500 patients that are affected by the breach. HHS will announce the breach to the public by making it available on their website. As a result, the health system is likely to face liability issues following the breach notifications.
NSAP insurance will provide the necessary coverage for potential fines, defense expenses and losses from lawsuits brought by patients, partners or other parties.
NSAP insurance certificates can be integrated into an existing hospital vendor credentialing program, giving hospitals confidence that they know the insurance status of all IT vendors. Vendormate can work with hospitals to collect and monitor NSAP insurance certificates from your IT vendors.
Guest post written by Sezin Kilincci, Vendormate Engagement Specialist.
4 Password Tips for Data Security
For those of you who haven’t been keeping up with computer security lately, password compromises have become rampant in the past few months. From Sony to UPS to PBS to Congressmen, security breaches have been in the news. And while some of these are the work of sophisticated hacking efforts, others are simply the results of sloppy daily security practices.
Data security is top of mind because a recent release to Vendormate VISION added the capability to remember a username. Many users had requested this convenience to speed up logging in. I’m sure the next request from some users will be to automatically populate the password. But for your security, that’s not in the development queue. That just makes it too easy for unauthorized users to access your data.
Vendormate’s unique infrastructure is designed to help mitigate password misuse. But simple actions on your part can go a long way to keeping your data confidential.
- Don’t use the same password for work accounts that you use for home accounts. Many companies have security breaches due to an employee’s password being stolen from their personal account then being used to access business resources.
- Don’t leave your passwords laying out for someone to find. If you have to write down your password, don’t leave it sitting around. Make sure it’s someplace secure, preferably locked up.
- Don’t send passwords by fax, email, or chat — no matter how unimportant you think the password is. Sending your password via email, fax, or chat trusts the password with not only the person you may think is on the other end but everyone between the two of you and anyone else who may be watching. You should never be asked to provide your password, especially by the people handling your password.
- Change your passwords every few months. If they become compromised, change them immediately! If you’ve had the same password for several years, chances are someone else has it. (Because after all, you probably haven’t been following rules #1, #2, and #3.)
NOTE: This post was guest written by John Allman, Vendormate Systems Administrator.
