Healthcare Reform and Vendor Credentialing
One of the questions buzzing among our customers is “What’s the expected impact of healthcare reform on vendor credentialing?” The answer is likely to be less than you think. The desire to credential vendors comes from a variety of sources that existed well before healthcare reform movement. While government mandates certainly drive some aspects of vendor credentialing in healthcare, much of it is from influences outside the government.
True, one of most significant drivers of the vendor credentialing movement is the government’s aggressive efforts to control fraud and waste perpetrated by the private sector providing services that are funded by Medicare/Medicaid. These are the requirements to prevent providers from paying reps, principals, and entities that have previously defrauded the government and by proxy the American people. But concerns about appropriate use of government funds already exist and have already led to the practice of checking state and federal level sanction lists. So even if healthcare reform increases the number of patients whose medical care is paid for with government funds, the fraud control practice is already in place.
The other drivers for vendor credentialing come from the healthcare organizations that set medical practice standards. The focus of AORN, ACS, AHA, and the Joint Commission on the procedures and behaviors in the healthcare process at least equal, if not outweigh, the government policy drivers. Because of these organizations’ concerns about patient safety, they have created best practices and other recommendations that translate into the immunization guidelines, the training requirements, and the sign in/out policies.
So the two great drivers of vendor credentialing — fraud prevention and patient safety — are already in play, regardless of the state of healthcare reform. And any healthcare expansion, in terms of either the government’s role in funding or the number of people with access to healthcare, will not have a significant impact.
2 comments March 29, 2010
Think Before You Reject
This week is a guest post from John Caliri, Director of Customer Support for Vendormate.
Document verification and approval are an important part of the Vendormate service for vendor credentialing. And like most things in life, it’s not as black and white as it first appears.
Many of Vendormate healthcare systems require vendors to print a single-use badge when coming on site. Badges won’t print if the rep isn’t compliant with hospital standards, including acceptable documents.
To a vendor rep, a rejected document means they can’t do their job. It prevents them from physically attending a sales call or a consult. We know that most of the vendor reps whose documents we review are upstanding, well-trained, intelligent, and hard-working people. We do not want to stand in the way of them making a good living or to prevent them from helping a doctor with a surgery on a loved one.
So our verification team is trained to think of their responsibility as a TSA checkpoint agent would. Everyone gets examined. Most everyone gets through. Only the ones that give reason for suspicion get pulled aside for further inspection. Even then, most of these are cleared to board. Our verification team is instructed to treat documents the same way. Thoroughly examine any documents that are blurry, unclear, or unusual. Alert the rep to any problems with a document. Reject if you’re certain the document is incorrect, but don’t ever let one through just because it’s easier.
The verification team is asked to consider “would you bet your job on your decision about a document?” Because your decision may be betting the rep’s job.
Add comment February 19, 2010
Vendor Credentialing Standardization
Just as we were publishing our recap of 2009 trends and making 2010 predictions that included the question of vendor credential standards, we were contacted by Healthcare Purchasing News to comment for their story about data standards for vendor reps.
Well, the article is out now, and you can read it for yourself. And we stand by the statement,
“Vendor credentialing is about assessing the viability of a supplier – the company and the individual – to deliver the goods and services within acceptable risk boundaries,” (John Harper of Vendormate) said.
Add comment February 2, 2010
2010 Predictions: From Vendor Acceptance to Vendor Advantage
The 2009 trend was that the vendors, who once questioned whether to participate or stonewall vendor credentialing programs, have accepted the new reality. Certainly, there is still some grumbling. There are some who spend more time trying to avoid programs than participating. But for the most part, vendors have settled down.
Vendors will now look for ways to leverage vendor programs to their advantage.
It will start with universal policy preview and responses. One of the scariest aspects of healthcare vendor credentialing to vendors is that the sales reps, the feet on the street, will be asked to make corporate level commitments. Vendor-side legal counsel shudders at the thought. The impact to Business Associates of HITECH and its new HIPAA breach notification policy is just one example of the type of event that raises red flags. (We touched on this issue earlier. ) Look for vendors to ask the credentialing outsourcers to provide the ability for management to preview policies before the rep even sees them. Based on the preview, corporate will dictate how the individual rep responds.
Vendor appointments become a sales management tool. Hospitals are very interested in when sales reps are on site for a variety of reason, not the least of which is cost control. Short-staffed hospital materials managers want visibility into sales rep activity to avoid off-contract sales.
But just as the hospital reviews who visited, the vendor sales management will become interested in tracking where their sales reps have been. Is the rep visiting the customer regularly? Calling on the right person? Getting the appointment records from the vendor management system could serve as a rep activity and efficiency indicator to the sales manager.
In short, expect a rising number of vendor credentialing admins in 2010. These admins will be tasked with the same centralized management of vendor credentialing programs as on the healthcare side but on the supplier side.
Vendormate is already seeing these predictions at work. Our vendor services team is establishing direct relationships with a number of supplier side credentialing administrators, giving them advance alerts to new hospital programs and changing policies. The vendor adminitrastor dashboard feature of Vendormate Credential Central lets the administrator download all policies from every Vendormate hospital and healthcare system, verify an individual representative’s credential standing, and view to the credentialing status of all of their sales reps through Vendormate Credential Central.
This is just the begining. I’m sure creative suppliers, looking for an advantage and a better way to meet their customer’s needs, will think of even more in the coming year.
Add comment January 8, 2010
2009 Review: Emerging Standards
Continuing with the theme of 2009 in Review, we can’t overlook the ongoing conversation about standards in vendor credentialing and compliance requirements. Are there standards already? Are standards coming? Should there be standards?
Going into 2009, AORN, ACS, the CDC and others all had existing statements that could be applicable to clinical healthcare reps. HHS OIG Deficit Reduction Act sanction clearance requirements apply to the vendor company and its principals.
But the greatest dialogue centered on the healthcare industry rep in the field. As the tangible face of the vendor credentialing experience, the industry spent the year most concerned about what was appropriate for the HCIR.
At the March 2009 AORN Congress, eleven industry organizations, representing clinical groups and supplier interests, released joint best practices recommendations for credentialing clinical healthcare industy reps. It was a start, but it was clearly labeled as limited in scope. It didn’t encompass the behaviors and requirements of industry reps outside clinical areas (e.g., gift policies and sanction lists), nor did it touch the credentials of the vendor companies(e.g., sanction lists and financial solvency).
The industry craved more clarity, and the discussion about standards frequently revolved around the Joint Commission. For two years, every comment the Joint Commission made about HCIRs was examined for relevance and impact.
Finally in April 2009, the speculation that ”Joint Commission standards are coming” was answered by the Joint Commission’s statement declining to issue standards that specifically address health care industry vendor representatives, but still pointing to several of its own guidelines as applicable.
Still common practices are emerging that are gaining ground as standards.
1. Credentials and requirements align with risk.
Vendormate’s recommendation, and most hospitals agree, is that credentials for individuals should reflect their role. That is, sales reps that do not access procedural or patient areas do not need to meet the same requirements for training and immunization. Credentials and requirements should reflect risk and be adjusted accordingly.
2. The vendor company is distinct from the vendor rep.
Requirements such as liability insurance and Business Associate Agreements are between the contracting entities — the vendor company and the health system — not between the rep and the materials manager. While a rep may hold responsibility for providing this information as part of the account relationship, a rep should never be required to change the nature of the business relationship as part of the rep-level credentialing process.
3. Rep privacy must be protected.
The rep’s privacy rights have to be balanced against the healthcare system’s need to document and verify. Driver’s licenses and SSNs are not part of the default data set. Reps are routinely reminded to black out that type of information from any document they share.
Yet even as standards for are being debated, the fundamental question of who is a vendor? is still debated. Is it the company selling the good or service? Is it the sales rep? Is it the field service and support rep?
With this in mind, here’s a preview of two of our predications for 2010 and beyond. First, increasing attention will be paid to the credentials and access of other special populations — visitors, volunteers, and non-licensed contractors. Second, the uncertain economic climate will further press healthcare systems to measure the risks posed to their operations by their suppliers’ solvency and operations. More traditional supply chain financial and operational monitoring is coming.
Add comment December 18, 2009
2009 Review: Critical Mass in Healthcare Credentialing Achieved
The end of a year is a dream come true for writers and commentators because their content topics are delivered to them giftwrapped complete with a bow on top. It’s time for either the “Year in Review” musings or the “New Year Predictions” article. Well, I’m certainly going to take advantage of that. Over the next few postings, I’ll look at the major changes in healthcare credentialing in the past year and then predict what’s ahead for 2010.
Let’s start with what in hindsight will seem obvious: Vendor Credentialing in Healthcare Achieves Critical Mass.
Just two years ago, hospitals, healthcare systems, and suppliers were filled with angst about the necessity of structured, organized vendor credentialing programs. Debate raged about exactly “who” was creating these requirements and where the checklist of requirements could be found. Suppliers, anxious to maintain access and close ties to their customers, balked at anything that would change the current sales and service models. Healthcare systems, constantly trying to balance “must have” regulations against “nice to have” best practice recommendations, wanted an easy answer and quick solution.
Clearcut answers weren’t easy to find, yet healthcare systems realized they couldn’t continue without a methodical approach whether home-grown or outsourced. Today, we estimate that over half the hospitals in the U.S. have some form of a structured vendor credentialing program in place, up from about a quarter at the start of 2009.
As with many new processes, adoptions started in the mid-market, moved to the larger systems, and were picked up finally by the smaller hospitals. Large single unit hospitals and mid-sized systems kicked off the movement because they are big enough to envision the benefit of a formalized vendor credentialing program but not so large that implementing one would require extensive internal consensus building. With that market foundation in place, larger systems were able to build on lessons learned as they came into the space. Finally, moving into 2010, smaller hospitals will look for ways to adopt similar programs.
So we close out 2009 with the pull of vendor credentialing critical mass in full swing from the healthcare side. The next installment in our series will examine changes in the push(back) from the vendor community in 2009.
Add comment December 9, 2009
HITECH Increases HIPAA Risk
Risk to violators, that is. Be sure to read the new interim final rule posted today. Key to the proposed changes is that the maximum penalty increases 60-fold — to $1.5 million for violations of an idential provision. And a covered entity can no longer bar the penalty unless correction is made within 30 days of discovery.
Read the HHS press release.
Add comment October 30, 2009
Swine Flu and Vendor Credentialing: Part II
Last May in the Swine Flu and Vendor Credentialing post, we highlighted the new reality that a number of customer hospitals were email visiting vendor representatives to new H1N1 precautions. These hospitals relied on their Vendormate registration files for current vendor contact information. Most of these notes were gentle reminders of communicable disease best practices and basically read, “if you’re sick, stay home.”
With H1N1 still with us, hospitals are again alerting visiting representatives to new precautions. Hospitals want to require seasonal flu and H1N1 vaccinations, but know that distribution issues make that impossible. Instead they are requiring the immunizations or a mask when on site.
Most of these customers have adjusted their Vendormate-based program to communicate the shot or mask requirement and to track compliance.
To reinforce the message, Vendormate badges at these hospitals now include a WARNING by the badge photo indicating that a MASK is required if the visiting representative hasn’t yet been able to complete the vaccinations. This message is critical for the hospital staff to be able enforce the requirement quickly and effectively without interfering with the vendor’s business routine.
3 comments October 23, 2009
HHS Breach Notification Form On line
The Hunton & Williams privacy and security blog has been very active recently. It covers a wide range of issues of interest to many industries. Last Friday, they noted that the Department of Health and Human Services had added the on-line form for breach notifications.
For all of you worried about the burden of reporting a breach, take a look at the form. It’s not onerous and should take only a few minutes to complete. Of course, the real issue is having a plan for notifying affected individuals. Unfortunately, that’s not something an online form can handle for you.
2 comments October 6, 2009
HITECH & BAA & Vendor Credentialing
Several of our healthcare customers came together for a call last week to talk about the implications of the Health Information Technology for Economic and Clinical Health (HITECH) Act, particularly as it concerns vendors that meet the “Business Associate” requirement. Representing hospitals from California to Florida to Michigan and in between, these systems shared a common concern about the best way to prepare for this act.
If you’re not familiar with the BA concept, a business associate is role defined by the Department of Health and Human Services and is essentially any organization that assists a covered entity (e.g., hospital) with the performance of functions that involve access to protected health information (PHI). In the HITECH Act, requirements that were once only the obligation of the covered entity are now expanded to be directly required of the BA. The biggest concerns are along the data security and breach notification requirements with potential direct civil and criminal penalties.
For the group, the questions ran along the lines of: How does this change our existing relationships with Business Associates? Will vendors resist continuing BA relationships because of these increased requirements? What role does this play in vendor credentialing programs?
By the end of the call, few conclusions were reached. The Act isn’t in force yet, and further comments and clarifications are expected from HHS. The group did agree that there was a very helpful overview from Rachel Nosowsky, Esq. for the American Bar Association here.
Looking ahead, healthcare providers may want to include requirements related to the HITECH act in their BA agreements — such as requiring patient privacy training for employees and asking BA employees to acknowledge data security policies and practices, etc.
But one significant point of consensus: The content and terms of Business Associates Agreements are the domain of the contracting effort, not the rep credentialing program. A hospital should no more ask a rep to sign off on amended BA agreements than it would ask a rep to unilaterally approve a change in contract terms.
1 comment September 11, 2009
