Loosening vendor credentialing’s tug of war

Control vs. oversight stretches thin boundaries

To some in the supply chain professional community, vendor credentialing resembles helicopter parents monitoring their children's emails and text messages.

Emotions alternately simmer and sizzle between annoyance, frustration, outrage and outright rebellion. Sans any kind of official government or industry regulation, sales representative access to a provider's physical location is limited to that provider's willingness to open its doors and personnel - as well as its patient haven - to that individual or the company he or she represents.

Hie Health Insurance Portability and Accountability Act (HIPAA) and tile Health Information Technology for Economic and Clinical Heal 111 (''HITECH'') Act - including HITECH's "Business Associate" provision - address access to and use of healthcare information, based on privacy and security issues. Neither address a vendor sales or service rep's physical access to a facility and what he or she brings along.

Until data privacy and security became an issue courtesy of public access to the Internet, sales and service reps relied on "trust" to enter facilities, meet with clinicians and supply chain professionals, as well as die surgical suite to coach and instruct on product use

Amid data breaches, infectious disease outbreaks and incidents of physical violence, those days of seemingly unfettered access have been severely limited, if not rendered completely over.

A small number of software companies emerged to help manage the process, but concerns over fees for service and how they were applied (and to whom) elicited vendor outcries (specifically among smaller vendors) over fairness; further, some provider organizations were inspired to develop their own "fee-for-access " software that went over about as well as red-light cameras at traffic intersections.

Short of a single regulatory body to diffuse what has been a powder-keg issue among suppliers and providers alike for control over behavior, expenses and processes, or universal standards applied to every' supply and service organization from the flower and pizza delivery' guy to the glove and implant manufacturer, how can the ongoing tension be relieved?

Schooling sans scolding

Not surprisingly, providers emphasize education and training to prepare, if not justify, why they require compliance with their vendor credentialing policies and practices.

"We create education and communication material to help the suppliers understand why this is a necessary policy and function for Intermoun- ernnt lohrson tain," said Brent Johnson, Vice President Supply Chain & Support Services, Intermountain Healthcare,

"Vendormate believes in educating providers and suppliers on the federal and state regulations and accreditation requirements dial support the need for vendor credentialing in the market," Chris I noma, Vice President, Product Management, Vendormate, GHX, told Healthcare Purchasing News. "These are realities in the business of healthcare for both providers and suppliers. At their most basic level, the regulations and requirements exist to ensure patient safety, employee safely and fiscal responsibility. Al the same lime, vendor credentialing has evolved to reduce cosls for batir providers and suppliers By effectively communicating policies and procedures governing the provider-supplier relationship, suppliers can operate within appropriate guidelines to provide value, while providers can focus on delivenng the best patient outcomes."

None of this should be surprising to the industry today, according to Kesha BoykinMcLean, Chief Compliance Officer, symplr, which was fanned lasl November by the merger of Vendor Credentialing Service (VCS), Med kinetics and I'ayor enrollment Services.

"Providers and suppliers are already aware of the safety and security issues Boykin-McLean involving vendor access to healthcare facilities," she said. "The Centers for Medicare and Medicaid Services (CMS) address the issue in its Conditions for Coverage under Infection Control, Surgical Services and Patient Rights Providers understand that while there are no formal standards, CMS is becoming increasingly more interested in how providers monitor access to their facilities. There is a real demand for vendor credentialing as a means to address patient safety and security in healthcare facilities, and more and more providers are using vendor credentialing services to meet their needs."

Yet it's not enough to single out supplier sales reps as a patient protective measure, emphasized Tracey Hups, Senior Manager of Commun ica rions, IntelliCentrics Inc.

"The healthcare industrynow understands that every person in the facility can affect Tracey Hups quality patient care," Hups said. "For instance, the CDCs definition of healthcare personnel has expanded to include not only clinical staff, but every person who has direct or indirect contact with patients, including professional vendors, contract employees and volunteers

"IntelliCentrics creates a safer and more secure environment for everyone by making sure all visitors are informed," Hups continued. "We realize healthcare industry' representatives. many of which interact with patients and staff every day, present a potential for transmission of diseases and should be held to the same measurements and expectations as facility employees. They also deserve the same safe and secure environment as employees in order- to do their jobs at the highest level."

But vendor credentialing and compliance shouldn't complicate Supply Chain's information systems, according to Bradford Jones, Director, Sales & Marketing, Cobblestone Systems Corp., which supplies vendor contract management software.

"CobbleStone understands the efficiency concerns of providers and suppliers that disparate credentialing systems cause when doing business with healthcare organizations," Jones said. "Maintaining the vendor credentialing information within the hospital s contract management software allows supply chain professionals to easily access all risk and access associated with each vendor without having to jump between systems."

Bruce Mairose, Vice Chair Supply Chain Management, Mayo Clinic, however, questions how involved Supply Chain may be in this process anyway.

"The reality is that in most organizations Supply Chain | ^ ,, JB j Management has far less to In vfl say about supplier representa- I ' five access than the healthcare ^ v providers' Compliance Office, Bruce Infection Control Nurses and Mairose CainpusSecurily," Mairose told HPN. "In an industry' with high slakes on the supplier side (revenue) and provider side (patient confidential ty and safety) there will always be regulatory interpretations to the px-trpmes and the risk of excessive actions taken by individuals and organizations. We need to make sure we are focusing on the 90 percent and not the 5 percent on either end.

"It is important to remember that Supply Chain Management is often the conduit by which the aforementioned requirements arc managed," Mairose continued. "Tire industry needs to focus ils energies loward the real decision makers within suppliers and providers - the I egal. Compliance and Security bodies - by providing insight into the risk created though inadequate or even fanatical controls."

Standard issues

One of the perennial hot buttons in the vendor credentialing and compliance debate remains the lack of process standardization in terms of companies providing the same information, being held to the same measures and being able lo access a common database, regardless of competitive software providers.

"Process standardization would save the vendors [and] providers many hours of tedious form filling" Jones acknowledged. "In the long run, the costs associated with doing business with a healthcare organization would drop, which would allow for more affordable products."

Luouui agreed. "Vcndormate has been an advocate for standardization for years, recognizing that additional complexity in requirements means greater costs for suppliers, including vendor credentialing organizations," he said.

Johnson concurred lo a point. "Process standardization would help the compliance/' regulatory side of the vendor credentialing story, hut it doesn't necessarily alleviate the business side of the need for vendor credentialing" he said. " I he business side includes cost control, vendor compliance, restricting access and enforcing supply chain controls. Process standardization wouldn't make the business needs for good vendor credentialing go away."

Hups indicated IntelliCentrics' willingness to participate. " As a mailer of principle, InlelliCentrics would be inspired by any idea which would simultaneously address quality patient care while providing each healthcare facility the essential freedoms to manage their operations," she said. "We feel these freedoms will foster an environment of significantly faster innovations, ultimately resulting in an increase in the quality of patient care."

Several years ago a number ol providers, suppliers and trade associations formed The Coalilion for Best Practices in HCIR Requirements and drafted a fairly comprehensive list of standard requirements.

"The Coalition for Best Practices in IICIR Requirements has gained substantial momentum toward standardizing HCIR credentialing requirements," Boykin-McLean said. "There is a noticeably high level of organization and collaboration among supporters. Syinplr has responded to the need for standardization requirements by condensing the number of levels and eliminating redundancy. We have evaluated the needs for the different types of access for TICIRs. We have also created a custom level or general credentialing product to meet the need for healthcare facilities to credential other individuals, such as students and volunteers, etc,"

Vendormate supports the Coalition's efforts, too, according to Luoma.

"Vcndormate promotes our best practices to our provider customers which are aligned wi Lh the Coalition for Besl Practices in HCIR Requirements," he said. "Ultimately, it is the individual provider organizations that determine the standards of care and policies within their health system. I he Coalition is a step in bringing these disparate provider organizations together with suppliers to drive standardization."

Yet Johnson questions the movement's effectiveness to date.

"The Coalition lor Best Practices in HCIR Requirements has not been very' successful because ils membership does not include a significant number of providers involved," he said. "Additionally, the vendor credentialing suppliers themselves are not actively involved in this industry organization. It's mostly dominated by vendors who experience the most pain from this effort. Two of the critical stakeholders are not actively participating."

Mairose admits to being amused by the kerfuffle.

"I wonder if the supplier community has an appreciation for the irony of asking for standardization of process' when providers have been trying to 'standardize products' for more than20 years," he queried. "Xolan easy task to achieve.

"A database of common requirements would create a focal point around which the indu stry could coalesce/' Mai rose continued. "This is not significantly different than the use of [Gbl Ubl GLN and G1 IN registries, in that only a limited number of suppliers and providers are actively partía pa ting. Such a database should be considered an additional tool to help streamline Hie process. However, it is not a complete solution. Alleviating tears and resistance to change for some providers begins with education of their governance bodies responsible for risk management. Specific to providers that use credentialing as a barrier or suppliers that try to circumvent the system, 1 would venture to guess they think the system is working from their perspective."

Common source of truth?

Supply' chain leaders and managers refer to their organization's item master as the facility's "source of truth" for product and service information so it may be logical to conclude a common database accessible via secure passcode by any provider or supplier would make sense.

Maybe not.

Johnson believes that too much debate might delay the process.

"A common database would be good, but very difficult to create support for because of the number of entities needed to support and tiieir varying opinions/' lie surmised.

Yet Luoma's keen to the idea even if it may be hard to achieve.

" Our goal is to make credentialing a seamless, easy process by' providing the industry with a single database," he said. "Bringing all credentialing activity into a single system would reduce costs and complexity for provider and suppliers. However, today"s healthcare organizations align based on their interpretation of accreditation requirements. L ntil the adoption of a single, specific set of requirements by all provider organizations is achieved, systems supporting health systems' differing requirements will continue to exist "

Boykin-Viel .pan expressed her doubts. "Thpre is no evidence that creating a single database will offer a beller or more efficient alternative to current models," she insisted. "There is, however, evidence that competition in the marketplace currently is a real contributing factor toward the innovations that continue to strengthen and improve the vendor credentialing industry."

Mairose contended that the preference for self control prevents any progress.

"The challenge is varying interpretations by the governing bodies that have oversight for the environment of care," he noted "in the absence of regulation, each organization is left to its own definition of risk and what mitigation is most appropriate. Providing a central database of information would certainly reduce the effort put forth by suppliers and providers. However, it would not address the underly ing defects and v ariability of policy' interpretation, mutual trust and resistance to change."