The Complete Guide to Hospital Vendor Credentialing

Vendor credentialing has become an important part of business operations in health systems, but that wasn’t always the case.

Until the mid-2000s, few healthcare organizations required vendor representatives to be credentialed before they accessed a hospital or healthcare facility. In some cases, hospitals implemented vendor check-in processes, but those rules were rarely enforced, and thus many vendors ignored the processes absent any negative ramifications.

Today, nearly every healthcare organization nationwide requires vendors to be credentialed before granting them entry. Most health systems manage their large and growing volume of vendors by using a formal, standardized, often digital process

Here are some of the key things you need to know about vendor credentialing for healthcare organizations.

What is hospital vendor credentialing?

Healthcare organizations work with third-party vendors for all kinds of operational and supply needs, and vendor credentialing helps ensure healthcare facilities can safely engage with these businesses. The credentialing process confirms that the vendor follows a strict set of requirements that the healthcare organization sets for on-site work or virtual access, and that the vendor’s representatives are who they say they are. 

The specific requirements vary between healthcare organizations and even between facilities that are part of the same system. Typically, however, there are criteria that every healthcare organization requires as a baseline, including: 

  • Verification of employment and required training
  • Vaccines (MMR, Hepatitis B, Tetanus, Tdap, Influenza, COVID-19)
  • Drug screening
  • Up-to-date PPD (tuberculosis) test
  • Background check (Federal/state/local criminal records check)
  • Insurance coverage
  • Health Insurance Portability and Accountability Act (HIPAA) compliance certification
  • Safety training (if relevant/necessary)


As we have addressed before, any healthcare organization that bills Medicare or Medicaid must attest that anyone they hire or work with—including vendors—is not on the Department of Health & Human Services (HHS) Office of Inspector General’s (OIG) List of Excluded Individuals/Entities (LEIE). It is incumbent upon healthcare organizations to continuously review this list, and to bar access to any vendor representative from any company or entity on the LEIE.

Why did hospitals start credentialing vendors?

Before hospitals and healthcare organizations introduced formal vendor credentialing processes, it was theoretically possible for anyone to gain almost unlimited access to a healthcare facility with a fake company ID badge or business card. This, of course, presented a significant threat to the safety and security of patients, staff, and providers, and exposed the business to countless potential liability risks.

Implementing vendor credentialing processes allowed healthcare organizations—especially large hospitals and healthcare groups with numerous sites—to establish and maintain the same standards for vendor access across all facilities, and to lower the risk of a security event or patient safety incident.

Why is vendor credentialing increasingly important for hospitals? 

There are many reasons for hospitals to set and enforce standards for vendor access, and chief among them is security. While physical security is the most-often-thought-of threat, the security of patient data and confidentiality are also at risk. In addition, as hospital organizations grow and become more complex (i.e., adding clinics and outpatient sites), they become more susceptible to communication breakdowns, including when it comes to vendor management. 

Hospital vendor credentialing is important because it is a proactive step for healthcare organizations’ administrators to take toward establishing safeguards and decision support for the organization, specifically around access and contracting decisions. It is intended to protect against harm that can result from partnering with unethical vendors or uncontrolled vendor access to a hospital or clinic and its staff and patients.

From a business standpoint, vendor credentialing also plays an important role in streamlining hospital supply chains and helping facilities quickly adjust and adapt to supply chain issues as they arise. For example, if a credentialed vendor is unable to fulfill an order for supplies, facilities that have already credentialed a backup vendor can more easily switch their order and avoid any supply shortages.

Why is vendor credentialing important for providers? 

The COVID-19 pandemic has shown us that for providers to do their jobs safely and effectively, they must be able to trust that everyone in the facility is following the same guidelines. Implementing an effective vendor credentialing system gives clinicians peace of mind that everyone on their floor or in their unit has the training and qualifications necessary to keep patients safe.

Despite significant efforts to curtail the kinds of quid pro quo arrangements that played a role in the opioid crisis, it’s still far too easy for providers to have a financial stake in the care they provide their patients. Vendor credentialing can help keep providers from wading into these ethically murky waters by reducing the number of interactions with vendor sales reps. 

By the same token, a more stringent credentialing process helps vendor representatives avoid the potential conflict of interest between supporting the provider and making a sale. An effective vendor credentialing system increases transparency and helps ensure positive and productive interactions between vendors and healthcare organizations.

How does vendor credentialing affect patients? 

Patient safety is, of course, the primary focus at hospitals and healthcare organizations, and vendor credentialing can have a more direct impact on patient safety than many organizations may realize. A vendor’s work at a hospital or healthcare facility may bring them in close contact with patients who are immunocompromised or otherwise part of an at-risk patient population. It is absolutely crucial that vendors have the proper credentials and the right training to ensure they don’t introduce additional health risks to already vulnerable patients. 

By implementing a vendor credentialing system, healthcare organizations can ensure that any vendor who enters a particular unit or area of the hospital will understand and follow the necessary guidelines. Not only does this help keep patients safe, it also gives patients peace of mind and helps ensure a positive patient experience.

Physically protecting patients is one thing, but today the threats now extend to health data. In fact, the three largest U.S. data security breaches since 2015 have all occurred in the healthcare industry, with over 110 million cumulative patient records exposed. Stolen health data is not as valuable to cybercriminals as financial data—which means it is often not as well-protected. Unfortunately, according to Intel Security McAfee Labs, cybercriminals are increasingly focusing on stealing healthcare data. 

Patients are rightfully concerned about keeping their private health information secure. By having a robust vendor credentialing system in place, healthcare organizations can demonstrate their commitment to protecting patients’ privacy. 

Why is credentialing important for vendors? 

Most of the information about vendor credentialing in healthcare focuses on the benefit to the healthcare organizations, but make no mistake: Credentialing also benefits vendors. Well-defined credentialing criteria let vendors know exactly what standards they need to meet to work with a healthcare organization, and it gives vendors a clearer idea of where they should focus their sales and marketing efforts.

Credentialing also helps vendors operate more efficiently, particularly when it comes to hiring new representatives. For example, if a vendor starts working with a new hospital that has strict expectations regarding safety training on bloodborne pathogens, the vendor can roll out company-wide training to remain in compliance with credentialing requirements. And by having a clear picture of what training or certifications are required, vendors can more effectively target their search for new employees. 

Vendor credentialing has come a long way in a relatively short time, and the industry appears poised to keep growing. symplr Access experts expect compliance controls to increase in the wake of COVID-19. The pandemic has made clear the importance of ensuring vendors and vendor representatives have the right training and qualifications to ensure the safety of staff, patients, and providers. Hospital vendor credentialing is no longer a nice-to-have—it’s a “must-have.”

Download Our Free Vendor Policy Toolkit

If you’re ready to build a more robust and streamlined approach to vendor credentialing, symplr is here to help. Our credentialing software and services are part of the larger suite of solutions we offer that can help your organization run more efficiently. 


Request a Demo