Vendor Credentialing Goes Beyond Managing Physical Access to Hospitals Blog Feature
Julie Walker

By: Julie Walker on April 24th, 2020

Print/Save as PDF

Vendor Credentialing Goes Beyond Managing Physical Access to Hospitals

vendor credentialing | vendor management

Administrators across hospital or healthcare system functions all share responsibility for enforcing compliance. Regulations not only help each organization create a safe environment, but also help to secure vital funding. The stakes are high, and vendor credentialing in supply chain is no exception to the rule. Noncompliance in the form of employing or contracting with excluded individuals risks loss of access to federal and state healthcare funding programs and exposure to civil monetary penalties.

What are the OIG and LEIE?

The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) is charged with identifying and combating waste, fraud, and abuse in more than 300 HHS programs, including the Centers for Medicare & Medicaid Services (CMS). OIG’s mission is to ensure the integrity of all program funding and to protect the well-being of the beneficiaries. 

The OIG has full authority to exclude non-compliant individuals and entities from federal and state-funded healthcare programs. Its List of Excluded Individuals and Entities (LEIE) is a complete database containing all exclusions currently in effect and is updated monthly. The LEIE provides information to the healthcare industry, patients, and the general public regarding individuals and entities currently excluded from participation in Medicare, Medicaid, and all other federal healthcare programs. Individuals and entities who have been reinstated are removed from the LEIE. The list is provided in two formats:

  • The online searchable database enables users to enter the name of an individual or entity to determine whether they are currently excluded, and uses an individual's Social Security Number (SSN) or employee identification number (EIN). 
  • The downloadable database enables users to download the entire list. However, it does not allow verification of individuals or entities using an SSN or EIN.

Noncompliance is costly

For healthcare organizations that employ or contract with an excluded individual or entity to provide items or services payable by federal healthcare programs, there are serious consequences.  Noncompliance with the OIG can occur whether the healthcare organization knew or should have known about the exclusion, and whether the excluded individual physically accessed the facility or not. Violations subject the organization to lost access to all HHS programs including CMS funding. In addition, violators are subject to consequential civil monetary penalties that can reach into the hundreds of thousands of dollars. 

As part of the HHS, CMS is the largest healthcare payer in the U.S. with nearly 90 million Americans dependent on its benefits. In terms of reimbursement, excluded individuals and entities taint every claim they are associated with. Considering that for the average hospital, 60% of patients are Medicare/Medicaid beneficiaries, the result can significantly affect the hospital’s bottom line. No federal healthcare plan will pay for any service or item provided directly or indirectly by an OIG-excluded person or entity. Further, any healthcare organization that knew or should have known about an exclusion is liable. This means even unintentional violations must be reported timely to the OIG and funding repaid to the federal program. 

Guard against a damaged reputation

American business magnate Warren Buffett observed, “It takes 20 years to build a reputation and five minutes to ruin it.” Healthcare providers strike a careful balance between serving and protecting constituents of their communities in an altruistic way and operating like any business with a keen focus on profitability, reputation, and sustainability. 

Trust is foundational to a healthcare provider’s longevity, and it is an important byproduct of an effective vendor management program not to be overlooked. Ensuring that a contractor or vendor is reputable and compliant is key to achieving their safety and compliance goals and requirements. A potential breach of trust between a healthcare provider and their community can be detrimental; especially, when an infraction with the OIG occurs, and the well-being of the beneficiaries are negatively impacted.   

Vendors pose avoidable risk

Vendor management programs may also lack prioritization by healthcare providers, and important high-risk factors get overlooked or are not managed closely. Remember, healthcare providers are liable for employing or contracting with an excluded person or entity whether the federal healthcare program pays directly or indirectly, and even if the person or entity does not receive payment from the provider for such services. 

Failing to monitor, manage, or otherwise address contractor risk and noncompliance poses unnecessary and avoidable risks. Notably, it invites significant and increased risk to all constituents in the healthcare community as well as to the healthcare provider’s reputation, compliance, and financial matters.

Prevent all risk related to vendor exclusions     

Taking ongoing preventative steps minimizes vendor-related risk. To start, healthcare organizations must know who is onsite, why, and for what duration. However, there’s more to managing vendors than permitting only authorized physical facility access. Today’s supply chain, security, and compliance leaders must also check the box on other high-priority objectives. They do so through successful execution of a best practice vendor management program including compliance-focused policies and documentation.

We offer the following best practices to remain in compliance.

  • Confirm before you contract

If your organization participates in Medicare, Medicaid, or any other federal healthcare program, check all vendors, contractors, and associated entities against the LEIE, as well as the U.S. General Services Administration’s System of Award Management list before contracting. It’s also best practice to check all available state Medicaid exclusions lists prior to contracting.

  • Ongoing monitoring is a must

Actively contracted individuals and entities must undergo ongoing healthcare exclusion monitoring per the primary sources shared. Contracting with any person or entity that’s excluded will bring exposure to fines and penalties (42 CFR 1001.1901). symplr recommends checking on a monthly basis, at minimum.

  • Include virtual vendors

There’s an increased prevalence of contractors and vendors who might not need physical facility access, especially in light of COVID-19. Further, many healthcare providers are granting only essential vendors physical facility access, restricting or barring non-essential vendors for now. However, whether physical access is allowable, required, or otherwise restricted, the same exclusion-checking requirements remain. Healthcare providers should continue monitoring all actively contracted vendors regardless of whether they need physical access.

  • Keep on top of state databases

Hospitals rely on both federal and state reimbursement. Because there are only two federal lists to monitor (LEIE and SAM), exclusion screening might be most challenging at the state level. More than 40 states maintain their own databases that monitor healthcare exclusions and restrictions. Unfortunately, not all are reported up to the federal level timely or at all. In addition, sub-par technology systems and errors contribute to gaps. Further, under the Affordable Care Act, any individual or entity excluded from one state is also excluded from participating in other states. As a result, healthcare providers must rigorously monitor all available state-level exclusion lists. 

Automation is key

It’s a fine line to fulfill vendor credentialing goals yet avoid a ripple effect that negatively impacts quality, security, and safe care delivery. Efficiency and effectiveness must go hand in hand, and a vendor software program achieves these objectives. 

The primary goals that an online vendor credentialing platform should fulfill for any healthcare network include:

  • Management of multiple facilities from a single software platform
  • The ability to account for unique facility-level policies and credentials 
  • Computer-terminal-free check in stations to secure access points (e.g., instead, scan-and-go technology and mobile applications stand in)
  • Capability to handle emergency events (e.g., access policy changes during crisis situations like the COVID-19 pandemic)
  • The ability to distribute, communicate, and execute facility policies and alerts online
  • Access to real-time credentialing and vendor access reporting 
  • Convenient online check in for vendors with pre-arranged appointments
  • Assurance that federal and state exclusion databases are regularly monitored
  • The ability to accommodate any accreditation body’s requirements 

Vendors are an essential part of healthcare operations and delivery, but it’s critical to identify and manage the risks that they present to quality care, compliance, reimbursement, and most of all safety. Use all of the tools at your disposal to ensure your vendor software credentialing program is the strongest link.  


About Julie Walker

Julie is responsible for managing symplr’s workforce management businesses, including vendor and general credentialing, visitor management, and API Healthcare. In her role, she partners with healthcare organizations to help them achieve their goals in compliance, safety, and security, while reducing risk. Prior to joining symplr, Julie served in a senior role at ProviderTrust, a leading SaaS provider credentialing company. Previously, she was Vice President of Sales at the National Healthcareer Association, a division of Ascend Learning, a SaaS healthcare credentialing company focused on allied health professionals. Julie received a Bachelor of Business Administration degree from Valparaiso University and a Master of Business Administration degree from Lipscomb University.