Access Management: Compliance and Safety Go Beyond Organizations' 4 Walls

Administrators across all functions of your hospital or health system share responsibility for enforcing compliance, and vendor credentialing in supply chain is no exception to the rule. The stakes are high: Regulations not only help each organization create a safe environment, but also help to secure vital funding.

Noncompliance—in the form of employing or contracting with individuals excluded from the Office of Inspector General's (OIG) List of Excluded Individuals/Entities (LEIE)—risks losing access to federal and state healthcare funding programs and exposure to civil monetary penalties.

When shoring up your access management policies, it's critical to remember that vendor management applies equally to in-person, virtual, and hybrid relationships.

The financial costs of noncompliance

There are serious consequences for healthcare organizations that employ or contract with an excluded individual or entity to provide items or services payable by federal healthcare programs. No federal healthcare payer, such as CMS, will pay for any service or item provided directly or indirectly by an OIG-excluded person or entity. Further, healthcare organizations are liable for monitoring exclusions.

Noncompliance with the OIG can occur whether the healthcare organization knew or should have known about the exclusion, and whether the excluded individual physically accessed the facility or not. This means even unintentional violations must be reported timely to the OIG and funding repaid to the federal program.

Be ready for The Joint Commission

Government regulations are just one side of the compliance equation. If your healthcare organization is among the nearly 80% of U.S. health systems that adhere to The Joint Commission's standards, it must also be prepared for that accreditation body's standards pertaining to access management. To maintain constant readiness and to demonstrate complete visibility into your credentialing data and compliance status, having an automated vendor credentialing solution is a necessity.

Today's mobile vendor access technology provides your internal users line-of-sight to analytics and dashboards. Using the data, they can quickly demonstrate compliance with The Joint Commission’s standards for vendors, and dashboards can show surveyors that the organization is operating effectively. For instance, symplr’s credential dashboard provides visibility to each individual access level, what the requirements are, as well as the status for each credential for every vendor rep.

All vendor activities are automatically and immediately recorded for quick access to real-time data showing compliance as it occurs. Having easy access to these reports allows surveyors to easily confirm that your organization is meeting the standards for tracking each vendor.

Vendors pose avoidable risk

Despite the critical significance, healthcare providers may fail to appropriately prioritize their organization’s vendor management programs. When this happens, important high-risk factors may be overlooked or not managed effectively. Remember, healthcare providers are liable for employing or contracting with an excluded person or entity whether the federal healthcare program pays directly or indirectly, even if the person or entity does not receive payment from the provider for such services. 

Failing to monitor, manage, or otherwise address contractor risk and noncompliance poses unnecessary and avoidable risks. Notably, it invites significant and increased risk to all constituents in the healthcare community as well as to the healthcare provider’s reputation, compliance, and financial matters.

Prevent all risk related to vendor exclusions     

Taking ongoing preventative steps can minimize your vendor-related risk. To start, your healthcare organization must know who is on-site, why, and for what duration. However, there’s more to managing vendors than permitting only authorized physical facility access. Healthcare organizations must manage all vendors, whether they’re on-site, virtual, or hybrid. This requires successful execution of a best-practice vendor management program including compliance-focused policies and documentation.

We offer the following leading practices to help you remain in compliance.

Confirm before you contract

If your organization participates in Medicare, Medicaid, or any other federal healthcare program, check all vendors, contractors, and associated entities against the OIG's List of Excluded Individuals/Entities (LEIE), as well as the U.S. General Services Administration’s System of Award Management list, before contracting. It’s also best practice to check all available state Medicaid exclusions lists prior to contracting.

Ongoing monitoring is a must

Actively contracted individuals and entities must undergo ongoing healthcare exclusion monitoring per the primary sources shared. Contracting with any person or entity that’s excluded will bring exposure to fines and penalties (42 CFR 1001.1901). symplr recommends checking on a monthly basis, at minimum.

Include virtual/hybrid vendors

As noted, physical access isn’t the only type to consider when it comes to vendor credentialing. This is especially true as COVID-19 increased the prevalence of virtual and hybrid vendors. Regardless of whether a vendor is on-site, virtual, or a hybrid version of both, the same exclusion-checking requirements apply.

At first, the COVID-19 pandemic caused many healthcare organizations to limit physical facility access to only essential vendors. Now, many organizations are settling into working arrangements that allow their employees to continue working either completely virtually or using a hybrid model, with no plans to return workers to full-time, in-person work. That means healthcare organizations must monitor which vendors have access, what kind of access they have, and when they have it, recognizing that access will look different from vendor to vendor.

The key takeaway is the same, however: Healthcare providers should continue monitoring all actively contracted vendors regardless of whether they need physical access.

Integrate supplier management solutions and processes

Access management requires more than just credentialing your existing vendor representatives. It also requires having a solid system in place for selecting and implementing new products, suppliers, and services. However, having disparate systems for each of these functions can lead to costly and risky gaps. That’s why healthcare organizations can benefit from having integrated solutions that allow for efficient and seamless vendor management. symplr offers convenient, smart integration to help customers achieve streamlined supplier management.

For existing vendors, there’s symplr Access, a flexible vendor credentialing system that provides authorized physical or virtual access and captures compliance and safety data for the provider. In addition, symplr Access integrates easily with GreenLight Medical, a cloud-based software platform that provides healthcare organizations with quality- and value-based data for evaluating, purchasing, and deploying new medical technology.

Keep on top of state databases

Hospitals rely on both federal and state reimbursement. Because there are only two federal lists to monitor (LEIE and SAM), exclusion screening might be most challenging at the state level. More than 40 states maintain their own databases that monitor healthcare exclusions and restrictions. Unfortunately, not all state lists report up to the federal level in a timely manner, if at all, and adjacent sub-par technology systems and errors are continuing to contribute to gaps. Further, under the Affordable Care Act, any individual or entity excluded from one state is also excluded from participating in other states. As a result, healthcare providers must also rigorously monitor all available state-level exclusion lists. 

Automation is key

There’s a fine line between fulfilling vendor credentialing goals and avoiding a ripple effect that negatively impacts quality, security, and safe care delivery. Efficient and effective compliance governance must go hand in hand, and vendor management software helps achieve these objectives. 

The primary goals that an online vendor credentialing platform should fulfill for any healthcare network include:

  • Managing multiple facilities from a single software platform
  • Accounting for unique facility-level policies and credentials 
  • Having computer-terminal-free check-in stations to secure access points (e.g., scan-and-go technology and mobile applications stand-in)
  • Demonstrating the ability to handle emergency events (e.g., facility access policy changes during crisis situations like the COVID-19 pandemic)
  • Being able to distribute, communicate, and execute facility policies and alerts online
  • Accessing real-time credentialing and vendor access reporting 
  • Providing convenient online check in for vendors with pre-arranged appointments
  • Having assurances that federal and state exclusion databases are regularly monitored
  • Accommodating any accreditation body’s requirements

Vendors—whether on-site, virtual, or hybrid—are an essential part of healthcare operations and delivery, but it’s critical to identify and manage the risks that they present to quality care, compliance, reimbursement, value-based purchasing, and most of all: safety. A consolidated supplier management strategy that combines tools like symplr Access with GreenLight Medical ensures that your supplier credentialing and management programs are efficient, seamless, and strong.  

Let's Get Started


Request a Demo