Vendor data security means more than protecting against hackers
Chain-of-custody security is the forgotten champion of effective credentialing
We often hear about all the ways IT departments secure their data: with encryption, tokenization and vaults in both physical and virtual environments. Most people visualize these methods when they think of any data security.
In vendor credentialing, data security means a lot more than making sure personal information is not hacked and used for nefarious purposes. It certainly encompasses data security and the safekeeping of information in physical and virtual ways – with all the expected IT bells and whistles. However, healthcare vendor data security is more complicated than regular data security. Not only is this because of the variety of information that is often required for credentialing, but because the chain-of-custody of documents and information used for credentialing must be secure to verify the information is authentic.
Chain-of-custody and the role of third-party credential validation
Chain-of-custody security is often the forgotten element of vendor data security. It is essential to confirm the information used for credentialing has been attained from the primary source, not tampered with, and checked for authenticity. The best way to ensure the information used for credentialing is accurate is to use an unbiased, third-party such as a credentialing company. A third-party organization should verify information accuracy and confirm a secure chain-of-custody where appropriate.
A credentialing company’s sole purpose is to ensure the unique policies, procedures, and credentialing requirements set forth by a healthcare organization are followed. Balancing an organization’s regulations with the interests of vendors benefits the whole system of healthcare vendor/facility relationships. Not only does it protect both parties legally and financially, it ensures that facilities and vendors alike have access to the people and information they need to ultimately provide the best care to patients.
The risks of a vendor credentialing oversight
The results of a credentialing oversight can range from a severe regulatory violation to a health and safety threat to staff and patients resulting in a patient safety issue or worse. Breaches have serious legal and financial ramifications. Using a credentialing company minimizes your risk, protects your credibility, reputation, and bottom line by creating a completely unbiased and objective process to make sure standards are met.
We all know that human nature sometimes tells us to ‘bend the rules just this time’ because of a personal relationship or perceived financial gain. Using a credentialing company ensures the process is black and white – either the vendor is compliant or not relative to the healthcare organization’s vendor policy. If a vendor is compliant, they can access the facility per the level granted. When a vendor is out of compliance, access to the facility is denied. This entirely objective process only gets stronger with onsite technology to help identify when a vendor is onsite without proper credentials.
Keeping personal information private in credentialing
Another overlooked advantage to using an outside company is ensuring the privacy of the vendor seeking the credential. There can be many reasons why someone has not met credentialing requirements because of personal circumstances. Let’s take criminal background checks as an example. Perhaps an individual committed a criminal act, when verified, requires adverse action. The credentialing company adheres to the rules under the Fair Credit Reporting Act (FCRA) to keep confidential any further scrutiny why the individual cannot access the facility completely private – protecting both parties involved in the process.
Not only is it critical to follow all applicable regulations for handling personal identifying information (PII), but there are also other legal consequences associated with managing personal information. An established, secure process is essential to protect an organization from the severe legal and financial consequences.
Third-party credentialing companies like symplr® are the best cost-effective, risk-mitigating solution to the many complicated issues that are involved with healthcare vendor credentialing. Given all that could go wrong, doesn’t it just make sense to control costs, risks, and your reputation by ensuring your organization is protected physically, legally and financially by a third party credentialing partner?
Learn more about running an effective vendor management program in our eBook,
6 Best Practices for your Healthcare Facility's Vendor Credentialing Program. >
About Julie Walker
Julie is responsible for managing symplr’s vendor credentialing business, including vendor and general credentialing, visitor management and exclusion screening. In her role, she partners with healthcare organizations to help them achieve their goals in compliance, safety and security, while reducing risk. Prior to joining symplr Julie served in a senior role at ProviderTrust, a leading SaaS provider credentialing company. Previously, she was Vice President of Sales at the National Healthcareer Association, a division of Ascend Learning, a SaaS healthcare credentialing company focused on allied health professionals. Julie received a Bachelor of Business Administration degree from Valparaiso University and a Master of Business Administration degree from Lipscomb University.