Compliance & Safety

Vendor Policy Toolkit

Having a vendor policy in place works to protect both the vendor and the healthcare organization. Knowing what is expected of a vendor helps healthcare organizations protect patient safety and privacy, and vendor credentialing is an important process that confirms your organization is doing everything it can to protect the health and safety of employees, patients and visitors.

Toolkit cover image
Jump to Topic

This toolkit will give you a step-by-step guide for evaluating, updating, communicating about and ensuring the ongoing effectiveness of your vendor policy.

The toolkit includes:

  • A vendor access and credentialing policy training template
  • A vendor credentialing and facility access checklist
  • Vendor policy toolkit templates

Does your vendor policy need to be evaluated?

Ask yourself these questions:

  • Do we currently have a vendor policy in place?
  • Is the policy consistent across all departments and facilities?
  • Are all staff who interact with vendors familiar with the policy?
  • Are all vendors who come onsite at our facilities familiar with the policy?
  • Is the policy enforced across the entire organization, without exception?

If you’ve answered “no” to any of these questions, you should take a closer look at your vendor policy and how it’s being enforced at your organization. A strong vendor policy can help limit situations that could result in liability or loss of reputation for your organization. Outlining the policies and what is expected of vendors helps to streamline the on-premise vendor process from start to finish, providing documentation for best practices, proper protocol and the consequences of any breaches in policy.

Key elements of a vendor policy

Let's start by taking a look at what should be included, or at least considered for inclusion, in a comprehensive vendor policy.

1. Overview or Introduction

This section provides a quick overview of the document and should explain what the document is and why it is important. This section will also assure the reader that the policies in the document are included for regulatory purposes as well to protect the ethics and safety of patients, employees, and more.

2. Definitions

This section defines key terms and clarifies who or what is included under each term in your policy. Common terms in a vendor policy include company, company representative, vendor, vendor representative, etc. Let’s start by taking a look at what should be included, or at least considered for inclusion, in a comprehensive vendor policy.

Group 37

3. Prior authorization

This section outlines what is required of the vendor before they come on-premise. It should include information on scheduling prior appointments and what happens if a vendor doesn’t have a scheduled, approved appointment.

4. On-prem access requirements

This section outlines the forms and identification that are required by your organization before a vendor gains access. These access requirements will vary by organization but can include acknowledgment of HIPAA policies, a background check, valid identification or verification that the vendor attempting to gain access is in good standing with the company.

5. Vendor access and levels

Depending on your company or facility, you may want to provide varying levels of access to your suppliers or vendor representatives. For example, level 1 access could be all-access to the facility, with the ability to interact with patients and equipment, whereas level 4 access could be more limited access and might even prohibit vendors from entering certain areas of your facility.

6. Badge/ID requirements

Here you will outline the proper identification a vendor representative must have to be on-premise. This should include instructions on where to get a vendor badge, how to display the badge and the protocol for a badge not being properly displayed.

7. Access to patient areas and patient information

One of the more critical areas of a vendor policy, this section outlines the specifics around a vendor being in and around patient areas. In most vendor policies, there is a specific list of areas where vendors are not permitted. Also, most vendor policies include a brief statement on patient privacy in this section. Because vendors could be in close proximity to patients and privy to personal and confidential information, there is typically language that speaks to patient confidentiality and decorum.

8. Departure from facility

Here you will include the protocol for a vendor leaving your facility. In most vendor policies there is language about a vendor checking out with facility staff or via your vendor credentialing platform to signal their departure.

9. Miscellaneous vendor behavior parameters

Think of this section as a sort of catch-all for any one-offs or nuances to your vendor policy. Examples could include a note about where vendors should park, the attire and decorum a vendor should adopt while on-premise, or notes about “gifts” in the form of samples, products, etc.

10. Vendor policy adherence

This is the portion of the vendor policy that conveys the message that “these are the rules we have outlined for all vendors while on-premise.” The policy adherence section will lead into a section on infraction.

11. Vendor policy infraction

As mentioned above, this outlines potential consequences should there be a breach in protocol within the vendor guidelines. In many vendor policies, there is a progressive list of infractions and a brief explanation of what happens during or after each infraction. This progressive list should educate a vendor on what to expect if infractions are repeated rather than remedied. The more clear you are in this section, and the greater the consequences of vendor non-compliance, the better the adherence to your overall policy will be.

12. Acknowledgment

Most likely, you will want this policy to be acknowledged and signed as a binding document, so the vendor policy should also include a first name, last name, company, date and signature line. You may also want to keep a copy on file for a particular vendor. Also, consider how often you want the vendor to review and acknowledge the policy. For example, you may decide to have vendors read and acknowledge the policy just once initially, once every year or whenever there are policy changes.

Rolling out a new vendor policy

Finalize the policy

Once you’ve completed the initial review of your organization’s policy, it’s important to get input from key stakeholders. Talk to the staff who frequently work with vendors to make sure you’ve documented standards for the various scenarios they have encountered or may run into in the future.

By seeking feedback from hospital administrators, physicians and other staff who are impacted before you finalize the policy, you increase the likelihood of having a policy that is complete. You also want to make sure that the policies and processes reduce the administrative burden on your staff, and getting input and buy-in now leads to better policy compliance later on. Once all of the key stakeholders have weighed in, you will want to have the policy reviewed and signed off by key authorities, such as your organization’s legal, safety and compliance executive, chief operating officer, etc.

Communicating with staff

Your policy will be most effective if you have a well-thought-out training plan for your staff. The training doesn’t need to be complicated, but it should cover all of the vendor policy key points. We’ve included a training template in this toolkit to make this process easier for you.

In addition to the initial training, be sure to consider how the training materials can also be used for onboarding new employees and ongoing or refresher training.

Communicating with vendors

In addition to training your own staff, you want to make sure vendors are aware of and fully understand the policy. Often, you can use the same training materials that you’ve used to train your staff, with minor adjustments to address vendor-specific concerns and situations. The training template in this toolkit can help make it quick and easy to create the training materials.

Ensuring ongoing vendor policy effectiveness


Once your vendor policy training has occurred and vendors have acknowledged the policy, you will most likely provide your vendors with a grace period to become compliant. Our customers have found that a six-week grace period is enough time for completing credentialing.

As with any change, you and your staff should expect some pushback. There will be vendors who want to bypass the system or delay their compliance. However, the best course of action is to remain true to the project goals. Patient and staff safety are the priority, and that requires strict enforcement of the policy.

Handling exceptions

Even with a thorough, thoughtful vendor policy, your staff may encounter unexpected scenarios that are not documented in the policy. If this happens, work to standardize the exception and add it to the policy. Take note of the vendor, their role and the appropriate action and make this the new standard.

Technology supports the policy

Make sure your vendor credentialing solutions helps you track, manage and ensure vendor compliance of your vendors. One tool symplr customers find useful is a customizable vendor check-in screen, including an area for vendors to include the reason that they’re visiting your facility. Since your vendor policy will document the reasons that a vendor might be on-site, a standardized and structured drop-down list on the check-in screen makes it easy for your staff to ensure that vendors are in compliance with your policy.


As healthcare evolves, ensuring patient and staff safety are top priorities for every well-run healthcare organization. As a result, vendor management has evolved and become more and more complex for both small facilities and large networks alike.

A well-documented vendor policy that is clearly communicated to both staff and vendors is the foundation of a strong vendor management program. With the guidelines in this symplr Vendor Policy Toolkit, you can streamline the process of evaluating, implementing and enforcing your organization’s vendor policy.

Read on

Healthcare Operations | 3 min read
Leadership Insights to Inspire Teams & Drive Innovation
Contingent Talent Management | 2 min read
How to Enforce Consistent Travel Compensation Policies Across Your Staffing Agency
Clinical Communication | 3 min read
How to Enhance Your Clinical Communications Improvement Project
Compliance | 3 min read
4 Current Legal Issues in Healthcare
Workforce Management | 4 min read
10 Essential Qualities of a Good Nurse
Provider Credentialing | 2 min read
5 Ways Provider Credentialing Leaders Can Prepare for Big Spikes
Workforce Management | 3 min read
5 Small Ways Hospitals & Health Systems Can Celebrate Nurses Week
Provider Credentialing | 2 min read
Top 5 Needs Solved by Working with a CVO
Workforce Management | 3 min read
The Impact of Time in Nursing
Clinical Communication | 3 min read
The 6 People You Need on Your Clinical Communications Improvement Team