Access Management
Vendor Policy Toolkit
Having a strong vendor policy in place works to protect both the vendor and the healthcare organization. Knowing what is expected of a vendor helps healthcare organizations protect patient safety and privacy, and vendor credentialing is an important process to protect the health and safety of employees, patients and visitors.
![VendorCredentialingPolicy-iPad](https://www.symplr.com/hs-fs/hubfs/VendorCredentialingPolicy-iPad.png?width=1000&height=773&name=VendorCredentialingPolicy-iPad.png)
This toolkit will give you a step-by-step guide for evaluating, updating, communicating about, and building an infrastructure for ensuring the ongoing effectiveness of your vendor policy.
The toolkit includes:
- A vendor credentialing and facility access checklist
- A vendor policy template
- A vendor access and credentialing policy training template
Does your vendor policy need to be evaluated?
Ask yourself these questions:
- Do we currently have a vendor policy in place?
- Is the policy consistent across all departments and facilities?
- Are all staff who interact with vendors familiar with the policy?
- Are all vendors who come onsite at our facilities familiar with the policy?
- Have we reviewed our policy in the last year?
- Have we trained on our policy in the last year?
- Is the policy enforced across the entire organization, without exception?
- Have we used our vendor compliance data to inform our vendor policy?
If you’ve answered “no” to any of these questions, you should take a closer look at your vendor policy and how it’s being enforced at your organization. A strong vendor policy can help limit situations that could result in liability or loss of reputation for your organization. Outlining the policies and what is expected of vendors helps to streamline the vendor access and compliance process from start to finish, providing documentation for best practices, proper protocol, and the consequences of any breaches in policy.
Identifying vendor policy and access management needs
Vendors play an essential role in healthcare. From providing supplies, equipment, and repair services to sharing knowledge, expertise, and so much more, they are critical partners in the healthcare ecosystem. Yet, for hospitals and health systems, maintaining stringent health and safety standards for compliant vendor access can be daunting. In a recent survey of supply chain leaders, only 29% said they were very confident the vendor representatives who access their facility are properly credentialed, and only 10% said they were very confident their staff is educated to identify and remediate vendor non-compliance.
Many organizations are looking for ways to improve their vendor policy compliance and:
- Gain more visibility into their vendor activity
- Gain more insight into why a vendor is onsite
- Make checking in the standard rather than the exception
- Quickly identify vendor non-compliance
- Stay ready for audits
- Alleviate burden from teams
- Instill the importance of compliance in their vendor partners
- Engage and empower their own staff to be partners in compliance and serve as the first line of defense
Your policies, the credentials you require, and your engagement processes, both internally and externally, should directly address these key areas and align with your overall strategy for vendor management and compliance goals.
Key actions to build a successful access management infrastructure
- Review your vendor policy
- Check your communication methods with vendors
- Make is easy as possible on vendors
- Make compliance personal
- Educate your teams
- Lean into the data
- Stay prepared
- Assess any other populations-like students, volunteers, and visitors-who may need access
Key elements of a vendor policy
- Overview and introduction
- Prior authorization
- Vendor access requirements
- Vendor access levels and criteria
- Badge/ID requirements
- Access to patient areas and patient information
- Check-in and check-out procedures
- Miscellaneous vendor behavior parameters
- Vendor policy adherence
- Vendor policy infraction
- Acknowledgement
Key policy training opportunities
Successful team training is essential to enforcing your vendor policy. Reference the training template portion of the toolkit to learn more about training on key information, including:
- Policy goals
- Consequences of an inconsistent policy
- How the policy was developed
- Scope of the policy
- Vendor communication
- Approved instances of vendor access, levels of access, and criteria for access
- Vendor access to patients and HIPAA information
- Incoming products and equipment
- Prohibited activities
- Associated expectations
- Policy location
- Enforcement process, escalation, and consequences