Placing Customer Centricity at the Heart of Healthcare
HPN Sept 2014
1. HPN Sept 2014
Getting schooled about vendor credentialing
Universal standards, best practices the linchpin for progress
by Rick Dana Barlow
Credentialing supplier sales representatives tends to inspire two schools of thought, one of
which may be considered a subset of the other, and perhaps no less controversial.
One school embraces and promotes vendor credentialing as a way to prevent sales reps
from meeting with and selling to doctors without Supply Chain's approval and oversight.
This protects negotiated contract pricing through purchasing volume commitments (whether
via group purchasing organization or local, internal negotiations) and thereby keeps
expenses in check and the budget under control.
The other school embraces and promotes vendor credentialing as more of an overarching
safety and security issue that protects patients from "unauthorized" products, illegal
exposure (e.g., data, information and physical presence), infectious exposure (e.g.,
diseases carried by patients, reps) as well as hospitals from liability and the resulting
expense increases in dealing with all of it.
Reps in general find the practice a hassle and egregiously inconvenient, while independent
reps at smaller firms also find it prohibitively expensive because they personally must
absorb the qualification costs that the larger suppliers cover for their employed and
contractual reps.
Meanwhile, some hospitals that choose to operate their own credentialing programs in lieu
of working with one of the three major third-party vendor credentialing firms in healthcare,
manage to generate a little revenue from the practice, which tends to irk the suppliers.
As Healthcare Purchasing News has explored the issue of vendor credentialing for the
last seven years, from its industry debut to its inherent motivations and justifications to the
consolidation of players, two primary concerns have bubbled to the surface as the industry
resigned itself to the practice's permanence. They are universally applied standards and
best practices.
Last August, the Coalition for Best Practices in HCIR Requirements "developed a working
document of 'Joint Recommendations' that reflect best practices and recent stakeholder
progress toward consistent credentialing requirements." Access and download the
document, as well as the Coalition's letter to the Joint Commission
here: www.hcirbestpractice.org/?page_id=9.
In a follow-up to the Coalition's efforts, HPN reached out to executives at a handful of
provider, supplier and all three third-party vendor credentialing companies to plot progress
toward universal standards and best practices.
HPN: Of the two credentialing schools - access control vs. safety and security -
which do you perceive remains the more prevalent school? Which should be the
2. more prevalent school and why? What will it take to change industry opinions and
mindsets about it?
Bruce Mairose, Vice Chair, Supply Chain
Management, Mayo Clinic
"These two schools of thought could be summarized as an
issue of control - control of the environment of care, behaviors,
and expenses. The prevailing sentiment is dependent on an
individual's focus of control. If you were to ask a clinician,
many physicians or Compliance office they would express that
the environment of care is most important, however many
supply chain leaders believe it is both. Unfortunately, they tend
to over-leverage the access component in areas where [Supply
Chain Management] has traditionally had no other means to
monitor, direct and mentor behavior of both employees and
HCIRs for the overall good of the organization.
"A tug-of-war between provider requirements overkill and supplier convention will continue
until credentialing is viewed in a similar manner to safety. Fairly clear requirements,
common interpretations of those requirements and there is responsibility for monitoring and
enforcement by all parties. Implementation of the HCIR standards is where that common
interpretation, focus and accountability for reeducating the industry should begin. By doing
so, an organization can reaffirm regulatory, business and clinical objectives and lessens over
or under interpretation of 'the true intent of a credentialing process.' It also offers a
common core for professional conduct of sales representatives."
Brent Johnson, Vice President, Supply Chain, Chief
Purchasing Officer,Intermountain Healthcare
"Both are equally important. Sometimes suppliers and the
industry think it's just about patient and employee safety, but
it's more than that. Open access to clinicians and hospital
administrative staffs, coupled with weak supply chain
organizations found generally in hospital arenas, make it
necessary to control access to facilities for management and
contract commitment purposes."
Doug Cones, Director, HCIR Credentialing,
Cardinal Health Inc.
"We view vendor credentialing as taking the necessary steps to ensure Cardinal Health's
customer-facing representatives have met our high standards. This is to ensure they will
consistently exceed the standards expected by our customers as it relates to the common
3. goals of ensuring patient safety and confidentiality. We will continue to work directly with
our customers and their vendor credentialing organizations (VCOs) to ensure we can meet
these expectations in a manner that is efficient and cost effective for both Cardinal and our
customers. We look at this process as a partnership and continually dialogue with our
customers to ensure our program remains both high quality and cost effective."
Dave Reed, Vice President of Operations, Vice President
of Healthcare Business Solutions and Corporate
Compliance Officer, Cook Medical Inc.
"Between the two schools of thought, the school that says
vendor credentialing is a safety and security measure is
definitely the more appropriate idea. It's reasonable and
expected that a hospital would want to control the people and
information entering their facility and there is value in the
safety and security that credentialing provides. If you or a
family member were undergoing a procedure in the operating
room of a hospital, you would want the peace of mind that
everyone in that room has gone through a screening process.
"One important aspect of this discussion that is often
overlooked is that innovation is hindered if there is little or no chance for industry
representatives to meet with clinicians. One of the most common things we hear from
physicians is that they need to collaborate with industry to develop and improve technology
that helps solve clinical problems, so care must be taken to ensure that appropriate industry
interaction is allowed."
Greg Goyne, Vice President of Marketing, IntelliCentrics
"While many view vendor credentialing as simply vendor
oversight, we believe this viewpoint shortchanges the true
value of a comprehensive credentialing program. Viewed in
total, vendor credentialing must be seen as contributing to
patient and employee safety.
"We believe vendor credentialing is all about helping hospitals
stay true to their mission of putting safety first. One breach in
safety can ruin a hospital financially. Access control is a bonus
to vendor credentialing, not the end game. The end game is
always about keeping your world safe. The Joint Commission
(TJC) publishes National Patient Safety Goals (NPSGs), not
National Financial Safety Goals. There are no TJC standards
that survey against finances, budgets or hospital expenses.
"Vendor credentialing helps ensure that people who go into sensitive parts of the hospital,
such as the Operating Room or patient care areas, are properly credentialed for all the
appropriate requirements. Credentialing is the process of obtaining, verifying and assessing
4. the qualifications of healthcare personnel and is a fundamental component of regulatory
compliance. Credentialing standards are based upon recommendations by organizations,
such as the Occupational Safety and Health Administration (OSHA), CDC, TJC, as well as
industry and professional regulatory bodies. These organizations are committed to
improving patient and employee safety, and credentialing helps operationalize this mission."
Gary Johnson, Chief Marketing Officer,Vendormate
"Both objectives are embraced by providers - patient safety
and a controlled procurement process including how they
engage and work with potential and current suppliers. Patient
safety is always a top priority for healthcare providers. So
managing the on-site access and process for sales
representatives, technicians and other third-party staff and
ensuring they have required vaccinations against infectious
diseases, training on HIPAA, and other routine policies, is just
part of the provider's operating policies and procedures.
"Controlling costs plays a key role in a hospital's ability to
continue providing the highest quality of care. It includes
having a more controlled procurement process for how they
vet and engage with potential suppliers and how they work with current suppliers of
products and services. This vendor management process also has regulatory and internal
controls compliance requirements including:
OIG requires providers to ensure a vendor is not on any sanction lists prior to
commencing business to protect against fraud and abuse
HIPAA security law requires that the provider vet vendors against business associate
criteria and provide oversight to safeguard the patient's medical data
Risk/insurance underwriters review how the hospital is managing vendors interacting
with patient medical data to minimize risk of a data breach
Accrediting agencies audit how hospitals evaluate the performance of clinical product
and service vendors
"More hospitals are seeing the value of credentialing for meeting both of these objectives."
Kesha Boykin-McLean, Chief Compliance Officer, Vendor
Credentialing Service
"Both schools of thought deserve their own merit. However, we
really look at the hospital security and patient safety as the
driving force of credentialing moving forward. With the ever-
changing landscape in healthcare, the constants that seem to
keep coming to the forefront are safety and security. As they
should. Healthcare providers have an obligation to provide
5. their patients with the most effective safety standards available and are doing a
phenomenal job at mitigating the risk factors as it relates to these concerns. The costs to
compromise patient safety and hospital security can be devastating to any facility in terms
of reputation, finances and health of their patients and employees. Most industry opinions
are already aligned with this, so changing opinions won't be necessary, but staying
proactive and ahead of the risks will be imperative."
One colossal area of concern about vendor credentialing involves the lack of
established standards (data requested/required, form content, fees, applying
credentialing procedures consistently and uniformly to everyone, etc.) and
universally accepted best practices. Outside of the "Joint Recommendations for
Healthcare Industry Representative Credentialing Best Practices," released last
year by the Coalition for Best Practices for HCIR Credentialing, and the annual
Vendor Credentialing Summit, what has been accomplished in this area within the
last year and what still needs to be done?
Mairose: "Outlandish expectations placed on supplier representatives are more the
exception than the norm, as well there is greater commonality across the industry. We ask
our patients to make appointments to see the doctor, why would we not ask representatives
to do the same?
"Standards have been established and offer balance to the needs of the provider and
supplier with a primary emphasis on the needs of the patient and the environment of
care. It should be noted that the vast majority of what may be perceived as onerous
requirements placed on suppliers over the past five years originate from Infection Control,
Safety and Compliance offices, not Supply Chain Management.
"Rather Supply Chain has responsibility for enforcing requirements that vary by institution
and oversight committee within their organizations. If the industry is to avoid additional
governmental requirements, providers and suppliers need to educate themselves on the
standards and why they exist. A nationwide endorsement of the HCIR standards by the
AMA, AHA, HIDA, etc. would go a long way to reduce wild interpretations related to
regulatory and credentialing bodies. This should be followed by educational programming
targeted at Compliance and Safety staff within the providers."
B. Johnson: "The lack of standards for credentialing is a problem but there is not an easy
solution. At Intermountain we also train our supplier reps on security and behaviors
required within Intermountain Healthcare. We have added on-line courses and training in
addition to the safety requirements."
Cones: "The release of the Joint Recommendations for HCIR Best Practices was the
beginning of an effective dialogue between vendors and their customers. We all have the
same goals and we will continue to support our customer's efforts to ensure the safety and
confidentiality of their patients. The HCIR Best Practices meet, and in many cases, exceed
most requirements we have seen from our customers. The opportunity for vendors and
providers alike is to align to common standards, not only meet our common goals, but to do
so in a manner that does not increase the cost of healthcare delivery.
6. "We are seeing that when providers and vendors work together and review the opportunity
provided by standardization it becomes a quick 'win/win.' One great example is Mayo who
implemented these standards in 2012. Their safety record remains strong, the credentialing
process is much more efficient and they maintain consistently high standards of
compliance."
Reed: "One challenge for all suppliers is the administrative process and cost that comes
with vendor credentialing. The standards for becoming credentialed at healthcare systems
vary widely and universally. For example, at one hospital in Chicago a representative needs
to meet only four criteria in order to be credentialed at the hospital. At another facility in
Chicago, 17 different criteria are required, including background checks. Managing the
credentialing for all of our in-field representatives requires several full-time employees
dedicated solely to making sure our representatives can physically enter a hospital.
"From our perspective, patient safety should be the goal of vendor credentialing, so it
logically follows that the industry could create a standard to ensure that every patient
across the system is protected equally."
Goyne: "As the largest vendor credentialing provider, IntelliCentrics is working towards a
standard set of credentials and best practices. With an installed base of over 6,000 facilities,
our members already enjoy a high level of consistency within our footprint. We regularly
share our experience across all facilities with our hospital clients so they can see the level to
which credentials at hospitals across the country are being utilized.
"We continually work to maintain a stance of neutrality and regularly recommend against
certain credential requirements that are out of the ordinary or would be overly burdensome
for vendor representatives. If we've learned anything over the years, it is that each hospital
has its own culture, needs, priorities and philosophies. Until TJC changes its policy to survey
entire systems instead of individual facilities, each one will continue to have its own
requirements regardless of any universally accepted best practices. This industry needs
companies such as ours to act as the buffer that tempers those requirements.
"We believe part of our job is to inform and assist our clients attain a higher level of safety
and compliance. We do this by staying abreast of regulatory compliance trends and how
they could impact their world. To help us do this, we have a full-time standards and policy
professional on our staff who works directly with regulatory bodies to ensure that we
understand the latest requirements.
Our business decisions are backed by Centers for Disease Control and Prevention (CDC)
recommendations, OSHA requirements, TJC standards, CMS regulations and HHS programs.
It's worth noting that in the past five years, the CDC, HHS and TJC have changed the
definition of 'healthcare personnel' to include 'unpaid' individuals. This brings
vendors/suppliers into the same arena as facility and staff, and requires they comply with
many of the same education, training, immunization and other policy-driven standards and
requirements as hospital staff."
G. Johnson: "Vendormate provides all hospitals with recommendations of best-practice
policies and procedures for vendor credentialing requirements. By following these
recommendations, a hospital can achieve its objectives for high compliance to its policies by
the vendor community for both on-site access and company credentialing and
authentication.
7. "We see providers adopting a common set of policies and procedures with fewer and fewer
having outlier policies creating a standards list that applies to almost all hospitals. Any
hospital specific requirements can be handled through our software making it easy for a
vendor to be in compliance to each hospital's requirements. As new regulatory requirements
are developed (e.g. HIPAA security and business associate final rule of 2013), some
providers are quicker to act on it than others, but it soon becomes a common requirement
for all providers. Vendormate works quickly to update our software streamlining the process
and making it easy for vendors and providers to efficiently accomplish the required tasks."
Boykin-McLean: "We, as an industry, have looked at this through various resources. There
are three companies in the industry now that are serving the needs of the healthcare
community. And the healthcare industry as a collective has established our industry
'standards.' We all provide similar processes and procedures that are dictated by the needs
and at the discretion of individual healthcare facilities. Every facility will have their own
established 'Best Practices' and expect their credentialing partner to provide them with the
service they need. We are in the customer service arena, and as such, strive to provide our
customers with the service and expectations they desire - whether that is on the supplier's
side or the provider's side."
In an ideal world, how could/should/would vendor credentialing work in terms of
supplier and provider participation where both sides are "reasonably happy" with
effective compromises that add value, not costs, and can reach a consensus? Is
that even possible or will there always be winners and losers to an extent?
Mairose: "In an 'ideal world' all would behave in a professional manner, the needs of the
environment of care would be the most important focus, and no one would need to worry
about cost reductions or sales bonuses, healthcare would be free to all and so would the
products used to provide that care. So let's step back to reality for a moment.
"General consensus has been achieved within the coalition standards. The more expensive
and onerous requirements are linked to regulatory and provider credentialing requirements
based on protecting the patient and the environment of care. Increased regulatory
requirements means increased costs. Our objective should be to minimize that cost for all
parties.
"The credentialing issues that are often cited between supplier and supply chain
management is an amplification of a much larger dysfunction in the marketplace. All parties
need to recognize that collaboration is the better path and there is a need for representative
access to caregivers, however through a clear and formal process governed by the
provider. The underlying dysfunctional dynamics of the contracting/sales cycles are not
sustainable in a post Patient Protection and Affordable Care Act environment."
B. Johnson: "Eight years ago there were no 'national' vendor credentialing
companies. Many provider companies were trying to do this work themselves, but it was
costly and generally ineffective. Four years ago there were six-to-seven companies. Today
there are just three major ones. The good news is that there are fewer. The bad news - as
the market consolidated they raised their prices. There is more standardization now but
suppliers still have to pay multiple fees and conform to multiple credentialing standards.
"From a provider viewpoint I sympathize with the supplier complaints but without the
vendor credentialing companies we would be a ship without a rudder in this area. We would
8. not be able to control vendor access to our facilities for both safety and contract
management control."
Cones: "Alignment to the high standards stated in The HCIR Best Practices will improve the
value through consistent application of requirements, improved compliance levels and a
reduction in the cost to deliver quality healthcare. There are many good examples of where
alignment on high standards improves quality and reduces cost. One that everyone can
relate to is a driver's license. Drivers move freely from one state to another because states
have aligned on the requirements for holding a valid license and a driver's license is an
indication that drivers have met the requirements to safely operate a motor vehicle. If
licensing standards for drivers varied from one state to another, it would slow the process,
increase the cost and have very little impact on driver safety."
Reed: "I certainly think it's possible. If we had a universal standard, and a mechanism in
place to help manage that standard, there is potential for a lot of cost, time and energy
savings across the industry. For example, some of the requirements for getting our
representatives credentialed need to be renewed every year. And, hospitals can change
their vendor requirements at any time. We are often reinventing the wheel with these
processes. A universal standard would be more efficient and save suppliers and healthcare
systems time and money."
Goyne: "In order to provide a safe environment for patients, hospital administration, staff
and vendor representatives should work together to create a culture of vigilance. The result
would be fewer adverse events and more successful outcomes, and the winners would be
patients and their families.
"What is important and painful to the provider should be of keen interest to the
suppliers. For example, take National Patient Safety Goals: they are a virtual laundry list of
their client's highest priorities. Credentials are being required for a reason, it means they
are a point of vulnerability and risk. Suppliers should look for ways to ease those pain
points. That would be a win-win.
"Vendor credentialing should always remain neutral and remember we represent both sides
of the coin. We are the bridge between those who have needs and those who are needed."
G. Johnson: "Regulatory requirements concerning fraud and abuse, HIPAA data security,
plus the goals of improving patient safety and controlling costs, are not going away.
Vendor-company and representative-level credentialing needs to be a streamlined process
for both parties.
"We take the approach of housing company and representative specific documents in a
central repository to allow sharing of these documents, as required, across all of the
hospitals where a vendor does business. This includes hospitals that may have a different
company managing their on-site rep access and credentialing. By centralizing documents in
a repository, we eliminate the need for the vendor company to provide each document to
each hospital, which can greatly reduce time and costs. This has become even more
important with the new HIPAA business associate oversight requirements. Having the
functionality to request and share these company level documents at the corporate level
can free up the vendor representatives' time and ensure documents are not being signed
inappropriately. Streamlining these document exchange processes between hospitals and
vendors takes a major step in achieving the regulatory and business goals, and provides a
level of 'reasonable happiness.'"
9. Boykin-McLean: "As the vendor credentialing industry begins to mature, you will begin to
see a broader-based product evolve, one where the perceived lack of value on either a
provider or a supplier side diminishes. We, as an industry, will begin to offer more products
and services that do more than just base credentialing. This would build a level of value and
begin to help suppliers with their industry concerns as well. You are seeing some things
currently, such as effective appointment setting as well as online training. The perceived
lack of value in the past has opened up some great opportunities to build functions and
features into the system that makes it a tool for everyone within healthcare."
Now that we're a few months into operating under the Affordable Care Act (ACA)
how is President Obama's healthcare reform initiative shaping or reshaping the
health, welfare, spirit and letter of vendor credentialing, if at all?
Mairose: "It is fair to say that over the past six months suppliers and providers are
engaging in serious conversations focused on asking 'how do we do business differently?'
While this is not directly related to credentialing, it does begin to address underlying
dysfunctions between providers and suppliers.
"As well, there is a recognition that the industry is facing considerable downward cost
pressure for all players. Unfortunately, most providers and suppliers are not prepared to
operate within a new world order that requires meaningful collaboration to reduce cost. If
the ACA serves as a catalyst to get suppliers and providers to focus on cost as opposed to
price and margin, supplier credentialing will quickly become a less divisive issue."
B. Johnson: "I don't see much changing. We still have a need to protect our patients and
employees. We also have a need to curtail uncontrolled supplier access to hospital
employees and management for the purpose of introducing non-contracted supplies and
services. There are too many providers (6,000 hospitals) and too many suppliers (2,000+)
to depend on 'trust' to achieve the same outcomes we get from utilizing vendor
credentialing companies to help us."
Cones: "Cardinal Health will continue to work with our customers to help them manage
through changes in healthcare delivery under the ACA including any impacts to vendor
access requirements. However, at this time we are not seeing any significant changes as a
result of ACA."
Reed: "It's a little early to tell how the Affordable Care Act will affect vendor credentialing
specifically. However, I think it's fair to say that every aspect of healthcare is under scrutiny
right now. There is an interest in investigating the cost of doing business in healthcare.
Everyone wants to eliminate cost from the system. And anything that adds significant time,
money and energy on the supplier side or the provider side will likely be held to a higher
standard in the future."
Goyne: "ACA's movement towards greater transparency in healthcare would appear to
support the expansion of credentialing, training, background checks, etc. to more groups
present in a facility. Most facilities and their CEOs are dealing with a great deal of unknowns
at this time. Revenue is down mostly due to a shift in payer mix and reimbursement
reductions. Most healthcare CEOs are looking for ways to increase efficiency and drive down
costs. We are in the process of developing new training, credentialing and verification
services to address regulatory compliance needs and drive even more costs out of
healthcare."
10. G. Johnson: "Vendor credentialing has greatly expanded beyond the task of managing
third-party representatives in the facility. Credentialing the vendor company to ensure they
are a valid business, financially and legally sound and sanction free is just the beginning.
Regulatory agencies have communicated that they will increase their focus on fraud and
abuse issues including physician-vendor conflict of interest, physician owned
distributorships, clinical product/service vendors and how performance is evaluated against
requirements.
"HIPAA data security and preventing patient data breaches by providers and their vendors is
another area of focus (note that in 2013 almost half of healthcare organizations reported
more than five data breaches and forty percent involved third parties, according to the
Ponemon Institute in 2012). We see vendor credentialing evolving to vendor management
and integrated with the provider's procurement processes for cost, quality, and regulatory
performance. This evolution - in some cases is directly because of the ACA and in other
cases it is because of better business practices and controls being adopted by providers. The
shift from fee-for-service to a pay-for-quality outcomes is driving hospitals to take a closer
look at their supply chain and their vendor population to ensure they are only working with
vendors who help them achieve success going forward."
Boykin-McLean: "Regarding the spirit of vendor credentialing, the intent for improved
transparency is being adopted or accepted at the hospital/facility level. Speaking with
several thought leaders in acute care settings, the discussions are centered around
integrating the conflict of interest programs into their vendor credentialing process. Conflicts
of interest have always been a consideration with medical staff under the Stark law. Now it
may very well be a part of vendor credentialing as hospitals seek full disclosure with respect
to relationships between vendors and referral sources.
"As vendors report payments to physicians for CMS, hospitals might want to know which of
these vendors have potential conflicts of interests with their own medical staff for purposes
of Stark liability. The vendor credentialing process could be an easy way to gather
documentation around COI that has been somewhat elusive in the past. A big concern is
that once CMS is armed with the information regarding vendor payments to physicians, the
hospital might be subject to increased scrutiny for inappropriate agreements/payments to
referral sources, especially if the hospital's vendors are in fact owned by, or providing
disproportionate 'payments or transfers of value,' to physicians or hospital referral
sources."