Why Systemwide Vendor Credentialing Compliance Is Vital for Health System Safety

By Jennifer Williams, RN, MBA, PhD, JD

February 2020 saw the first confirmed death of a United States citizen from COVID-19. Over two years later, the pandemic has kept hospital safety at the forefront of public consciousness. As health systems continue to deal with the lingering impact of the pandemic and the heightened importance of safety protocols in facilities, leaders realize that patient safety is a complex problem requiring multiple initiatives to solve. As one step to help create the safest possible environment for patients, staff, and visitors alike, these professionals can develop and ensure adherence to well-designed facility access policies.

Within the context of a once-in-a-generation pandemic, healthcare compliance has evolved rapidly. Shifting rules, regulations, and standards have required health system leaders to revisit, reevaluate, and reinvest in their compliance strategies. A robust compliance program helps health systems better address this evolving landscape and better protect their organization from additional risk.
Part of exploring best practices for maintaining a robust compliance program is to consider the importance of credentialing compliance. Typically, one understands the term “credentialing” as referring to the medical credentialing and privileging process. However, there is another important type of credentialing that often receives less attention: vendor credentialing.

Vendor credentialing represents a subset of the overall health system compliance program. Obtaining a compliant badge to gain entry to a health system is an example. In a well-developed and well-run compliance program, vendors and vendor representatives must be vetted and credentialed to ensure compliance with the health system’s policies.

Committing to systemwide vendor credentialing compliance
With all this in mind, a robust vendor credentialing compliance program depends on health system leaders committing to systemwide compliance. This means that all levels of a health system—from the very top down—must commit to creating a well-rounded program that will help ensure the safety of everyone in a healthcare facility.

A system that fails to meet its vendor credentialing compliance obligations can jeopardize customer loyalty and trust. In fact, reputational risk encourages systems to comply with regulations. Having an effective vendor credentialing compliance program makes it clear to stakeholders that compliance is a top priority. It demonstrates a commitment to doing the right thing.

At the height of the pandemic, health systems relied on comprehensive vendor credentialing systems to vet new vendors. To increase efficiency, standardization of vendor credentialing programs became essential, and some health systems’ compliance professionals have chosen to adhere to six characteristics to increase success:

  1. Compliance is a continuous process
  2. Compliance identifies known requirements
  3. Compliance identifies how and why we do what we do
  4. Compliance enhances standardization
  5. Compliance enhances safety
  6. Compliance makes it easy to see and improve upon mistakes

Considering these characteristics, systemwide vendor credentialing compliance should focus on three distinct areas: building awareness of the shifting health system environment, standardizing policies across facilities, and creating a culture of compliance.

Building awareness of shifting regulations
The lingering effects of COVID-19 have led to the constant shifting of vendor credentialing policies. To create systemwide compliance, health systems must be aware of and prepared to address these ongoing changes.

Compliance professionals must understand the regulations applicable to their system and how they apply. By integrating new laws, regulations, or standards into its vendor credentialing compliance program, a health system can craft more detailed policies and guidance, develop targeted training, and promote other aspects to help institutionalize knowledge across the organization.

Given the many regulations and standards in place, health systems need to consistently work to reduce opportunities for compliance failures that could result in unsafe scenarios. They must go beyond the minimum requirements for vendor credentialing compliance and keep abreast of regulatory developments. Leading by example and keeping up with change is imperative for a robust and up-to-date vendor credentialing compliance program. For health systems seeking to create systemwide compliance, setting up an effective program and instituting training for all members of the system is vital.

For example, in June 2021 the Occupational Safety and Health Administration (OSHA) created its COVID-19 Emergency Temporary Standard in the wake of President Biden’s “Protecting Worker Health and Safety” executive order to create the safest possible environment for healthcare workers. This standard has been withdrawn effective December 2021, exemplifying that standards are constantly changing.

Another example of a standard for compliance officers to consider is the Joint Commission Leadership standard. This measure is particularly important within the context of systemwide compliance since it outlines that the governing body is ultimately responsible for a health system’s safety and quality of care. It is vital for health systems to employ a well-designed credentialing compliance system that strives for a patient-centric culture of safety.

It’s also important to keep abreast of how governing bodies interact and develop guidelines cooperatively. For instance, The Joint Commission and OSHA recently announced a partnership to arm healthcare workers and the healthcare industry with information, guidance, and training resources to help create the safest environment possible. This alliance partially aims to raise awareness of OSHA’s rulemaking and enforcement initiatives for health systems. Education across the entire health system is key on this front. The Joint Commission urges “mandatory education” for health systems, but it’s up to each health system to decide what education to deliver.

A prevalent labor shortage and an uptick in workplace violence are growing issues across the healthcare landscape. It’s critical to focus on adhering to standards and regulations intended to help improve safety and security. The troubling rise in workplace violence has led to states pushing forward legislation to protect healthcare workers. In fact, the Wisconsin Assembly recently passed legislation that would make it a felony to threaten a healthcare worker. The issue has become so widespread that American Medical Association President Gerald Harmon published an op-ed this February calling for an end to threats, intimidation, and attacks toward healthcare workers. In his piece, Dr. Harmon pointed out that healthcare workers have been 50% more likely than other community members to be harassed, bullied, or hurt during the pandemic.

With these unfortunate statistics in mind, it’s important to remember there are standards in place that seek to protect health systems and their workers. For instance, The Joint Commission’s standard EC.01.01.01 requires organizations to create a security management plan. Systems seeking to create the safest possible environment should organize their systemwide compliance program to best adhere to safety standards from The Joint Commission and other regulatory bodies. While nurses and other healthcare professionals await additional assistance from the government, maintaining a systematic approach to credentialing compliance is one way to relieve pressure on and improve the safety of overburdened staff.

Standardizing processes across facilities
To maintain systemwide vendor credentialing compliance that drives optimum safety, it is vital to strive for standardization across all health system facilities. Just as the airline industry institutionalized heightened safety and security protocols over the past two decades, the healthcare industry has opportunities to increase safety measures as well.

In addition to the aforementioned six characteristics of compliance and three key actions, another good rule of thumb for compliance executives is to use the DMAIC (Define, Measure, Analyze, Improve, and Control) methodology to structure vendor credentialing compliance processes and standardize goals. In this model, compliance leaders first focus on defining compliance problems before using technology to measure and analyze compliance goals and successes. From there, compliance professionals use those outcomes to set markers for improvement and set up methods to control and maintain vendor credentialing compliance success.

For vendor credentialing, the best way to achieve standardization is to adhere to the “five-part framework,” meaning health systems need to focus on compliance at the following five levels: system, vendor entity, representative/visitor, document/policy, and badging.

System level
Health systems should consider the scope of facilities covered from a vendor credentialing perspective, including not only primary acute care facilities but ambulatory surgical centers, clinics and specialty centers, diagnostic centers, and long-term care facilities. Internal data from GHX has revealed that more than 50% of health systems do not enforce vendor credentialing in non-acute facilities. Focusing on vendor credentialing compliance across all facilities is incredibly important, especially given the increase in procedures taking place outside the acute care setting.

Vendor entity level

All vendor organizations should be registered, not just those with representatives who come on-site to visit the OR, ICU, or other clinical settings. Health systems cannot continue to overlook such potential discrepancies, as they can introduce significant credentialing compliance gaps. By properly vetting and thoroughly monitoring all vendor entities, health systems are in a better position to create safer environments.

Representative/visitor level

Health systems should properly credential all vendor representatives who do business with the system. This means going beyond the sales and clinical support professionals and extending credentialing to representatives like independent IT contractors. As is the case with vendor entity–level credentialing, representative credentialing requires improvement nationwide. GHX data shows only about 60% of representatives who need proper credentialing are registered on credentialing platforms. The goal in credentialing all representatives is to help provide a safer and more secure health system environment.

Document/policy level

Health systems should fully comply with administrative rules and with hospital policies and procedures, in addition to the rules, regulations, and standards from governing bodies. These types of requirements may include the following vendor information: sanction checks, criminal background checks, federal tax identification numbers, immunization/vaccination records, educational training documents, and any additional documents required to meet health system, local, state, and national mandates.

Badging level

Finally, all vendor representatives should be “fully badge compliant” to enter a facility—and any representatives who do not meet qualifications should be denied an entry badge. A systemwide culture of compliance is incredibly important for this to work. Health systems should require representatives and visitors to wear visible badges at all locations, departments, and facilities. They can facilitate this by using technology like automated check-ins and providing check-in kiosks in areas with high foot traffic.

Creating a culture of compliance
Health system leaders must understand that vendor credentialing compliance is not a “one and done” process. They must continue to assess their vendor credentialing compliance programs and identify ways to make continuous improvement. By doing so, they can create a culture of compliance that leads to top-down educational strategies and structured methodologies that improve safety for staff, patients, and visitors.

Support from the top is essential. CEOs and other senior health system leaders must commit to maintaining a robust and systemwide vendor credentialing compliance program and promote those values to the staff on an ongoing basis. It all comes back to the need for continuous education. If the C-suite is invested in the importance of the vendor credentialing compliance program and committed to educating everyone involved, these programs will not just succeed but can thrive.

As a result of the COVID-19 pandemic, the importance of safety and security protocols within hospitals will continue to be a major issue for the foreseeable future. For health systems to address this reality, it is vital to strive for systemwide vendor credentialing compliance. Healthcare executives and compliance professionals must focus on building awareness of and positive response to the shifting healthcare regulatory environment, standardizing policies across all facilities, and creating a culture of compliance from the C-suite down. By investing in these three areas, health systems across the country have the opportunity to progress to systemwide compliance—better protecting patients, staff, and visitors in the process.

Jennifer Williams, RN, MBA, PhD, JD, is director of market development & education, credentialing, at Global Healthcare Exchange (GHX).