The trusted source for
healthcare information and
Vendor credentialing by outside companies gaining more attention
As much as risk managers might like to tightly control access to patient care areas and other sensitive parts of a healthcare facility, the nature of the business requires having salespeople and other vendors on-site regularly. Perhaps the most invasive visitor is the salesperson who needs to be in the operating room (OR) during surgery to provide guidance to a doctor using new equipment.
Hospitals are tightening their policies and procedures on those visitors, with many implementing requirements for training in infection control and OR protocol, along with immunizations and background checks. Dan Flynn, a surgical instrument sales representative with K&D Medical in Columbus, OH, has been visiting ORs during procedures for 35 years and says hospital policies have changed a great deal in that time.
"They had to put a stop to the free flow of reps going into the OR. It was just too much," Flynn says. "Thirty-five years ago, there were just a handful of us going into the OR, and we were trained, and the hospitals knew they could trust us. Now there are so many reps that hospitals are saying they need some way to certify us and verify that we can be there without threatening patient safety."
Hospitals have always expected surgical salespeople to be knowledgeable about OR procedures and never interfere with the procedure, Flynn notes. They are not allowed to make a sales pitch of any kind during the procedure, he says. Rather, they are there to observe, for their own benefit, and to offer guidance to the surgeon on how best to use the instrumentation. Most equipment manufacturers provide training for their salespeople on how to conduct themselves properly in an OR or other patient care setting.
However, now hospitals are requiring more formal training in bloodborne pathogens, privacy issues, and similar concerns, Flynn says.
Avoid liability with training
The increased focus on vendor credentialing is necessary to protect patients and avoid significant liability risks, says Sharona Hoffman, JD, professor of law and bioethics, Edgar A. Hahn professor of jurisprudence, and co-director of the Law-Medicine Center at Case Western Reserve University School of Law in Cleveland, OH.
It is prudent to require training of salespeople before allowing them in the OR, she says. At a minimum, the person must be briefed on protocol and the major do’s and don’ts during surgery, she says. It would be better to have a formal training program on all the issues of concern, she says. Also, Hoffman says risk managers should require that the salesperson have a good reason for being in the OR.
"It’s reasonable to say that the surgeon is using a new instrument or device and might need some advice from the salesperson during the procedure. That is a legitimate reason to be there," Hoffman says. "If the salesperson wants to be there just to see the device in use, to gather information for the manufacturer, that’s probably acceptable too. If the person wants to be there just out of curiosity, probably not."
Require HIPAA compliance
Patient privacy is a significant concern. The vendor does not have a formal relationship with the patient and therefore is not legally required to comply with Health Insurance Portability & Accountability Act (HIPAA), Hoffman notes. However, the hospital should require compliance as part of its approval process, she says. (See the story on p. 112 for more on patient privacy.)
"The visitor in the OR should be required to follow all privacy rules, and that means they have to understand HIPAA and how it can be violated," Hoffman says. "There are obvious restrictions like no video cameras or photographs, but the salesperson also should be required to follow all HIPAA requirements just as if he or she was an employee of the hospital."
Most hospital systems are using an outside credentialing company to verify that the vendor is safe to allow on-site and in certain situations, such as surgery, Flynn says. The hospitals are turning to these outside companies to do all the verification, which frees them of that administrative burden but still gives them assurance that the vendor has been properly vetted.
To be credentialed by these companies, the salespeople and other vendors often are required to complete courses in specific areas of study, such as infection control. Two of the most prominent companies offering vendor credentialing are Intellicentrics in Flower Mound, TX, which provides the Reptrax vendor credentialing service, and Vendormate in Atlanta. (See the story below for more on how these services are provided.)
Relying on those companies can be a practical solution, Hoffman says, because the third party might do a more thorough job of checking the person’s background and training him or her than the hospital would. However, she points out that handing the responsibility over to a third party works only if you know that party’s stamp of approval is meaningful. To find out, delve into exactly what the company requires and how it trains people.
"When they say training, do they mean a five-minute video or something more substantive?" Hoffman says. "You have to know exactly what it means when they say someone is credentialed."
Companies offer free services
Reptrax and Vendormate services are provided to hospitals at no cost, with the salesperson or the employer paying for the credentialing, explain Greg Goyne, vice president of marketing at IntelliCentrics, and Gary Johnson, chief marketing officer at Vendormate. About 5,000 facilities in the United States use the Reptrax system, with about 400,000 vendors credentialed. Vendormate has about 1,900 facilities using its system and 63,000 companies credentialed. The companies can credential individuals and companies.
"The hospital has a way of verifying credentials that is more complete and more efficient than trying to collect paperwork from each visitor," Goyne says. "If The Joint Commission audits you, the credentials are available right away."
The credentialing companies can help a hospital achieve the level of scrutiny that most risk managers say they want of vendors, but which can be too much work for the hospital staff, Johnson says. "We see our job as making that process work as easily and effectively as we can for both parties, the healthcare provider and the vendor," Johnson says.
From a salesperson’s perspective, the vendor credentialing can be a valuable service, Flynn says. He cautions risk managers, however, not to depend entirely on the word of an outside company when vetting a salesperson or other vendor.
"The credentialing they offer is trustworthy, but remember that they’re also in the business of making money by requiring coursework and giving us the blessing that we need to get in the hospital and do our jobs," Flynn says. "The documentation shows that you took the courses, but it doesn’t necessarily show that you understand what goes on in the OR and how to conduct yourself. That comes from experience."
Relying on an outside company to credential vendors can result in more thorough vetting of hospital visitors and help you avoid a significant administrative burden, according to representatives from the two most prominent companies providing the service.
Hospitals that designate Reptrax as their credentialing service can determine what qualifications they require for salespeople or other vendors, and then the service will take responsibility for verifying that those standards are met, says Greg Goyne, vice president of marketing at IntelliCentrics in Flower Mound, TX, which provides the Reptrax vendor credentialing service.
Reptrax and Vendormate keep on file all the records showing the person's credentials. Those records might include training courses completed, immunizations, criminal background checks, and whether the person is on any healthcare-related watch lists for exclusion related to fraud. Both companies check for updates to the exclusion lists every month.
Once the vendor is credentialed by one of the companies, that information is available to all hospitals that use that company for verification. The vendor only has to provide the credentials once rather than doing it for each hospital visited. Information is updated in real time, but it is posted in the system only after an employee of the verification company has seen the document and confirmed it is legitimate.
When a hospital decides to use one of the companies, it makes credentialing by that company a requirement for access to the facility. Both companies provide kiosks in the hospital where salespeople and other vendors can check in and print a document showing they are approved by the credentialing company. The kiosks can print identification badges denoting what area of the hospital the person is allowed to visit.
"If the person tries to check in and the credentials do not meet the requirements of this hospital, access will be denied, and an alert will be sent to an administrator," Goyne says.
The hospital can drive the credentialing process, says Gary Johnson, chief marketing officer at Vendormate in Atlanta. By declaring that all vendors must be credentialed and have a badge for each visit, the vendors will respond by seeking the proper credentialing from the company specified, he says. The key, however, is that the hospital staff must enforce the hospital's own policies regarding vendors on site.
"If the OR staff says this is a salesperson who's been here every Tuesday for five years and we know him, so it's OK if he doesn't have a badge, everything falls apart. That can be the weak point," Johnson says. "You need to push for 100% compliance for any non-employee walking your hallways."
In addition to concerns over patient safety when salespeople are allowed in the OR, risk managers should consider requiring that patients be notified of the person's presence, says Sharona Hoffman, JD, professor of law and bioethics, Edgar A. Hahn professor of jurisprudence, and co-director of the Law-Medicine Center at Case Western Reserve University School of Law in Cleveland, OH.
"I think most patients would be pretty surprised to learn that there were people in the OR who were not doctors or nurses," she says. "It would be prudent to include that in the informed consent documents, and that would have to include giving the patient the opportunity to say no, to opt out of having outsiders in the OR during the procedure."
Informing the patient is not required by law, and some would argue that it's not even necessary in terms of ethical concerns. However, Hoffman says hospitals take a significant risk by allowing vendors in the OR without telling the patient. If the salesperson somehow contributed to an adverse event — by compromising a sterile field, for example, or distracting the surgeon — the hospital could be accused of negligence for allowing that person in the room. That liability is especially the case if the hospital could not prove that it adequately vetted the vendor.
Also, a plaintiff's attorney could make much of the revelation that a salesperson was present even if the vendor had nothing to do with the adverse outcome or even if the procedure went well, Hoffman says.
"Patients could just be upset that there are people there who are not directly involved in their medical care," she says. "This is the kind of issue that can lead to lot of ill will, bad publicity, once the patient makes his or her dissatisfaction public. The patient may have no damages and no real lawsuit to pursue, but you could still suffer bad press from allegations that you did not respect the patient's privacy."