In healthcare, organizations are liable not only for the inherent risk associated with its own employees and services, but also for monitoring their third-party vendors who supply everything from medical equipment to kitchen supplies to ensure none are excluded from federal or state healthcare programs. Here are three reasons why it just makes sense to include OIG monitoring in your vendor credentialing strategy.
1. The Stakes are High
The fines for violations are too severe to take a passive approach with vendor credentialing services. Failure to accurately monitor vendors against the hundreds of state and federal exclusion lists could mean thousands of dollars in fines for a single instance of purchasing goods or services from an excluded vendor.
Just like using Medicare or Medicaid funds to pay an excluded provider, using Federal or State funds to directly or indirectly pay a company who is on the OIG Exclusion List for goods or services furnished to your healthcare organization will result in fines – $10,000 per good/service furnished plus up to three times the amount claimed.
2. Centralized Data Means Lower Risk
The actual task of organizing your vendor information can be strenuous for an organization. By nature, a credentialing service centralizes your information in order to run constant checks with the PPCA and against the OIG’s list of exclusions. The goal of monitoring the credentials of your vendors is to keep compliance risk low within your organization. We discussed vendor credentialing’s place in vendor risk management in a previous blog.
“Most healthcare organizations, especially networks whose growth strategy focuses on purchasing facilities (most of which have different accounting and procurement systems), struggle with aggregating vendor data into a centralized system. Without such a system, it’s mind-boggling to think about how to establish a risk management strategy for vendors.
Only once the data is collected and aggregated into a central database can you begin to wrap your mind around an overall risk assessment. Your risk assessment should identify the external (regulatory) and internal (policy) compliance issues, as well as benchmarking how each vendor you buy from performs on each compliance issue. Once you have a handle on this, you can begin to understand where to focus your efforts on mitigating risk.”
3. The Task is Ongoing
Compliance requires vigilance. With the current developmental state of regulation requirements in the health care industry, compliance now takes more effort than ever. To avoid the potentially crippling fines associated with paying Medicaid or Medicare money to an excluded vendor, your organization needs to stay updated on the latest rules and regulations. As the OIG continues to broaden and expand their exclusion authority, an organization not actively seeking updates to regulatory requirements and exclusion lists can go from compliant to “at risk” overnight.
When you consider the fines for violations, the risk associated with having data that’s not centralized, and the level of effort necessary to stay up-to-date with constantly changing regulatory requirements, incorporating exclusion monitoring into your credentialing strategy just makes sense.