Do you know what you don’t know about your vendors?

In today’s healthcare environment, the term “Know your Client” gets thrown around in compliance circles. What does it mean?  How do you get to “know” your vendor and why should you even try or care?  Vendors are an extension and sometimes a face of your organization as far as the client, patient or regulators are concerned. So getting to “know” them is vital.

Vendor procurement and vendor selection is both an art and a science in today’shealthcare industry. You might not know it, but vendor procurement has long been part ofhealthcare. But, traditionally, it has not utilized the cutting edge technology and has always coordinated with compliance departments. Healthcare systems in this area are archaic and departments were in silos when it came to employees vs. vendor risk managementHuman resources and talent management software has evolved greatly in the past decade and a vendor that contracts with a healthcare organization has likely integrated with the likes of ADP, Lawson, Taleo or WorkDay. However, vendor procurement has not been as evolutionary. In most cases, we see hospitals and long term care organizations using Excel or other basic tracking tools in the attempt to stay current and up-to-date with their vendor information. As a result, the vendor risk management software/databases hospitals and long term care organizations utilize are home grown and not able to easily, reliably and comprehensively ascertain key company identifiers to track, bill or monitor the vendors’ legal status.  

The challenge here is that the legacy systems and processes lack consistency in collecting, inputting and managing all relevant and key data points. For example, many vendor masters we see include a minimal amount of information – D.B.A name (legal name if we are lucky) and P.O. box, because that is all that is needed to cut a check. Much of the information that is helpful for meaningful vendor screening — TIN, physical address, etc.— is lacking because legacy systems/archaic processes were set up without the foresight to using the data for other meaningful purposes.

Minimal Vendor Data to Collect:

  • Legal name
  • DBA name
  • TIN
  • Physical address
  • Ownership

What type of data are we talking about?

One imperative component of effective vendor screening is examining the financial health of the company. After all, it could put your company’s reputation, and even ability to service your client, in peril if the vendors you rely on are not able to deliver and/or have a history of defrauding or defaulting on their commitments.

The following 8 items should be checked and/or monitored:

  • Credit History Score – payment trends and risk score/rating
  • Dunn & Bradstreet – Business Profile
  • Bank references for payment history-
  • Ownership/subsidiaries/parent company
  • Possible civil litigation, judgments. tax liens, UCC’s and/or Bankruptcy Search
  • News Periodical/Google Search – derogatory comments or news stories
  • Search against your internal database for history and feedback
  • Does the company have a Government Services Administration (GSA) Number- if so, they have to disclose their lowest prices

Most healthcare organizations don’t have good data in order to know their vendors (and financial information is only one important area of knowing your client). Among other important information outlined above, knowing the financial stability and legal structure of your vendor might be an extra step to dive into — especially if your products and services are dependent upon their delivery, reputation and quality.

Michael Rosen, ESQ

Written by Michael Rosen, ESQ
ProviderTrust Co-Founder, mrosen@providertrust.com

Michael brings over 20 years of experience founding and leading risk mitigation businesses, receiving numerous accolades such as: Inc Magazine’s Inc 500 Award and Nashville Chamber of Commerce Small Business of the Year
Connect with Michael on Linkedin