Did you know you need to be monitoring your vendors for exclusions?
Specific to procurement and compliance, developing an effective strategy for vendor enrollment, monitoring, and management has become imperative for all healthcare organizations.
* Updated from original post on 12/17/2015 Healthcare compliance is complicated and full of regulations, guidelines, and oversight. Since federal tax dollars are used to reimburse health care providers for services, the Department of Health and Human Services (HHS) as well as the Department of Justice (DOJ) have oversight on how those dollars are spent. The purpose of this blog post is to give a basic understanding of exclusions, industry best practices, and a brief description of the federal exclusion databases.
Exclusion is a word we hear often in our line of work, but it can become pretty convoluted with multiple interpretations, definitions, and technicalities that could make your head spin. Many times, compliance professionals don't recognize where to search, what to look for, or how often they should be monitoring for exclusions. For starters, let’s take a look at how to perform a quick exclusion search via the OIG LEIE. It is the most reliable source for searching for possible excluded indiviudals or entities.
Vendor Database While exclusion monitoring certainly is not the primary purpose for your organization’s vendor database, the accuracy and completeness of the data is crucial for effective vendor compliance. Without complete and accurate vendor information, it is near impossible to be in compliance with the OIG’s guidance. At a minimum, we recommend that your vendor database contains ALL of the following data points for your vendors:
We're happy to announce an addition to our eBook collection! Our newest eBook, Beyond Employee Monitoring: Vendors, Contractors and Third Parties, dives into the complexities of vendor monitoring. From digesting new regulations to discussing best practices, we hope this book helps you tackle your job with confidence. Download our free Beyond Employee Monitoring eBook here to kick start your vendor monitoring process. Our eBook journey began with the release of The Ultimate Guide to Exclusion Monitoring. It covers everything you need to know about OIG exclusion monitoring and the OIG's regulations surrounding monthly monitoring and exclusion databases. We received an overwhelming amount of positive feedback for our exclusions eBook, so we decided to tackle the ins and outs of vendor monitoring as well. This 40+ page read covers the details and risks of not complying with OIG regulations as it pertains to vendor monitoring.
Procurement has a tough job. First, there are thousands of vendors and third parties that must be selected, vetted and then tracked each month. To complicate matters, most vendor procurement software services that exist were developed decades ago and have not kept up with the needs of today’s procurement departments for reporting, tracking and innovation. At ProviderTrust, we see this all the time. When conducting exclusion monitoring on individuals, the records are easily obtainable and identifiable in one or a few HRIS data systems. It is not complicated to pull, update and send an employee file for exclusion monitoring for human resource departments in today's healthcare environment; however, it is a totally different story when it comes to entity and third party data. Thus, it is not a surprise that there is procurement fraud in healthcare because of the world procurement and vendor risk management lives in.
Vendors play an important role in the delivery of healthcare. Most healthcare companies work with, on average, 1.5-2.0 times the amount of vendors than employees. For a hospital or long term care system, this can result in thousands of third-party contractors, vendors or suppliers each day. So, getting to know your vendor is an important tool for your compliace tool belt and brand. Did you know the OIG has guidance on monitoring for excluded vendors? For example, if a hospital contracts with a staffing agency (third-party vendor) for temporary or per diem nurses, then the hospital will be subject to overpayment liability and might be subject to CMP liability if an excluded nurse from that staffing agency furnishes items or services to Federal health care program beneficiaries. The same would hold true if the staffing company itself was excluded as an entity. Thus, the mere contracting with an excluded third-party company can result in civil fines and monetary penalties, according to the OIG.
We believe vendor procurement IS a big deal; and we aren’t the only ones who think so. In the eyes of the law, the vendors you hire, do business and/or contract with are considered an extension of your organization. Therefore, if they are excluded, not in good standing or your organization can’t demonstrate certain required documentation regarding the vendor, your organization is at risk. Following the law and monitoring your vendors on a monthly basis helps eliminate the risk. In our free healthcare webinars, we strive to educate healthcare professionals about various industry trends and best practices. In this webinar, you will learn the state of vendor procurement in healthcare as well as which vendors must be verified and monitored.
Do you remember the major Target breach in 2013? The repercussions of the breach raged on for quite some time after the initial security issue, costing Target a myriad of fines and penalties. A supplier in their supply chain caused the breach and before Target could even react, it was too late, they already lost the data. This is a modern day example that shows the importance of knowing your supplier and their operational practices. Vendor risk management is an increasingly important area of business mitigation just as it is for the healthcare industry. This blog will address why vendors are your responsibility to both check before contracting as well as monitor for exclusions each month (it will not address data breach related requirements of a business associate/vendor).
Do you know what you don't know about your vendors? In today's healthcare environment, the term “Know your Client” gets thrown around in compliance circles. What does it mean? How do you get to “know” your vendor and why should you even try or care? Vendors are an extension and sometimes a face of your organization as far as the client, patient or regulators are concerned. So getting to “know” them is vital. For more details on who your vendors are, check out these previous blog posts:3 Reasons why Vendor Credentialing just Makes SenseVendor Credentialing Service - are you doing enough? Vendor procurement and vendor selection is both an art and a science in today’shealthcare industry. You might not know it, but vendor procurement has long been part ofhealthcare. But, traditionally, it has not utilized the cutting edge technology and has always coordinated with compliance departments. Healthcare systems in this area are archaic and departments were in silos when it came to employees vs. vendor risk management.
The term “know your vendor” gets thrown around in compliance and procurement circles. By the time your organization selects a potential third party for its expertise and reputation you have likely expended money, time and man-hours to vet your third parties. You should also allot time to collect key information about the company. But that is not all. You have one last set of steps to conduct before initiating the relationship with your vendor - examining the financial health of a vendor. Why is the financial health of your vendors important? One imperative component of effective vendor screening is to examine the financial health of the company. After all, it could put your company’s reputation, and even ability to service your client, in peril if the vendors you rely on are not able to deliver and/or have a history of defrauding or defaulting on their commitments.
Vendor risk management is a process of ensuring your providers do not create the potential to negatively impact your business performance. Industries like financial services and healthcare are especially prone to regulatory healthcare compliance risk, due to the growing number and complexity of federal and state regulations.
The OIG provides the following guidance on ownership of an entity by en excluded individual: Special Advisory Bulletin. Excluded persons are prohibited from furnishing administrative and management services that are payable by the Federal health care programs. This prohibition applies even if the administrative and management services are not separately billable.