blog

Exposing Hidden Threats in Vendor Access Program And How to Remediate Them

Written by Mickey Meehan | October 11, 2024

 With accreditors and administrators insisting on more stringent access controls, healthcare providers must ensure that their indirect partners are demonstrating the same level of compliance  as their full-time employees - especially when it comes to  immunizations, drug screenings, and background checks. And yet all non-employee credentials are typically vetted by their employer, not the healthcare providers themselves.

While the ANSI standard provides a foundational framework for vendor credentialing, it's essential to recognize that there are challenges to how those standards are applied. To ensure optimal security and compliance, healthcare administrators must develop and enforce stringent acceptance criteria tailored to their specific needs.

 A significant oversight in many vendor credentialing programs is the reliance on letters of attestation. The acceptance criteria for background checks in the construction industry are often determined by individual suppliers, leading to inconsistencies and variations across different vendors. This issue is further exacerbated by the complex relationship between contractors and subcontractors, which can introduce additional layers of complexity and vulnerability. 

These written submissions from vendor partners often lack the necessary rigor and 
verification to guarantee the safety and reliability of the individuals they send to your facility.

“The challenge with attestations is there is no real way to verify them,” says Mickey Meehan, 
CEO of Green Security. “Relying solely on letters of attestation from suppliers to authenticate 
the qualifications of their personnel poses a very real risk to hospitals. By creating paths to 
authenticate supplier credentials, providers can enforce compliance.”

What are the risks?

Relying on letters of attestation for vendor verification can lead to severe patient safety, 
financial, and operational risks, including:

 Patient Safety  Legal and Financial   Operational 

Increased infection risk:
Lack of verified immunization 
records can expose patients 
to preventable diseases.

 Compromised patient care: 
Unqualified or untrained staff 
may provide suboptimal care, 
leading to adverse patient 
outcomes.

Data breaches:
Employees without HIPAA
training may inadvertently
disclose sensitive patient
information.

Liability:
Hospitals could be held liable for incidents caused by unqualified or negligent contractors.

 Financial loss:
Fraudulent activities, such as overbilling or theft, can occur if vendor employees are not properly vetted.

 Regulatory non-compliance:
Failure to adhere to strict patient 
safety and privacy regulations can result in hefty fines and penalties.

Disruptions in service: 
Unreliable or underqualified contractors can hinder hospital operations and patient care.

Reputational damage: 
Negative publicity due to patient safety incidents or data breaches can harm the hospital's image.

Protecting Your Facility: Beyond the Letter

To mitigate risks associated with vendor attestation, hospitals must find a way to substantiate 
claims. This includes direct verification with HR departments, comprehensive background 
checks, and ongoing compliance monitoring.

 “For us, it’s a matter of compliance enforcement and risk aversion,” shares a Supply Chain 
Director of a health system in the mid-west “There is a need to hold persons entering NICU, 
operating rooms, and patient rooms alike to the same standard we do our full-time employees. 
That’s where Green Security comes in to support our safety and compliance efforts.”

 Green Security takes a stricter approach, eliminating reliance on letters of attestation 
altogether. We mandate annual background checks so that healthcare administrators have 
current information on third-party personnel, including sub-contractors. With improved 
oversight, your Vendor Access, Credentialing and Compliance program will significantly 
enhance patient safety, protect financial interests, and preserve their reputation.