Some Hospitals Outsourcing Vendor Compliance

[March 15, 2009, AJHP News]

Kate Traynor

BETHESDA, MD 02 March 2009—As hospitals grapple with the need to monitor who is in the building, some institutions have turned to third-party services to manage the flow of pharmaceutical company representatives and other vendors.

Roy Guharoy, chief pharmacy officer at the University of Massachusetts (UMass) MemorialMedicalCenter, said his 1100-bed health system uses Atlanta-based Vendormate to keep tabs on drug company representatives and ensure that they comply with institutional policies and important regulations.

Vendor Access Rules and Regulations

Federal laws, regulations, and policies that relate to vendor access to hospitals include the

Department of Health and Human Services Office of Inspector General list of entities excluded from participation in federal health programs,
Physician Self-Referral law (“Stark” law),
Occupational Safety and Health Administration Bloodborne Pathogens Standard,
Department of Treasury Office of Foreign Asset Control list of specially designated nationals and blocked persons,
Centers for Disease Control and Prevention’s immunization guidelines for health care workers, and
Federal antikickback laws. State laws may also affect vendor access within hospitals.

The Joint Commission requires accredited hospitals to have human resources policies in place that address vendor access.

Ken Powers, the Joint Commission’s media relations manager, said his organization has decided against issuing new standards for vendor credentialing because no consistent way exists to assess vendor competency.

Through Vendormate’s online portal, representatives sign in at a kiosk and print out a photo identification badge. The badge lists the name and department of the person the vendor has an appointment with and the purpose of the visit.

Guharoy said the health system requires vendors to provide proof of immunization and acknowledge that they have read and will abide by the UMass Memorial code of conduct and other policies. Vendormate manages the documentation and also screens the company and the representative against federal lists of excluded entities and individuals, the TerroristScreeningCenter’s watch list, and other relevant compliance databases (see sidebar).

Before the system was instituted last year, Guharoy said, “we [were] bombarded with sales reps all the time.”

“They were everywhere,” he said. “No badge, no appointments, even sometimes you would see them in the patient care areas.”

But now, he said, vendors “get a badge for one day, and they come and visit the individual and leave. It’s really a good system, and we really control the access very well.”

He said vendor traffic in the health system has dropped substantially, and the pharmacy staff spends much less time now dealing with vendor compliance issues.

The University of Chicago Medical Center also implemented Vendormate more than a year ago, said Dave Hicks, the health system’s chief pharmacy
officer.

Hicks said the medical center already had a vendor-management policy in place, but compliance was inadequate.

“The vendor would make an appointment with somebody at the hospital, and that would get them through security,” Hicks explained. “And then they’d spend the day in the hospital trolling the hallways, essentially, and looking for people to have ad hoc conversations with.”

Hicks said the Vendormate system helped put teeth into the existing policy and was supplemented by other changes in rules for vendors. These included an appointment-only policy and new limitations on which parts of the hospital vendors may visit. In addition, the medical center now requires vendors to attend a one-hour orientation on the medical center’s expectations for its business partners.

The program rollout also included education for staff about permitted vendor activities and the medical center’s expectations for vendor behavior.

“There’s actually a survey that the employees fill out when they meet with a vendor or see people in the hall in terms of, did they act appropriately, were they courteous, did they restrict themselves to following the guidelines,” Hicks said. “If they’re violating any of that, it goes into their record, and then there’s corrective action or penalties, the worst of which is they are banned and their company is banned from doing business on campus.”

Vendors must sign out after their visit, and the medical center for the first time has specific data on each representative who interacts with staff.

“From a pharmacist’s standpoint—particularly the clinical pharmacists who work with some of the vendors and see them from time to time—they like it,” Hicks said. “Because it finally gives us a handle on knowing who’s here, when, and why.”

The University of Iowa Hospitals and Clinics revamped its vendor-management policies in 2005 and last year started using Lewisville, Texas-based Reptrax to verify vendor credentials.

The Web-based Reptrax system is overseen by the hospital’s Procurement Services department, said Clerk III Shirle Dohrman. Before making an appointment and receiving an identification badge, vendor representatives must register with Reptrax and pass a quiz on university policies. In addition, she said, all representatives must submit to Reptrax proof of vaccination, obtain proof of competency from their employer, and submit other documentation.

Terri Stoner, the hospital’s University HealthSystem Consortium liaison, said she has received a lot of positive feedback from her colleagues about Reptrax and the overall vendor-management policies.

In addition, she said, the university’s compliance office is “thrilled to death that we have all this documentation and we can easily get it online.”

All three health systems phased in the rollout of their new vendor policies to gain staff and vendor acceptance.

“I think it was a big challenge for the representatives, because it’s totally different, and they are used to a totally different culture,” Guharoy said.

UMass Memorial implemented the new vendor-management system as part of a large package of conflict-of-interest reforms. These included eliminating gifts, meals, supplies, and sponsorships from vendors and placing the control of drug samples under the pharmacy department, with strict procedures that limit the circumstances under which samples are accepted.

Guharoy said one drug company representative contacted the health system’s chief executive officer to complain about the new restrictions. But Guharoy and the chief compliance officer met with the representative and reassured her that the policies were not designed to prevent access but to provide it in a different way.

Hicks said some sales representatives grumbled initially about the paperwork burden and costs associated with Vendormate.

“When they fill out the application, there are about 150 fields of information that they have to provide. So the vendors and manufacturers are not thrilled with this,” Hicks said. “And then there is an application fee.”

Vendormate’s annual fee ranges from $25 to $250 per organization, depending on the level and intensity of the vendor’s contact within the hospital and the compliance issues at stake.

“The $25 ones are companies that, basically, are relatively small in terms of volume with the university and very infrequent with their visits,” Hicks explained. At the high end, he said, are companies with “tens to hundreds of thousands of dollars” in annual sales to the university and multiple representatives, some of whom may have access to patient care areas.

Guharoy said he came to UMass Memorial from a much smaller hospital. He said security staff operated the hospital’s access policies, which included managing vendor registration and appointments and issuing badges.

“That’s doable because it’s just one entity, one building; you can control it,” Guharoy said. “But here, that’s impossible, because we have many different campuses and a lot of clinics and all spread out in different places. So we really needed some other system to make sure we complied” with relevant regulations.