The Hospital Supply Chain

Adopting a holistic, procurement cycle management process

Gary Johnson

Hospitals and health systems face the same challenges most companies face on a day-to-day basis, from reducing costs to managing vendor relationships to elevating customer service levels. Yet unique regulatory and compliance requirements add higher-level complexity to the healthcare supply chain. Beyond traditional buyer-seller transactions, hospitals require solutions that help manage relationships, respond to regulatory obligations, and thrive in the marketplace.

In most hospitals, however, the supply chain remains a set of highly manual and fragmented processes. Limited access to timely vendor data means that managers typically identify vendors on a one-off basis as needs arise, rather than using a readily available pre-qualified and vetted pool of potential vendors.

The full procurement cycle, which is a key part of supply chain management, includes sourcing, onboarding, contracting, and day-to-day vendor management. Once addressed in isolation, a new generation of vendor management processes and tools is helping unite hospital purchasing and supply chain activities under one procurement cycle umbrella that also takes into account vendor compliance.

A holistic management approach

In today’s healthcare environment, hospitals and health systems must do more than just provide excellent patient care. They also must be well-run businesses. Adopting a holistic, procurement cycle management process can help healthcare organizations achieve that goal in three high-value ways: improved regulatory compliance, reduced costs and streamlined workflows.

Improved regulatory compliance

Hospitals that receive Medicare reimbursement are required to confirm that their suppliers are not on an Office of the Inspector General (OIG) excluded list, which indicates they have previously come under scrutiny for fraud and/or abuse. Failing to thoroughly vet vendors before commencing a business relationship may place hospitals at risk of steep fines.

Furthermore, new HIPAA Omnibus rules governing electronic protected health information (ePHI) expand the definition of business associate (BA) and increase penalties for any data breach that comes at the hands of a BA. A pilot audit by the Office of Civil Rights (OCR) has determined that an average hospital or health system can expect to have at least five data breaches per year—many of which will involve a BA. As a result, OCR plans to audit covered entities and BAs with a real risk of fines.

The hard cost of a data breach and the required “clean-up” actions is estimated at $233/lost patient record/patient breach, according to the Ponemon Institute’s 2013 Cost of a Data Breach Study. While insurance coverage can mitigate some of the hard costs, organizations still face potential financial penalties and the “soft” costs associated with damaged patient relations, community reputation, and time and resources necessary to manage a breach event caused by a BA. Finally, as if compliance with these regulations weren’t enough, significant Meaningful Use payments could be at risk if effective oversight of BAs is not in place as required in Stage 1 attestation to patient data security by the covered entity.1

Still, many hospitals and health systems have only identified a fraction of their BA vendors. Healthcare organizations must ensure that oversight policies and tasks required for BA vendors is a scalable process, which begins with the credentialing of 100 percent of potential, new and current vendors. Credentialing should include:

  • capturing tax IDs,
  • responding to BA risk questions,
  • disclosing vendor-physician financial relationships, and
  • providing other company-level information—such as the appropriate contacts by responsibility (e.g., the person responsible for HIPAA data security)—as part of initial registration.

Then, the required checks can be performed for OIG sanctions, credit score, ownership, parent-child company relationships, and more. This information can be used to support downstream processes and existing IT assets such as accounts payable and medical management.

Emerging best practices often include policies that require all vendors—for example, consultants, 1099 vendors, and patient-care vendors coming on site but not paid by the hospital (e.g., home-care)—to be registered and authenticated. In addition, it is strongly recommended that monthly OIG sanction checks be performed prior to paying invoices for all current vendors.

Reduced supply chain costs

With reimbursements on the decline, healthcare organizations that wish to ensure future financial viability must take a closer look at their product and service expenses. Supply chain executives are in the awkward position of driving cost reductions, even though up to 30 percent of total non-labor spending may not be handled by or visible to their department. Often this spending falls under the purview of other functions.  

Increased visibility into all vendors and spending categories throughout an organization is the key to trimming supply costs. With spend and vendors defined, a value analysis process can be applied to select the best products, services and vendors to meet requirements. Primary and secondary supplier agreements then can be established to gain financial and operational benefits. Once processes are in place to manage potential vendor considerations and selection, supply chain leaders will be able to protect vendor formularies and the associated standardization and financial goals.

They will also be able to effectively capture previously overlooked vendors through the all-vendor registration process. This offers the opportunity to more successfully address sourcing policy goals relative to vendor diversity.

Intelligence turned into action has the potential to drive savings of 10 to 20 percent for hospitals that apply creative tactics such as: standardizing products and services; attacking shadow-spending; ensuring vendors deliver on their contractual commitments; finding innovative suppliers whose solutions can improve patient outcomes and lower costs; and utilizing diverse vendors to meet sourcing policy goals.

Streamlined vendor-related workflows

Few hospitals today have contracting tools that enable them to easily create contracts using already gathered and vetted vendor data. Even fewer have the ability to route vendor data for authorizations and host it in a central archive where it is easily accessible by appropriate staff throughout the hospital. Most healthcare organizations also lack ways to proactively manage vendor performance against defined performance terms or record performance reviews as part of the relationship lifecycle.  

With so many vendor-specific documents housed in unlinked systems throughout a healthcare organization—for instance, W-9 forms, Business Associate Agreements and COI—the need for a vendor-centric solution that eliminates manual, redundant activities is clear.

The process of registering 100 percent of vendors provides a pre-vetted list of diverse vendors with all certifications checked. Hospitals can then select from this pool, assured that it supports the organization’s sourcing and vendor policies. It also offers a means to identify products and services which can improve cost, quality and patient safety, as well as identify secondary suppliers of high-priority items. Once a vendor is selected, procurement cycle management technologies can facilitate efficient onboarding by providing all the relevant company data for accounts payable, legal, compliance and other departments.

By instituting an electronic contracting approval process, supply chain managers gain a workflow resource capable of routing, tracking and storing all contracts and their related data—including products, professional services and property/tenant leases. Centrally archiving electronic contracts along with related vendor documents in one system enables staff to easily access the information needed to do their respective tasks.

Greater compliance, stronger relationships

Through a combination of process improvements and procurement cycle management technologies, hospitals and health systems can streamline vendor management. Required tasks can be performed with scale and speed by injecting efficiencies and eliminating redundancies. Formerly “siloed” departments can begin to work together to strip unnecessary administrative costs from the entire procurement cycle.

By capturing complete and accurate vendor information upfront to feed downstream, healthcare organizations are better positioned to accomplish more with fewer resources. Even more importantly, however, a holistic approach to procurement cycle management is likely to enhance regulatory compliance by helping credential vendors and identify and monitor all BAs, limiting an organization’s exposure to data breaches and safety risks.

This approach to procurement cycle performance improvement not only facilitates sourcing and contracting, but also vendor engagement and oversight, representative credentialing and onsite access and cost visibility. With the appropriate tools and processes in place, healthcare organizations can approach procurement cycle management as an end-to-end process—from initial selection to performance evaluation and renewal decisions. The end result is improved regulatory compliance, reduced costs and streamlined workflows which ultimately lead to stronger vendor relationships and improved patient safety.

1 Core Objective & Measure 15: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities – ONC’s Guide to Privacy and Security of Health Information.