Vendor Management
Vendor Management: Get to Know Your Vendor - Vendor Compliance Management Best Practices.
Posted by Michael Rosen, ESQ
Knowing who your vendors are, who you contract with and provide access to your facility, whether through key card access to provide the contracted services or as part of your services, is key to effective vendor compliance. Implementing monthly monitoring of your vendors into your organization's compliance plan is what the OIG recommends as best practice for vendor compliance management. Whether you chose to monitor your vendors is dependent on your risk tolerance. No one type of vendor provides any more less risk than another – regardless of whether that vendor provides services during business hours or after hours according to the OIG. So, consider adding your vendors to your monthly monitoring program, and treat your vendor no differently than you would an employee.
What information should you collect and check from your vendors?
- Legal name of entity
- D/B/A , if applicable
- Federal Employer ID Number (FEIN)
- Address of company
- Secretary of State ID number (helpful, when available)
- Information of owners with 5% or more ownership stake (Name, SSN, Address, DOB)
- State of incorporation
- Dunn & Bradstreet Number (helpful when searching SAM.gov)
- Does the vendor handle personal identifiable information (PII) or personal health information (PHI)?
- Has the vendor signed a business associate agreement (BAA)?