The Healthcare Hub

GHX provides a wide range of perspectives on how greater collaboration and visibility across the supply chain can improve both clinical and financial performance in healthcare.

Compliance and Credentialing

The GHX 5 Part Framework: Document and Policy Level Vendor Credentialing Compliance

Wednesday, November 30, 2022

Remaining familiar with healthcare’s ever-changing regulatory scheme is a daunting task for today’s healthcare leaders. Hospitals and health systems must comply with no fewer than 629 discrete regulatory requirements across nine domains, and data shows organizations spend nearly $39 billion a year solely on the administrative activities related to regulatory compliance in these nine domains, according to the American Hospital Association’s Regulatory Overload Report. Vendor credentialing is an important subset of broader compliance regulations for healthcare.

Read More

Introducing the GHX 5 Part Framework for Vendor Credentialing Compliance

Friday, October 28, 2022


What is the GHX 5 Part Framework?

To help successfully navigate countless state and federal regulations, healthcare leaders need a comprehensive view of vendor credentialing compliance, vulnerabilities and opportunities for improvement. COVID-19 has increased the need to enhance compliance and safety for healthcare providers, yet GHX data from a 2020 survey shows most hospital and healthcare systems regularly fail to reach their vendor credentialing compliance goals due to limited resources, insufficient investment and conflicting priorities for organizational leadership.

The GHX 5-Part Framework is based on the seven foundational industry compliance elements, and is structured to help you manage vendor credentialing compliance across your organization. Our framework offers guidance based on industry best practices and helps reinforce good practice through metrics. It also provides critical components of focus for a vendor credentialing program.


Read More

The GHX 5 Part Framework: Vendor Level Vendor Credentialing Compliance

Friday, October 28, 2022


In the past, vendor credentialing was primarily required for medical suppliers and pharmaceutical companies. However, with the vast amount of new supply sources that have moved into the healthcare space due to the COVID-19 pandemic, the GHX 5 Part Framework recommendation is that every business be reviewed, validated and monitored for sanctions.

All vendor entities should register with a vendor credentialing organization—not just the ones that come on-site. However, our research indicated that only 15% of providers register all vendors on their credentialing platform.1

This is an area for risks in vendor credentialing compliance if vendor entities are not properly vetted and routinely monitored for sanctions.


Read More

The GHX 5 Part Framework: Representative Level Vendor Credentialing Compliance

  • Vendormate Sr. Compliance Solution Specialist, GHX Kim Fox, Vendormate Sr. Compliance Solution Specialist, GHX
Friday, October 28, 2022

5 part framework

As technology evolves, so does the way health systems and business representatives meet, communicate, and interact. With these changes, come new vendor credentialing questions. For example: when a representative virtually remotes into an operating room, do they need to be credentialed?


Read More

Three Actions Required by Healthcare Leadership to Drive Compliance & Standardization

Thursday, April 22, 2021

Standardization is a primary goal for today’s health systems. Hospitals highly regard standardization as a valuable approach that promotes quality patient care at a cost-effective price. An additional benefit is the opportunity to reduce supply chain costs.

Compliance also benefits from standardization. The laws, regulations, guidelines, and best practices that govern healthcare are necessary to protect both patient and staff. However, driving compliance consistency across multiple venues can be challenging. 

Read More

Credentialing in an Expanding (Healthcare) Universe

Tuesday, August 27, 2019

In order to take advantage of geographic synergies or fill gaps in capabilities, healthcare providers are building strategic portfolios through mergers and acquisitions. As new locations and facilities are added to their health system, along with legacy processes and technologies, there is no shortage of change management planning needed. For vendor credentialing, where each location may have unique facility access requirements and visibility into vendor compliance is critical, technology that scales smoothly right along with growth of your health system takes on critical importance.

Read More

Hospitals Focus on Patient Safety: Flu Vaccination Policies are Part of the Strategy

Wednesday, December 12, 2018

One thing no one has on their wish list for this gift-giving season is the flu. Getting the flu vaccine is the starting point for reducing the number of flu cases. With the unpredictability in the severity of the flu season from year to year, hospitals are increasingly enforcing a “zero tolerance” policy for flu vaccination for vendor representatives in addition to employees as part of an overall patient safety strategy. GHX is aware of more than 300 health system networks enforcing the influenza vaccine, and we have processed over 86,600 flu documents this season. As such, this is a good reminder that credentialing, and vaccine requirements, are all about protecting patients and hospital staff.

Read More

Making Rep Credentialing a Top Priority

Friday, August 24, 2018

While we work hard to avoid mistakes, they also are an opportunity for learning and growth. It may be painful in the moment but over the long run the not-so-perfect can be a catalyst for positive change. This was the case for a leading medical manufacturer when they began to truly understand the importance of credentialing their reps to their customers.

Read More

6 Steps to Achieving Best in Class Vendor Management

Wednesday, January 10, 2018

Successful supplier and provider relationships are forged by information sharing that allows the provider to secure the data and information it needs for daily business practices and tasks throughout its organization. Legal and contracting documentation, accounts payable (AP) data, purchasing data and compliance documents all need to be vetted, stored and updated on a regular basis.

Read More

Credentialing: Bridging the Gap Between Suppliers and Providers

Tuesday, August 22, 2017

Is it possible to stay focused on a common goal and be successful even when both parties aren’t quite seeing eye-to-eye on how to achieve the end goal?

To say there is a little tension between healthcare suppliers and providers on the matter of credentialing, may be a bit of an understatement. The current environment of compliance requirements has led to frustration on both sides, even though, all would agree that better patient safety is worth pursuing. The reality is we can’t ignore the requirements on either side, so perhaps an intermediary, a bridge, an outside resource is needed to help facilitate the activities needed by both sides to achieve the common goal.

Read More

GHX Gets Mobile

Wednesday, July 26, 2017

Let’s face it – we are an increasingly mobile world. Smart phones and tablets are ubiquitous and there is an app for pretty much everything. The ability to perform tasks on the go means we can do what we want, when we want to do it - boosting efficiency and improving access to information. As a company that is all about making it easier and more cost-effective for healthcare providers and suppliers to do their jobs, GHX is adding mobile functionality to those solutions where customers will gain the most value and achieve the greatest impact.

Read More

HIPAA Audit: Best Defense is Preparation for Business Associates

Wednesday, June 7, 2017

The threat of security breaches is no small problem in healthcare. Because of the sheer volume and variety of information contained in healthcare systems, the industry is one of the largest targets for thieves, especially for those who want to gain access to valuable protected health information (PHI).

To shield this sensitive health information, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is increasingly assessing compliance with the HIPAA Privacy, Security, and Breach Notification Rules with an audit program. The OCR audits help ensure adherence to data protection regulations, especially as they relate to business associates (BAs), who have access to millions of patient records.

Read More

How Will You Manage Your Contracts and Compliance?

Wednesday, May 24, 2017

Managing contracts and compliance data is a challenge for healthcare organizations today. The process often involves people and departments across the organization requiring a secure but nimble system for tracking negotiations and approvals. Current regulations require healthcare providers to know more about who they are doing business with and to manage their vendor population with consistent scrutiny to maintain accurate data. Adding to the complexity, with mergers becoming more common, hospitals are seeing an increase in the number of local contracts along with contracts that fall outside of med-surg that need to be maintained as well. As a result, organizations need to interact with contracts in new ways, with more flexibility while maintaining even more data and security.

Read More

Building a Culture of Compliance

Tuesday, April 11, 2017

The second phase of OCR audits is not the permanent program but we have learned somethings so far 

Managing business associate (BA) relationships in this era of change takes an ongoing approach. In fact, building a culture of compliance is the only way to make iterative improvements. So, does your organization demonstrate a culture of compliance through daily actions? Do you know the areas where the Office for Civil Rights (OCR) is putting the most emphasis? Does your organization understand the current definition of a business associate in the eyes of the OCR? 

Read More

Preparing for OCR Audit Remains a Healthcare Top Priority for 2017

Thursday, February 9, 2017

The Health Insurance Portability and Accountability Act (HIPAA) has evolved from a means to modernize information exchange in healthcare to now include Privacy, Breach Notification and Security Rules. The progression led to the initial audits of covered entities in 2011 and ultimately, to the final Omnibus Rule in 2013 which folded business associates (BAs) into the liability equation regarding data breaches. The point being that protected health information (PHI) and ePHI is the responsibility of the entire industry.

Read More

OCR Audits of Business Associates

  • Director Compliance and Enterprise Risk Management, Privacy Official Connie Emery, Director Compliance and Enterprise Risk Management, Privacy Official
Tuesday, January 10, 2017

The Office for Civil Rights (OCR) defines business associate as “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.” If you fall into this category, this blog post is for you.

Read More

How to Prepare for a Healthcare Hack

  • Director Compliance and Enterprise Risk Management, Privacy Official Connie Emery, Director Compliance and Enterprise Risk Management, Privacy Official
Tuesday, December 20, 2016

For hospitals and health systems today, it’s not a matter of WILL my organization get targeted by hackers but WHEN. Nearly 90 percent of healthcare organizations surveyed by the Ponemon Institute for its Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data experienced a data breach in the past two years, and nearly half (45 percent), had more than five data breaches in the same time period.1

Read More

Credentialing as a Corporate Function

Tuesday, November 8, 2016

What are some of the biggest challenges that vendors face with credentialing?

When hospitals began creating credentialing programs they turned to their vendors, holding them accountable for meeting the new credentialing requirements. It turned out that many vendors were not prepared for the scope of this event. As companies endeavored to meet the variety of compliance requirements for each healthcare organization, the struggle to incorporate credentialing into everyday business practices came into the spotlight.

Read More

Protecting Patient Healthcare Data

Tuesday, November 1, 2016

Protecting patient healthcare data is becoming a greater challenge for healthcare facilities as the industry transitions from manual to electronic information storage and sharing. The rising number of criminal attacks on hospital and healthcare system data and the sheer magnitude of individuals (over 30 million) affected by data breaches has resulted in greater regulatory pressure on healthcare organizations.

Read More

Best Practices for HIPAA OCR Business Associate Compliance

Tuesday, October 18, 2016

This past spring, many provider organizations received notice of a yet another regulatory compliance assessment as part of their HIPAA accountability checklist.

The Department of Health and Human Services, Office for Civil Rights (OCR) announced the start of the Phase 2 HIPAA Audit Program to ensure that “policies and procedures adopted by covered entities and their business associates meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.”  Indianapolis-based Eskenazi Health, one of the largest safety net health systems, was one of those organizations. 

Read More

Solutions for Complex Credentialing Requirements

Tuesday, August 23, 2016

Anyone who sells to healthcare systems is aware that visiting sales and service representatives must meet a specific set of credentialing requirements for hospital access. These requirements are driven by the need to meet standards for patient safety, controlling costs and limiting exposure to fines and sanctions. These credentials become complex when you realize each facility requires different documentation and each facility manages it a little differently.

Read More

How does your organization manage vendor credentialing?

Friday, July 15, 2016

Vendor representative credentialing has grown significantly in priority - and changed in scope over the last several years with increased regulatory requirements. As the importance for a process became more and more apparent, many healthcare supplier organizations developed programs based on the immediate need or circumstance, with some evolving over time.

Read More

Vendor Credentialing and Management: Palmetto Health Perspective

Wednesday, June 29, 2016

Maintaining accreditation and compliance with HIPAA regulations is an on-going process for healthcare systems. In this post, Cheryl Watkins-Knowles, director of Purchasing for Palmetto Health, describes how their organization is using GHX Vendormate Credentialing and access management solutions to address their goals for accreditation, patient and staff safety, and mitigate financial risk.

Read More