Get Started with Vendor Credentialing in Healthcare

Smartsheet Contributor Becky Simon on Mar 04, 2019 (Last modified on Aug 17, 2021)

The first duty of a healthcare facility is to ensure the safety and well-being of its patients. To do so, facilities must monitor the background, training, and immunizations of regular visitors — including healthcare industry representatives who routinely consult medical staff about their products. This has led to the need for vendor credentialing within healthcare facilities.

In this article, you’ll find details on vendor credentialing and information on how healthcare facilities manage the process. Additionally, you’ll learn about ongoing efforts to simplify the process through universal vendor credentialing.

What Is Vendor Credentialing?

Vendor credentialing is the process by which companies and facilities ensure that the vendors they work with have the appropriate background and training to access their facilities.

A range of industries, including food processing, oil refinement, and banking, require vendor credentialing. However, this article focuses on vendor credentialing in healthcare and hospitals.


See how Smartsheet can help you be more effective

Watch the demo to see how you can more effectively manage your team, projects, and processes with real-time work management in Smartsheet.


Watch a free demo

What Is Hospital Vendor Credentialing?

Vendor credentialing is especially important in healthcare, as medical facilities must ensure their vendors have the proper training, certifications, immunizations, and other requirements to work on site or to be near patients. In some ways, the process is similar to — though less extensive than — credentialing of healthcare providers.

The History of Hospital Vendor Credentialing

A couple of decades ago, hospitals were fairly relaxed about allowing non-employees to access their facilities and even their patient files, which sometimes sat out in the open in public areas. Sign-in policies that did exist were sporadically enforced.

That’s not the case today. State and federal regulations that govern hospitals are much stricter. Plus, healthcare facility executives began to understand that they needed to improve their overall security, even beyond regulatory compliance.

Over time, hospitals increasingly established policies requiring credentials for non-employees who may require periodic access, including healthcare industry vendors.

Why Vendor Credentialing Is Important Today

Vendor credentialing at hospitals became more stringent and more widespread for a number of reasons, including the following:

  • Increased attention to patient privacy and confidentiality, spurred in part by federal regulations

  • Greater security protections for patient and employee safety

  • Concern about risks to patients’ health from the spread of communicable diseases

  • More calls for accountability in the healthcare system

  • Need for better control of healthcare facility supply chains


Julie Walker

“Vendor credentialing is a fundamental component of compliance, risk management, and healthcare governance,” says Julie Walker, Vice President of Vendor and General Credentialing at Symplr, a company that offers provider and vendor credentialing software. “It ensures the safety of all constituents of the healthcare community and the quality of care. Vendors who have access within a facility can have a direct impact on care and the quality of care.”

How Healthcare Organizations Implement Vendor Credentialing

Healthcare facilities generally check and monitor the credentials of vendors in one of two ways:

  • A minority of facilities have their employees (through either a hospital-created process or software) check the credentials of all vendors who want access to the facility.

  • Most healthcare facilities use a third-party provider, called a vendor credentialing service or vendor credentialing organization, to establish which credentials vendors that need and to check compliance. These organizations require vendors to provide information and register with them. The vendors in turn gain access to healthcare facilities that hire the credentialing organization. Leading vendor credentialing organizations include ProTech Compliance, RegComp Inc., GHX, IntelliCentrics (formerly RepTrax), Vendormate, and Symplr.

You can find information on the vendor credentialing organization or the software that a specific hospital uses through this website.


Vendor Credentialing Process Flow

4 Management Models for Vendor Credentialing

The companies that act as suppliers or vendors for healthcare facilities take different approaches to ensure their employees get the credentials they need. Most vendors generally use one of these four models:

  • Representative-Managed: A company asks each employee to secure the credentials he or she needs on their own.

  • Company-Managed: The company fully performs the credentialing process on behalf of their employees.

  • Hybrid: The company and the employee each take on some of the credentialing work

  • Outsourced: The company hires an outside company to handle the process.

Who Sets the Standards for Vendor Credentialing?

Vendor credentialing organizations must meet the requirements or standards of a number of groups — or otherwise face the consequences. For example, the federal Department of Health and Human Services (HHS) fines organizations that don’t follow regulations and standards on credentialing vendors. (HHS details some vendor credentialing requirements in a 2013 special advisory bulletin addressing the need to exclude certain individuals and companies from hospital access.) Below is a list of other organizations with established regulations and standards for credentialing:

  • The Joint Commission

  • Association of periOperative Registered Nurses (AORN)

  • The American College of Surgeons (ACS)

  • Centers for Disease Control and Prevention (CDC)

What Information Is Commonly Required in Vendor Credentialing?

Healthcare facilities vary in the certifications and credentials they require of vendors who want access to their facilities and their patients. Below are common requirements for vendors:

  • Proof that the name and taxpayer identification number provided by, respectively, the vendor representative and the vendor company are accurate

  • Proof of immunizations, including for measles, mumps, and rubella (MMR), hepatitis B, and the flu

  • Proof of CPR and other certifications

  • Proof of education and training in certain federal and other governmental policies

  • A criminal background check

  • A drug screening

  • Proof of liability insurance

  • Knowledge of and a promise to follow hospital policies and procedures

  • Verification that the vendor company or vendor representative is not on an exclusion list maintained by the Health and Human Services’ Office of Inspector General (this process is called exclusion monitoring). People and organizations are placed on an exclusion list if they have been found guilty of Medicare or Medicaid fraud or have had convictions, license suspensions, or other sanctions relating to inappropriate practice of healthcare.

    “Healthcare exclusion monitoring is really quite important,” says Walker of Symplr. A hospital can be fined or lose its ability to accept Medicare or Medicaid patients if it is found to have worked with a vendor on an exclusion list. Walker says there are more than 40 such lists (both federal and state) that should be checked monthly.

Sample FAQ List for Vendor Credentialing at Healthcare Facilities

  • What is the definition of a vendor for your facility’s credentialing program?

  • Where can I get more information about your vendor management program?

  • How does a vendor register in your credentialing system?

  • Is there a fee for registering in the system? Does that fee vary for type of vendor?

  • Will I get a badge when my credentialing is approved? How do I pick it up?

  • What is the procedure when I come to your facility for the first time?

  • A company colleague may accompany me on some visits. Does he or she need credentials as well?

  • Do I need full credentials if your staff requires my help during a patient emergency?

  • Do clergy or volunteers have to register with your vendor credentialing program?

3 Different Levels of Vendor Credentials

Healthcare facilities provide varying types of credentials to vendors, based on the access they want in the facility. There often are three levels of access:

  • No Access to Clinical Areas: These vendors don’t provide technical assistance to healthcare providers, don’t operate equipment, and don’t consult with healthcare providers.

  • Access to Clinical Areas: These vendors may provide technical support for a product or may consult with healthcare providers.

  • Access to Patient Care and Sterile/Restricted Areas: These vendors often provide technical support when a healthcare provider performs a patient procedure with specific medical equipment or technology.

Issues with Vendor Credentialing

Over the years — especially in the past decade or so — vendor companies and representatives have faced increasing issues with healthcare facilities performing vendor credentialing, including the following:

  • Disparate Requirements: Healthcare facilities have different requirements for how a vendor can get credentials to gain access to the site.

  • Redundancy: Healthcare facilities may have similar requirements, but each facility asks for new proof of compliance.

    “The lack of accepted standards in the vendor credentialing process means that individuals may have to submit to multiple background checks or drug screens,” says Dennis Orthman, the Consulting Director of the Consortium for Universal Healthcare Credentialing, a group formed by the healthcare industry to find ways to streamline vendor credentialing.

    “Some drug screens have five drugs, some seven, some 10 or more,” Orthman says. “The same issue occurs with background checks and training.”

  • Difficulty in Getting Quick Access: Representatives of medical technology companies may require quick access to a facility if a physician needs support using their product in an emergency.

  • Difficulty in Securing a Single Set of Verified Credentials: Vendors need to be able to get a single set of verified credentials — a “universal passport” — that most healthcare facilities would accept.

  • Lack of Storage: Vendors want a central repository where they can store all of their credentials, so facilities can quickly verify that the vendor has been vetted. With a central repository, vendors and healthcare facilities can also cut down on back-and-forth communication, so the entire process runs smoother.

  • Costs to Vendors: Vendor representatives and companies bear significant costs to comply with each facility’s requirements and to pay the fees required by vendor credentialing services.

  • No Standard Credentialing Fee: There is no uniform fee that credentialing services charge to vendors to submit their required info.

In a recent news release, the Consortium for Universal Healthcare Credentialing (C4UHC) estimated that duplicative requirements in the process cost over $1 billion per year — “which adds to the overall cost of healthcare without quantifiable benefit to patients.”

Vendors’ Concerns About Privacy and Digital Security

Some vendors have started to question whether it’s legal for healthcare facilities to demand certain personal information. Among their concerns is whether the healthcare facilities can or will properly protect their personal and sensitive data.

In general, healthcare facilities are allowed to ask about the background of a vendor in areas where that information helps ensure patient safety. But healthcare facilities must explain to a vendor why they are collecting and how they will use the information. Additionally, the facility can only ask for information that is relevant for the vendor’s access to the facility.

“Data privacy and data security are critical and taken very seriously,” says Walker. “From a vendor credentialing standpoint, we will obtain only the data that is necessary and required [to do the checks for appropriate credentials required by the healthcare facility].”

Efforts to Standardize Vendor Credentialing

Over the past several years, a wide range of groups have worked on plans to establish standards and increase consistency and efficiencies within the vendor credentialing process. Those groups include the Indiana Hospital Association, the Minnesota Hospital Association, the Joint Commission, and the Mayo Clinic.

C4UHC in late 2017 and 2018 convened representatives from 46 different organizations — including healthcare suppliers, healthcare providers, vendor credentialing services, and other companies — to work on a set of proposed credentialing standards that were approved in January 2019 by the American National Standards Institute. C4UHC’s Orthman says, a small group of healthcare providers, suppliers, and other businesses are now working on piloting the standards. “The pilot will address the operational aspects of the new standards,” he says.

In Canada, an industry group called the Healthcare Supply Chain Network has also worked with healthcare facilities to establish a National Standard for Vendor Credentialing.

Benefits and Features of Vendor Credentialing Organizations

Vendor credentialing organizations offer benefits to hospitals and vendors, leading to advantages in the process itself. Those benefits include the following:

  • Online, anytime access to vendor credentialing documents

  • Vendors are charged only when they need access to certain facilities

  • Access to a document repository storing all documentation

  • Mobile access to credentialing apps (for easier access for vendors)

  • Simpler universal credentialing to speed up approvals

  • Hospitals can know which vendors are on-site at any time

  • Controlled and limited cost of credentialing for hospitals

  • Details on vendor background checks

Other Training Courses for Vendor Credentialing

Healthcare facilities often require that vendors who want access to their facilities complete certain training courses relating to health and medical safety and similar topics. Some vendor credentialing organizations — including IntelliCentrics, the company that owns Reptrax —  provide training courses as part of their services. Other independent companies provide those courses as well. Some of the most common courses include the following:

  • Training on HIPAA (Health Insurance Portability and Accountability Act, which include provisions on privacy and protection of patient health information)

  • HIPAA for business associates training

  • The Occupational Safety and Health Administration’s blood-borne pathogens and standard precautions training

  • Aseptic technique training course

  • Operating room protocols for healthcare industry representatives

  • Tuberculosis prevention

  • Training on patient-informed consent

  • Training on National Patient Safety Goal Program

  • Radiation safety

  • Fire and electric safety in healthcare

  • FDA reporting for safer medical products

  • Sunshine Act relating to physician payments

  • Regulations surrounding compliance, ethics, and fraud for sales professionals

  • Training on codes of ethics from the Advanced Medical Technology Association and the Pharmaceutical Research and Manufacturers of America

Discover a Simple, Efficient Credential Tracking Solution in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.



Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

Watch the Smartsheet Demo