At Dana Farber Cancer Institute, we had a number of processes and solutions in place for vendor management but they were disjointed and no one solution was meeting all of our needs. New suppliers were onboarded by Supply Chain, Accounts Payable (AP) and our Office of the General Counsel but only Supply Chain was performing sanction checks. Furthermore, our security department had rolled out a solution to track all non-clinical suppliers and visitors that came into our facilities, but that solution too did not have sanction check capabilities.
In 2013, we were attentive to the fact that we were expecting a visit from the Office of Civil Rights (OCR) as they audited hospitals to make sure they were properly managing business associates and had in place the required business associate agreements (BAAs). We heard they were imposing huge fines if a hospital could not produce the BAAs they were looking for. We realized that we weren’t prepared and that the burden fell on Supply Chain. This was a high profile project and our board of trustees was watching how we would handle the requirements.
Around the same time our quality department reached out to us for help managing supplier contracts. Both the Joint Commission and the Centers for Medicare & Medicaid Services (CMS) require that clinical contracts are evaluated annually. At the time our contract management process was decentralized and highly manual. There were various parties authorized to initiate and sign contracts and BAAs, and while we had an electronic contract management system in place, in many cases the signed contracts and BAAs would end up in someone’s desk drawer. I had no idea how we were going to make all of this work because we had all of these different systems and none of them talked to each other.
It was at that time that our GHX representative Paul Spiro called and asked to meet with me. He and his team presented to us three solutions: Vendor Manager, Compliance Document Manager and Contract Manager. A light bulb went off and I knew this was the solution to all of our problems. Things moved quickly after that meeting. We were able to eliminate most of our previous systems and manage all of our activities through GHX.
Business Associate Management
Our strategy was to focus on high-risk areas first. Since we were expecting the OCR audit, we started with business associate management. We had close to 5,000 active vendors, so we scaled down this list to those with which we had purchase activity in the previous six months – that brought us down to 3,647 vendors. Then we went line by line through them to determine which were business associates and secured the required BAAs – we now have 292 on file.
To better manage business associates and BAAs moving forward, we revamped our onboarding process so that Purchasing is the sole gatekeeper and implemented the GHX Vendor Manager and Compliance Document Manager solutions. Now we ask all of the critical questions on the front end to determine if a vendor is using, receiving, maintaining or disclosing protected health information (PHI). No vendor that is deemed a business associate is onboarded or activated within our systems unless it has signed a BAA. All of these processes are managed through GHX solutions, including monthly sanction checks, as are the related vendor documents such as BAAs.
Next we took a look at our patient-facing contracts in order to prepare for our annual contract evaluation. When the Joint Commission came to Dana Farber in January 2016, it was the first time that Supply Chain was involved at the contract level. We were on standby during the week. The Joint Commission would call down to Purchasing through Dana Farber’s command center, requesting specific contracts and the associated valuations. We then pulled this information out of our contract management system and delivered it to the command center. Although we met the requirements, many of our contracts were missing key performance indicators (KPIs).
We also discovered that the contract owners and evaluators were often not the same person. There was an administration person who negotiated the contract, and then a technician worked with the supplier on the service. The contract evaluators were, in many cases, unfamiliar with the terms of the contract or KPIs on the contract, if any.
Since that time we have educated contract owners and evaluators on the contracting process, and the importance of KPIs. We have loaded all of our patient-facing contracts into the GHX Contract Manager solution in preparation for the 2017 annual evaluation process. We are now in the process of customizing the solution for Dana Farber and our hope is that in the long term, KPIs will be prepopulated on the evaluation forms so that the contract owners and evaluators don't have to add them.
The Wow Factor
Before we transitioned to GHX solutions our compliance officer didn't have confidence in the numbers that we shared with her. But when we showed her our new dashboards for the first time she said, “this is exactly what I was looking for.” It is not ambiguous – it is credible data on our vendors and contracts.
I believe in these products and have this vision of GHX being an all-inclusive solution for Dana Farber as we evaluate the company’s other solutions. For example, we have started conversations with our security department about using Vendor Manager for all of our organization’s vendors and how it makes sense. I truly believe that a holistic approach to vendor management pays off in terms of patient safety, operational efficiency, greater compliance and less risk.