Vendor Authentication System Makes Sense

"Mayo Clinic expects suppliers and their representatives to uphold the same high standards of ethical behavior, integrity and professionalism that are required of Mayo employees," reads the introduction of the clinic's supplier guidelines. With that in mind, the world-renowned medical group has put a vendor authentication process in place that can serve as a standard bearer for the rest of the healthcare industry.
To protect Mayo from a wide range of regulatory penalties and fraud, the authentication program requires not only basics like a company's tax ID number, principal party or owner, business license, correct IRS forms and minority-owned business certificate but also allows the organization to do a much deeper assessment of each vendor's qualifications - or lack thereof.
To ensure that each vendor wishing to work with the Mayo Clinic has all its ducks in a row, the company must work through an authentication process: First the vendor receives a letter that explains how to register on the authentication site, where it would fill out a profile, provide their legal name, tax ID number (TIN), address and so on. That information is then matched up against an IRS TIN reporting database. The information is also sent to a third party company that does a background check on corporations.
Originally, Mayo was using seven different companies to provide all the components of vendor authentication. Eventually it decided to collaborate with Global Edge to create a software solution that would meet its needs. The joint endeavor is being offered as a commercial service to healthcare providers and for-profit industries to manage their supply chain as well.
Mayo Clinic's vendor authentication program is all about "managing risk" said Bruce Mairose, Mayo's vice chair of supply chain operations. That includes legal liability and financial penalties from regulatory agencies as well as reducing the risk of damaging the organization's reputation.
Similarly, the vendor authentication system helps reduce the risk of fraud, said Stephanie Matejka, senior manager within supply chain operations at Mayo. For example, it is used to make sure that vendors are not on the federal sanction lists of companies that have attempted to defraud Medicare.
While Mayo believes wholeheartedly in the value of its authentication program, vendors are not always happy with all the hoops they have to jump through.
"We've been trying to structure our company so that we can avoid [the authentication process] altogether because it is so very expensive and time consuming," said Audrey McLaughlin, RN, of NTX Medical Sales in Dallas. Each large hospital her company deals with requires a separate authentication process, with an accompanying processing fee.
Nonetheless, Marjorie Boyle, JD, with the Society for Corporate Compliance and Ethics, agrees that the Mayo Clinic's approach makes sense.
Step one in the vendor vetting process is best accomplished with some sort of software platform to collect basic information about suppliers. "But the second step, of course, is you can't just take their word for it," she said. "You have to do some checks on what they fill out."
On the other hand, Boyle said, providers have to look at the kind and degree of risk that each vendor poses. A vendor supplying aspirin, for instance, probably poses a smaller risk than one that provides a high-level drug or surgical equipment.
But regardless of the degree of risk, ignoring the threat can expose you not only to legal liability but may damage your reputation, said Boyle. "The Mayo Clinic is what people are going to see in the headline, not the vendor who made something go wrong."