Third-party relationships pose many risks and challenges for organizations. In a recent article published by the Heath Care Compliance Association's monthly periodical,Compliance Today, Lisa Taylor, Amy Smith, and Kasie Ray discussed these challenges and provided effective solutions.
Overview
While most organizations have a central mission and scope of services, it is not uncommon for various organizational departments to view third-party relationships and risks differently. For example, a clinical business unit may decide to contract with a vendor to provide widgets. However, that business unit does not know that the contracting vendor is about to be involved in a large-scale Anti-Kickback Statute (AKS) investigation. While there are no crystal balls to predict which third parties can create large-scale risks for an organization, it is reasonable to see that there could be compliance implications in each arrangement. One of the worst things a compliance officer or department can do is take a completely hands-off approach to third-party arrangements. Compliance leaders should establish strong working relationships with senior leadership and operational leaders. This will better enable compliance professionals to explain the risks that third parties present, generate support for the development and implementation of a compliance program, and, when needed, provide the organization with a rationale for the spending of corporate dollars to manage the program to address risks.
Third-party relationships cannot be managed without first understanding the regulations and compliance risks associated with these arrangements. These risks directly impact many of the daily legal and regulatory requirements compliance professionals encounter. It is important to understand how each of the following laws and regulations affects third-party relationships.
Takeaways
- The federal government has emphasized the importance of and increased its scrutiny of third-party management practices within organizations.
- There are various compliance risks when engaging third-party contractors. Ultimately, the risk lies with the contracting entity (not the third-party contractor).
- Buy-in and a commitment to compliance throughout organizational leadership and departments are essential to effectively manage risks with third-party contractors.
- Organizations should have a formal due diligence process to evaluate potential third-party contractors and related risks. Ongoing audits, monitoring plans, risk assessments, and compliance training can be practical tools to mitigate and address risks.
- When terminating third-party contractor agreements, ensure there is a process to confirm that all business information (including protected health information) is returned or destroyed and that all access the third-party contractor had to physical sites or online sites/systems is also ceased.
Please download the PDF of the full article here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.