Creating a Culture of Compliance with Third-Party Vendors

Third-party vendors have proven to be an invaluable resource for many health plans looking to cut costs on services and bring value to the organization. However, while these services provide many benefits, they often bring just as many stressors for a compliance program of a health plan, as these vendors are held to the same compliance standards as the contracting organization by CMS. 


Speaking with leaders of compliance programs across the country, it’s clear that this is a common issue for all managed care organizations. Compliance leaders have shared their strategies for alleviating the pain points of third-party vendors, and a few common themes have emerged: 

  1. Identifying vendors: The entirety of the client organization should be aware of the vendors and the services performed.  
  2. Setting the stage when deciding to use a vendor: Before delegating services out, a pre-audit should be performed to identify areas of concern from a compliance and quality standpoint. Vendors work with organizations all across the country; they would prefer to keep a consistent contract and process across all clients, but each organization will be unique in regulatory requirements due to several factors, including location and lines of business. 
  3. Meeting frequency: While, per CMS or NCQA guidelines, reports may only be required on an annual basis, the meeting frequency of vendors and clients should be more regular to identify areas of non-compliance and risk. This should be written into the contract. In addition, there should be mock audits and reports prepared at these meetings to ensure that any issues can be identified ahead of time to avoid long hours with deadlines looming. 
  4. Account Executive Relationship: Establish an open line of communication with the vendor account executive at the organization. Set expectations at the beginning of the business relationship to ensure vendors will have the same quality as the client organization. However, don’t leave these guidelines vague. For example, providing vendors with the same specification and tools to measure the client organization’s compliance will create a standard across the board that both the vendor and client can compare success with. 
  5. Ongoing monitoring: This relationship is dynamic and will require continuous auditing, annual performance review, and Corrective Action Plans if necessary. 

While these are some of the prevalent strategies across the industry, every organization is different in its approach. However, third-party vendor oversight will continue to be an area of focus for compliance well into the future. 

Matthew LaGanke is an executive recruiter at Gibson Consultants and focuses exclusively on compliance and regulatory affairs. His team works with managed care organizations such as Medicare Advantage, Medicaid, PACE, Special Needs Plans, ACA, and commercial plans. Email Matthew at [email protected] or call him at 910-444-4351 to discuss your hiring needs. 

Healthcare Business Today is a leading online publication that covers the business of healthcare. Our stories are written from those who are entrenched in this field and helping to shape the future of this industry. Healthcare Business Today offers readers access to fresh developments in health, medicine, science, and technology as well as the latest in patient news, with an emphasis on how these developments affect our lives.