Vendors

The Vendor module allows an Organization to identify its Vendors, store needed Agreement documentation, and identify whether a Vendor has been Approved/Declined by an Organization. This module can be summarized by the term, “Contract Management.” 

TABLE OF CONTENTS

• Creating Vendors
• Managing Vendors
• Related Resources

Creating Vendors

Vendors in the Vendor module can be created Individually or via Bulk Upload. The below steps will cover creating vendors individually. 

1. Navigate to the Vendors module

2. Select Add Vendor and fill in the Required Fields (*)

   1. Name – Vendor Name – However the Organization refers to this Vendor

   2. Agreement Level – Currently, The Guard tracks Business Associate Agreements (HIPAA-specific) and Confidentiality Agreements (HIPAA/others)

   3. Contact Details – 

      1. First Name

      2. Last Name

      3. Email (Optional) – Linked Functionality detailed below

      4. Contact Phone

      5. Address

      6. City, State/Region, Postal Code

3. Select Add Vendor after filling in the Required Fields to create the Vendor

If the Organization is simply using The Guard to create a Vendor Object, then store the signed Business Associate Agreement (BAA) or related documentation, then simply re-open the newly created Vendor and do the following:

1. After opening the Vendor, scroll to the bottom of the page and locate the Upload Documents table

2. Select Browse and select the document needing to be uploaded – Pay attention to the Supported File Formats and Size requirements

3. If Needed – Adjust the Type dropdown

4. Select Upload to add the document to the table below

5. BE SURE TO SELECT SAVE AT THE BOTTOM OF THE PAGE AFTER UPLOADING A DOCUMENT OR ELSE IT WILL NOT HAVE ACTUALLY SAVED

6. After saving the document upload, reopen the Vendor, scroll down, and the document should be hyperlinked on the table

If the Organization wishes to use The Guard’s built-in Email Functionality, then the steps to enable and the functionality included will be detailed below:

1. Make sure the Vendor has a VALID Email Address listed in the Contact Email field

If a Valid Email is listed for a Vendor, then all email functionality in The Guard should work as intended. The Guard can send the following through Email:

• Business Associate Agreements – An Officer/Admin can select a Business Associate Agreement to attach to the Vendor via the BA Agreement dropdown field in the Vendor Details

  • This dropdown is linked to the Business Associate and Confidentiality Forms folder in the Documents module – The Organization may leverage the templates stored here or upload its own and these will become an available option in this dropdown

• Confidentiality Agreements – An Officer/Admin can select a Confidentiality Agreement to attach to the Vendor via the Confidentiality Agreement dropdown field in the Vendor Details

  • This dropdown is linked to the Business Associate and Confidentiality Forms folder in the Documents module – The Organization may leverage the templates stored here or upload its own and these will become an available option in this dropdown

• Vendor Audits / Questionnaire – As long as a Valid email is listed, an Officer/Admin may send Vendor Audits to needed Vendors. A few notes on this below:

  • Vendor Audits/Questionnaire is recommended to be sent FIRST when entering into Contracts with would-be Business Associates in order to “Vet the Vendor”

  • The Vendor Audits are 36-Questions primarily focused on the terms of a BAA and whether the recipient Organization is following the HIPAA Security Rule requirements detailed within

  • An organization may send as many Vendor Audits as needed. All Vendor Audits sent can be viewed from within The Guard – These are NOT exportable

If an Organization is leveraging the Email Functionality to deliver a BAA/CA to a Vendor, the Officers/Admins responsible for managing the discussion with the Vendor need to log back into The Guard and upload the BAA. The Guard does NOT currently have any e-sign integration, so documentation is sent out with instructions for the recipient to download, sign, then return the completed document to the Organization's Compliance Officer. The Officer then uploads the completed BAA/CA into The Guard under the appropriate object.

Managing Vendors

Vendors can be Approved/Declined from the table view under the Vendors Module.

• Approve Vendors that have completed the BAAs/CAs the Organization needs on-file

• Decline Vendors for those who have refused to complete a BAA/CA

All Vendors, by default, get an Under Review status, which can be changed to either of the above Statuses; but if the Organization would prefer to “remove” or “mark inactive” Vendors, then an Officer/Admin need only to check the boxes next to the appropriate vendors, then select Choose Action > Delete Selected. “Deletion” here will simply mark the Vendor Inactive, but will not display Inactive Vendors to Officers/Admins. Compliancy Group support may restore these objects, if needed!

Related Resources

Please visit the following Knowledge Base Articles for additional guidance on HIPAA Business Associates / Vendors:

• What is a HIPAA Business Associate or Vendor?
• What is the Difference Between a Business Associate and a Business Associate Subcontractor?
• What is a HIPAA Business Associate Agreement?
• What is a HIPAA Business Associate Subcontractor Agreement?
• When is a Business Associate Agreement NOT Required?
• Negotiating Business Associate Agreements - General Information