Managing Service Provider Relations

Recent proposed amendments to Ontario’s Statutory Accident Benefits Schedule (SABS) will require insurers to closely review the practices of service providers interacting with their policyholders, and entrusted with personal and medical information. Additionally, the SABS audit pilot project represents a shift to insurers to demonstrate governance through sound program management of their internal operations. The main criteria for judging the performance of service providers when it comes to the supplying of assessment and rehabilitation services include:

* On-time delivery of information;

* Accurate/reliable/credible information;

* Complete information;

* Properly formatted information;

* Correct billing information; and

* Safeguarding of the information.

To ensure that service providers are meeting performance expectations, you can:

* Spell out the above criteria in your contract with them;

* Monitor/measure their performance; and

* Complain to the service provider each time they perform below your expectations.

How much of your time is currently spent “putting out fires” and correcting problems caused by your service provider(s)? Has complaining each time stopped problems from happening? If the answer is “no”, do not be surprised. It is much like telling someone to peddle harder and faster, but no matter how hard they try, the “bike” they are riding just will not work properly. The answer is to fix the “bike” by establishing an effective service provider (vendor) management program.

GROUND RULES

The first step is to get the rules straight. In this case, the rules are the promises you make to your policyholders when you accept their business. These same rules need to be written down and stated to your service providers with enough detail that you can both (insurer and service provider) determine whether a rule has been broken or not. It must also be made clear that the same rules apply equally to any vendors/contractors the service provider uses.

The next step is to develop a quarterly scorecard to be used as a monitor to measure and review the performance of the service provider against the performance criteria established. Even with these first two steps in place, the “bike” that the service provider is riding just may not be working correctly no matter how much you hammer home the targets you want achieved on your scorecard. In this case, you need to go even further by helping them realize that for each performance criteria, there must be a “process” installed to achieve the desired target.

Definition: A “process” is an organized group of related activities that together create a result of value for customers. This definition implies that activities are not just randomly pieced together in the hopes of achieving good results. For instance, if we look at the first performance criteria listed earlier – on-time delivery of information – the process here includes a number of service provider activities such as, collecting all the necessary information, assigning someone to the file, scheduling an appointment, performing the assessment, documenting the results in a report, reviewing the report for accuracy and completeness, and finally, forwarding the report to the insurer. If the service provider has not installed a process that “organizes and groups” the many related activities associated with getting information to the insurer on time, then setting targets and goals for this performance criteria becomes meaningless.

PROCESS ORIENTED

Having a service provider become “process focused” begins with:

* Understanding what performance criteria is required;

* Identifying what processes are needed to meet these criteria; and

* Developing those processes and then implementing them.

Service providers need to understand that the payment received from the insurer is not the entire cost incurred in doing business with them. The insurer has to provide information to the service provider, receive and review reports, resolve any problems/errors, receive/interpret/pay the invoice, obtain credit for any problems, etc. Service providers need to see things through their insurers’ eyes and then redesign their processes, and how they operate accordingly. As an insurer you simply do not have the time to teach your service providers about installing good processes. In this case, the answer is to provide them with a “roadmap” or “model” that they can use to teach themselves.

ISO STANDARD

A document that has received international recognition is called “ISO 9001”. It outlines a management system model that is focused on installing processes within a company aimed at improving the quality of the services (and products) being supplied to customers. It is a standard for quality that has been around since 1987, and successfully applied in many market sectors, with over 500,000 organizations being ISO 9001 registered. Many industries in Canada, the U.S., and around the world, have successfully used the ISO 9001 standard as a platform for launching their vendor management programs. The ISO 9001 standard also helps to manage the following risks:

* Poor quality or incorrect services reaching the customer;

* Services that are inconsistently delivered;

* Services that don’t meet customer needs, reducing satisfaction levels;

* Significant extra operating costs due to poor quality; and

* Non-compliance with customer contracts and regulatory requirements.

In addition to ISO 9001, there are several legislative standards, namely the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and Ontario’s Personal Health Information Protection Act (PHIPA), that focus on the safeguarding of personal information. This is another performance criteria that needs a “process” to ensure it is addressed properly. When safeguarding personal information, obtaining consent is critical when handling personal information from policyholders, and then protecting this information as it travels through the service provider and into the hands of their consultants and vendors. This means that education is needed for these external parties about how they should be safeguarding personal information stored on their own computers and at their premises. The risk of not protecting/securing personal information is significant for all involved: the service provider, the insurer, the third-party consultant/medical practitioner, and most importantly, the policyholder.

As an insurer, it is vital that part of your service provider/vendor management program addresses the management and control of your policyholders’ personal and medical information, as you will ultimately be held accountable for any breach. Anecdotally, rumor has it that some service providers/vendors operate out of home offices and other non-secure environments to such an extent that insurers should be concerned about where they are sending claim file information. An insurer’s own secure workplace may be negated if the service providers they use do not manage personal/medical claim information properly.

An example of a service provider who has applied both the ISO 9001 and PIPEDA models, and have installed processes that ensure performance is predictable and reliable when it comes to providing their services, would be Sibley & Associates Inc./SLR Assessments. Steven Sibley, president of Sibley & Associates, summarizes the benefits for their insurance industry customers: “ISO 9001 represents our own corporate governance program, demonstrating to our customers and, in turn, their policyholders, that we have met a demanding international standard focus
ed on superior customer satisfaction and continual improvement.”

Using the ISO 9001/PIPEDA models, a service provider can confidently answer “yes” to the following questions:

* Will the report be done on time?

* Will the assessment be done accurately by a consultant/medical practitioner who is qualified to do it, who has current up-to-date credentials and who uses properly functioning assessment devices?

* Will the report be legible and complete?

* Will the report be prepared in the format required?

* Will the billing to the customer be correct and also in the right format?

* Will the personal information being handled by the service provider, and by the consultants/medical practitioners, be protected and safeguarded while it is under their control?

So, back to the question at hand – how well do you know your service providers? Can they answer “yes” to the above questions? Do they have a system in place to manage the processes needed to meet your expectations? If not, it’s time to seriously consider developing a service provider/vendor management program in your company.