iometric screening vendors put hands on your your employees, handle their private health information, and provide data that changes the direction of wellness program investment, impacts employees’ paychecks, and more. If something were to go wrong, it can go very wrong.
The level of risk in this industry warrants more due diligence than is often performed on health screening vendors.
Here are five questions to ask your biometric screening vendor before you award them your business:
- Do you perform my screenings directly or do you subcontract with another company to perform them?
Many of the larger name wellness companies outsource the provision of biometric screenings to smaller entities that specialize in screenings only. If you don’t ask, you may not realize exactly who you authorized to put hands on your employees. Note: Many times, you can specify who you want the subcontracted screening vendor to be.
- Will you share your audit reports with respect to privacy & security?
Don’t settle for the “bank level security” line. It means almost nothing. The national banks of repute have migrated from SAS70 to SOC 2 as the standard against which they are audited.As a service organization, your screening vendor should be able to provide you with a clean SOC 2 Type 2 audit report which focuses on controls as they relate to security and privacy of their systems.When a vendor has a squeaky clean SOC 2 report, their IT security and operational rigor meets a level of professionalism commensurate with a large organization.
- Will you provide me with a copy of your bound commercial insurance levels?
If something were to happen, you need some assurance that your biometric screening vendor can pay for the catastrophe, otherwise your organization will be on the hook. You don’t need that exposure. Fortune 500 organizations typically require $5 million in cyber insurance and at least $3 million in general liability. Don’t rely on contract language alone that says your vendor “represents and warrants” these levels are present. Ask for the proof before you sign.
- Who is your bank?
You want to make sure your vendor is here for the long term, which means you need to be assured of financial stability. Because most biometric screening companies are privately held, you may not get their financial statements. What you can do is ask who their primary bank is and then verify with the bank that they are indeed a customer. If you have never heard of their lender, you might have more questions. If however, it is J.P. Morgan Chase or a comparable bank, you can feel comfortable that the loan would not have been approved without a true expert’s review of financial stability.
- When can I visit your headquarters?
Because the barriers to entry in the biometric screening industry are relatively low, you will be surprised how many screening companies operate out of the second floor of a chiropractor’s office or even out of a residential single-family home. By visiting their work site, you will gain an instant feel of the organization’s scalability and ability to service your employee population professionally. It is well worth the trip. The root cause of some of the most common biometric screening debacles is simply that the vendor was not big enough to handle the customer’s population.
When evaluating the providers of the biometric screening portion of your wellness program, asking these 5 questions will go a long way toward ensuring a partnership that will not leave you exposed to unnecessary levels of risk.
Request our SOC 2 Audit Report