By not accessing the risks, these organizations are potentially facing employment-related litigation and immigration liabilities as well as negative publicity, according to the report.
It is common for companies, even those with well-drafted agreements in place, to unwittingly become co-employers of third-party IT sourcing staff members, according to the report. Government agencies, including the U.S. Citizenship and Immigration Services and the U.S. Department of Labor, are increasingly sensitive to possible co-employer relationships and noncompliance with employment and immigration laws.
Co-employer relationships are established when day-to-day control, supervision, guidance and direction of third-party employees is effectively relinquished by the third-party sourcing entities and handled by employees of the end-client companies.
In the immigration context, the end-client company can be held liable if the third-party sourcing entities employ foreign workers who lack employment authorization. And contractors running afoul of these federal labor laws is not uncommon — Infosys, one of the world’s largest technology outsourcing companies, was fined a record $34 million for immigration-related violations last fall, and federal law enforcement officials indicate further investigations will occur, according to the report.
Co-employment can also be a potential access point for class-action exposure under the Fair Labor Standards Act, tying the wrongdoing by small, third-party sourcing entities to large, multijurisdictional end-client companies.
In response to these challenging developments, healthcare organizations should do the following:
1. Review all contracts with third-party sourcing entities and ensure compliance with the Immigration Reform and Control Act of 1986.
2. Communicate with and train all managers who oversee projects staffed by contractors to ensure managers understand what interactions with vendor employees are permissible with respect to avoiding co-employer liabilities.
3. Require third-party sourcing entities to apply the same standards of compliance to all outsourcing entities they subcontract work from.
4. Only conduct business with third-party service providers are enrolled in the E-Verify program, an Internet-based system that allows businesses to determine the eligibility of their employees to work in the U.S.
More Articles on Third-Party Risk:
10 Necessary Components of a HIPAA Business Associate Agreement
5 Tips For Protecting Patient Information & Responding to Healthcare Data Breaches
5 Tips to Reduce Third-Party HIPAA Risk
