COISoftware collects a certificate of insurance from every vendor, contractor and medical device rep, reads each ACORD 25 with AI, checks the coverage against your requirements, and confirms the facility is named as additional insured. Built for US hospitals, health systems, clinics and senior living operators that work with hundreds or thousands of vendors. Upload a vendor COI above to see it read in seconds.
Last updated June 2026
Upload your certificates of insurance
Drop files here or click to upload
Up to 50 files
Uploading...
Different vendor categories carry different risks, so most facilities require different coverage by type. These are common starting points, not legal or insurance advice.
| Vendor type | Coverage commonly required | Why it matters in a healthcare setting |
|---|---|---|
| Medical device reps and clinical vendors | General liability, often $1M / $2M, plus professional liability | Reps work in procedure and patient areas, so injury and professional exposure both apply |
| Construction and renovation contractors | General liability, workers comp, umbrella, facility as additional insured | Work happens in occupied space next to patients, the highest-stakes vendor risk |
| IT, EHR and software vendors | Cyber liability and professional liability / E&O | Business associates touch protected health information, so a breach is the facility exposure |
| Environmental services and food service | General liability, workers comp, sometimes auto | Slip and fall, foodborne illness and on-site injury claims reach the facility |
| Medical waste and logistics | General liability, auto, pollution where applicable | Transport and handling of regulated waste carries auto and environmental exposure |
| Staffing and locum agencies | General liability, professional liability, workers comp | Placed clinicians create professional liability the facility wants covered upstream |
Set requirements to your own risk policy, contracts and state law. Limits and coverages shown are common starting points, not legal or insurance advice.
A single hospital can work with well over a thousand vendors, from medical device reps and biomedical techs to food service, environmental services and construction crews. Each one is a separate insurance policy on its own renewal date, and one uninsured vendor is a liability the facility absorbs.
Clinical services, IT and EHR vendors, food service, medical waste, laundry, biomedical, construction and staffing agencies each carry their own coverage. Tracking thousands of certificates and renewal dates by spreadsheet does not scale at hospital volume.
Credentialing platforms like GHX Vendormate and symplr gate physical access on training, immunizations and a current certificate of insurance. When the COI piece lives in scattered PDFs, a rep can clear credentialing while the underlying policy has lapsed.
Joint Commission, CMS Conditions of Participation and OSHA all push facilities to manage third-party risk. A current, verified certificate is the documentary proof that a vendor working in your building is actually insured.
Renovations and equipment installs occur next to patients. A contractor whose general liability lapsed mid-project, or who never named the facility as additional insured, leaves the hospital holding the risk if something goes wrong.
Business associates that touch protected health information need cyber liability and often professional liability, not just general liability. Checking that those specific coverages are present and current is easy to miss by eye.
Skilled nursing, assisted living and home health operators face state survey requirements and their own vendor mix. The verification work is the same, but the volume and turnover make manual tracking unworkable.
The certificate a vendor hands a hospital is a snapshot on the day it was issued, not proof of coverage today. Confirming that each vendor bought the right coverage, kept it current, and named the facility as additional insured is repetitive, rules-based work, which is exactly what software handles well. Certificate of insurance management software reads every vendor certificate, checks it against your requirements, and flags anything that lapses or comes up short, so your risk and compliance team is not re-keying ACORD 25 forms by hand.
COISoftware reads every vendor certificate, checks it against your coverage rules, confirms additional insured status, and watches renewals across your whole vendor base.
Upload a certificate from any vendor and the AI pulls the insurer, policy numbers, coverage types, limits, effective and expiration dates, and additional insured status, even from scans and phone photos.
Group certificates by department, facility, vendor type or risk tier so you can see compliance for one campus, one vendor category, or the whole health system at a glance.
Set the general liability, professional liability, cyber, auto, workers compensation and umbrella limits you require by vendor type. Every certificate is checked and flagged the moment a limit is short or a coverage is missing.
See whether your facility entity is named as additional insured on each policy, so the endorsement you require is verified rather than assumed from a checked box on the certificate.
Automated reminders at 60, 30 and 15 days mean a lapsing vendor policy is caught before the coverage gap, not after an incident in your building.
Every certificate, its extracted data and its compliance status are stored together, so you can show a surveyor, insurer or counsel exactly what each vendor carried on any date.
COISoftware reads the ACORD 25 and the broader certificate of liability insurance, then ties each vendor certificate into full certificate of insurance management software and ongoing vendor insurance compliance tracking. When a vendor certificate looks off, the same checks behind certificate of insurance verification flag it for review. Facilities teams managing the building side often pair it with COI tracking for facilities management.
From onboarding a new vendor to keeping a whole system compliant, the workflow is the same four steps.
Enter the coverages and limits you require, and vary them by vendor type, so a medical device rep, an IT vendor handling patient data, and a construction contractor each get the right rule. Include the additional insured wording that names your facility.
Tip: Set higher general liability and umbrella limits for vendors working in clinical or patient-occupied areas.
Request a COI from each vendor, or upload the certificates you already hold. The AI reads every certificate automatically, so onboarding a new vendor does not mean manual data entry into a spreadsheet.
Each certificate is checked against the requirement for that vendor type. Short limits, missing coverages and an absent additional insured endorsement are flagged for review before the vendor is cleared to work.
Automated reminders track every expiration date and chase renewals before coverage lapses, so a large vendor base stays compliant without a manual calendar per vendor.
Anyone responsible for proving that every vendor working with the facility carries the coverage your contracts and risk policy require.
The team accountable for third-party risk under Joint Commission and CMS expectations needs a live view of which vendors are insured, which fall short, and which are about to lapse. COISoftware turns each requirement into a current status for every vendor, so the answer to which vendors are compliant today takes seconds, not a day of pulling PDFs.
If your facility uses GHX Vendormate or symplr to gate access, the certificate of insurance is one of the items that has to stay current. COISoftware focuses on the insurance verification, reading each COI, checking limits and confirming additional insured, so the coverage behind the credential is actually valid and not just on file.
Smaller facilities and multi-site senior living operators have the same verification job with leaner teams. The same dashboard works whether you track 40 vendors or 4,000, so a single clinic or a national operator can prove every vendor is covered on demand. To collect, verify and monitor every certificate in one place, pair this with vendor insurance compliance software, and if you are comparing platforms, our best COI tracking software roundup walks through the options honestly.
Hospitals require COIs to confirm that every vendor working in the building actually carries the coverage their contract demands, so an injury, breach or property loss is paid by the vendor carrier rather than the facility. A current certificate is also the documentary proof of risk transfer that surveyors, insurers and counsel expect under Joint Commission, CMS and OSHA expectations.
Most facilities require commercial general liability, workers compensation, and commercial auto where vehicles are used, with the facility named as additional insured. Clinical vendors and staffing agencies often add professional liability, and IT or EHR vendors that handle protected health information need cyber liability. Exact limits vary by vendor type and your own risk policy.
Smaller facilities use spreadsheets, but most health systems move to COI tracking software once vendor counts grow. Software reads each certificate, checks coverage against the requirement for that vendor type, confirms additional insured status, stores it by vendor, and sends automated renewal reminders, which removes the manual entry and missed lapses that spreadsheets invite at hospital scale.
Vendor credentialing is the process hospitals use to control which third parties may enter the facility, typically verifying training, immunizations, background checks and a current certificate of insurance before access is granted. Platforms like GHX Vendormate and symplr manage credentialing, while COI tracking software focuses on verifying that the insurance behind the credential is current and meets your limits.
Yes. Most hospitals require medical device and clinical reps to provide a certificate of insurance with the coverage limits the facility sets, usually general liability and often professional liability, before they are credentialed for access. The exact limits vary by hospital, so reps should provide a current COI that names the facility where required.
Construction and renovation contractors working in a healthcare facility are usually required to carry commercial general liability, workers compensation and umbrella coverage, with the facility named as additional insured, because the work happens near patients. Many facilities also require pollution coverage for certain trades. Set limits to your contract and counsel guidance rather than a generic figure.
Pricing depends on how many vendors you track and whether you want self-serve software or a managed service. COISoftware lists transparent monthly pricing and offers a free tier, so a clinic or a large health system can start reading and verifying certificates without a sales call or a custom quote. You can test it on your own vendor certificates before paying anything.
Collect, verify and track every vendor and contractor COI in one place.
Read ACORD 25 data, verify coverage and track every COI expiration.
Track contractor and vendor COIs across every building you manage.
