Magazine Article | August 30, 2012

Sunshine Act Compliance: Are You Prepared?

Source: Life Science Leader

By Animesh Gandhi, director of information management, Alliance Life Sciences

In 2011, CMS (Centers for Medicare and Medicaid Services) published the draft rules for Sunshine Act implementation and then collected comments until Feb. 17, 2012. The organization plans to issue the final rules “sometime” in late 2012. CMS is also considering a preparation period of 90 days after the rules are finalized.

In light of the above development and timeline, we suggest companies start to capture data as soon as possible to ensure its accuracy and integration with the reporting system.

It should be noted that although the dates have changed, the majority of Sunshine Act requirements will be expected, minus a few exceptions in the draft rules:

  1. CMS has confirmed the use of NPPES (National Plan and Provider Enumeration System) or NPI (National Provider Identifier) to identify covered recipients.
  2. Applicable manufacturers are defined as those organizations that manufacture at least one “Rx Only” drug or a PMA (premarket approval) device.
  3. Privately held manufacturers and Group Purchasing Organizations (GPOs) that have physician ownership must submit two separate reports: one for transfers of value to a covered recipient, and another detailing the physician investment/ ownership interests.
  4. The provisions for allocation of group spend are as expected and should cover cost per individual recipient.
  5. CMS proposes that manufacturers report transfers to group practices (GP) compared to the physician(s) who make up the GP.
  6. Reports for payments directed to third parties should include both the third party and the primary recipient.
  7. The entire amount should be reported, not individual payments for research.
  8. CMS proposes to publish a list of teaching hospitals that are covered.

Companies should proactively navigate through the complex set of requirements by focusing on three areas:

Spend Governance: Proactive compliance is more than simple data collection. You need to:

  • Create a framework to promote awareness and help educate various stakeholders regarding the importance of governance and the focus required to successfully implement structure.
  • Define a spend governance operating model including key roles, responsibilities of the working group, timing, and improvement of data quality.
  • Establish high-level policies and guidelines.
  • Define the roles and responsibilities and responsibility assignment (RACI) matrix for the spend governance and data stewardship functions.
  • Define goals and success measures, establish monitoring and metrics for goal attainment, and define scorecards to report on capability performance.

Policies and Procedures: You may need help with:

  • spend disclosure compliance communication to employees on transparency obligations
  • standardizing spend definitions and classifications (“nature” and “purpose”) categories across the organization
  • finance/payment policies for handling of payments to entities that veil a reportable end recipient
  • business rules customization including data entry requirements, triggers, warnings, etc.
  • third-party contract requirements and SOP for payment reconciliation
  • spend determination SOP for submitting
  • new or unreported spend events
  • disbursement reporting SOP for establishing new reportable disbursable items, work instructions to classify nature and purpose category.

Training: Develop training curricula and materials for aggregate spend program components such as:

  • Sunshine Act implementation and ongoing state disclosure requirements
  • data stewardship protocol, including the roles, responsibilities, and coordination among compliance/business data stewards and technical data custodians
  • spend policies and business rules
  • spend disclosure compliance and employee obligations
  • third-party spend data governance and reconciliation
  • post-implementation best practices such as fair market value (FMV) policies and procedures.