The Centers for Medicare and Medicaid Services (CMS) followed up on its November 19th Registration and Data Submission instructional webinars for Open Payments, the program to implement the Sunshine Act. Highlights from the discussion include that CMS reports that they will assign a unique identifier to each payment and they will retain the records for 10 years. There was also considerable discussion on who at applicable manufacturer or GPO can attest to the information.
Open Payments requires applicable manufacturers and group purchasing organizations (GPOs) to report to CMS any payments or other transfers of value they make to physicians and teaching hospitals. CMS presented information on Registration and Data Submission. We have included copies of the slides from the webinar.
Open Payments Registration
Open Payments Registration is required only if the applicable manufacturers and GPOs have payments or transfers of value to report. If so, users must first complete the CMS Registration Enterprise Identity Management (EIDM) application. Second, users must register and gain access to Open Payments. "Open Payments" is anticipated to be available for selection in the EIDM in early 2014. Users can register an EIDM now, but CMS encourages users to register in early 2014 because the EIDM registration may be disabled due to inactivity in the meantime. After registration begins in 2014, there is no official registration period. Registration can be completed throughout the year. The next slides indicate (1) the registration process for entities and Authorized Officials, (2) the registration process for nominated representatives, and (3) the various roles that must be fulfilled in the Open Payments systems.
- Registration Process for Authorized Official and Entity: As the chart above shows, there is a step by step process to Open Payments. An Authorized Official—broadly defined as a C-level employee or an equivalent "significantly positioned" individual—must register the entity for vetting to be successful. Vetting is the process where CMS verifies that an applicable manufacturers or applicable GPO is, in fact, an entity, and that the Authorized Official is both linked to the vetted entity and significantly positioned to act on the entity's behalf. Registration requires information both from the entity and the individual, listed in the chart below. CMS stated that the vetting process is reliant on accurate information, so mistakes in the user's information will delay the process. Furthermore, the user must complete registration in a single session, so it would be useful to have this information handy:
2. Registration Process for Nominated Authorized Representatives: Once an Authorized Official has registered the company, the Authorized Official may then nominate Authorized Representatives, each of which has a unique role. Individuals may choose to accept or reject the nomination. There can only be one Authorized Official per entity per calendar year, but he or she may nominate representatives to fulfill various roles, as the following slide demonstrates:
3. Open Payment User Roles: Once the Authorized Official submits registration and is successfully vetted, CMS will issue a registration ID. Once this occurs, the Authorized Official may nominate users authorizing access to Open Payments. The names of the individuals in each user role will not be made public. There may be a maximum total of ten users per entity (including up to five officers), and a minimum of two users. CMS offered 4 Submitters, 2 Attesters, and 4 Officers as a possible example an entity could choose. Additionally, the Authorized Official could fulfill all the roles, as long as they nominated a single additional representative. The following chart explains the roles that each class of Authorized Representative have. It is important to note that only one attestation is permitted—if a second submits, CMS will cancel the first. Only the most recent attestation will be accepted. CMS also stated that there is a distinction between an Authorized Official (must be a C-level employee) and the Authorized Representative in the Officer Role (does not).
Data Submission is the technical process plugging in information to Open Payments. The webinar contained a list of data submission resources, some of which are currently available, but all will be available on the Open Payments website later this week:
Data can be entered in the Open Payments system in Bulk File Upload or Manual Entry. The webinar contained updated Bulk Data Upload instructions:
- In the first release of the Open Payments system, the maximum file size for bulk uploads is 250 MBs for both CSV and XML files. Files larger than 250 MBs need to be separated into multiple files. There will be no limit on the number of files that can be uploaded. The CMS received several complaints over this maximum file size, and is reportedly analyzing other options to increase the upload size in the future.
- There are no naming conventions for the uploaded files; however, the file name cannot exceed 50 characters and cannot contain special characters prohibited or reserved for use in a UNIX system.
- CMS recommends CSV for reporting entities with large amounts of data who would like to minimize the number of files for upload. For smaller uploads, XML is recommended. CSV files accepted by Open Payments are pipe delimited. Sample files and submission instructions provide information related to using these pipe delimiters and the headers. Microsoft Excel is not the proper format, and must be changed to be accepted by the Open Payments system.
- The order in which files are uploaded is not important. All files where the records do not have a pre-populated Open Payments ID and the Resubmission Flag is not applied will be treated as new submissions.
Viewing and Reconciling Data: Each payment record, whether uploaded or manually entered, is assigned an Open Payments Payment ID, which will be sent in an email notification. Open Payments "View Submission" functionality will enable viewing, searching, and filtering of all payment records entered into the Graphic User Interface (GUI). The data can be printed using a web browser's print functionality.
Testing Files: Submission of test files is not required, but users will be able to test bulk uploads in the Open Payments system after the system goes live. The tests will not show whether the submitted data is accurate, only that the format is compliant.
Data Deletions: The CMS revealed that the Open Payments system plans on retaining all records for ten years from the date of data publication on the public website. Submitted records can be deleted at any time before or after the reporting deadline for as long as they are retained in the system. Users will be able to delete individual payment records and entire files submitted via the "View Payments" page in the Open Payments System. The user in the Submitter role can search by the File ID, Open Payment ID, and/or Home System Payment ID, and then delete selected records.
Changes and Resubmissions of Data: Once submitted, data can be viewed and edited via the "View Payments" functionality in the Open Payments System by clicking the "Edit" function. Changes to data can be made through either bulk file uploads or GUI regardless of the original data entry method used.
Data Validation: Open Payments will reject the entire file only if the file is in an invalid format or the file does not align with the schema. CSV or XML are the only two accepted formats. Open Payments will process the file and reject individual records if the file is in the supported format but has errors on the record level, such as text characters in number fields. Records entered manually online are validated in real time. For bulk uploads, simple file format validation is performed right after the upload. All records in the submitted file will be processed. The system will not stop after the first encountered error. After the file is process, users will receive an email notification with any errors.
Matching: After submission is complete and errors are rectified, submitted data enters the matching process, which ensures that payments are consistently attributed to the correct physicians and teaching hospitals. The primary data source for the public display will be drawn from the Matching Process.
The Open Payments system will attribute recorded data to recipient profiles by matching Recipient Identifiers submitted by the reporting entities, including Name, National Provider Identifier (NPI), and State License Number for physicians, and the Name, Taxpayer Identification Number (TIN), and Address for teaching hospitals to the information contained in CMS systems. CMS systems include NPPES, PECOS, and the Open Payments Teaching Hospital List. CMS will also use a proprietary physician database provided by Truven health.
If there are any records that could not be attributed with a certain degree of confidence, reporting entities will receive a follow-up email with information about unsuccessful matches. Reporting entities can then make corrections or proceed with submissions as entered. CMS stated that the inability to reliably match submitted record to a physician or teaching hospital would not result in record rejection, and would not prevent submission or attestation.
CMS also stated in the Q&A that they are making a disctinction between what is collected at the point of registration and what is necessary to create the organization profile for the applicable manufacturers and GPOs.
Attestation: Reporting is not considered complete until formal electronic attestation is received. Attestation does not have to be completed right at the point of submission, but must occur before the reporting deadline. Attesters should attest only when all submissions are completed and finalized for the collection year. Standardized attestation statements to which an attester will be required to agree will be displayed on the system screen. Users will not be able to upload any additional attestation documents. Users will be able to enter assumptions for reporting data, which can be entered as plain text in a text box. Data can be modified before or after the attestation. Only the modified records will have to be re-attested.
Consolidated Reporting: CMS received many questions about consolidated reporting. If an Authorized Offiicial indicates at registration that their entity will be part of a consolidated report, it does not limit or restrict the entity to being a part of a consolidated report. The consolidated report field is used by CMS for "informational purposes only," and CMS will not use this information to notify entities that other entities have indicated that they plan to be in their consolidated report. Entities should submit an individual report or a consolidated report submission per year, not both. CMS should only receive one attested report per entity per collection year. This does not apply to correction reports.
Each entity included in a consolidated report must be registered in Open Payments. The consolidated report must reference the registration IDs for all entities included in the report. Individuals submitting and/or attesting to the consolidated report on behalf of multiple entities have to be approved in Submitter and/or Attester roles for ALL entities included in the consolidated report and the entity submiting the consolidated report. Furthermore, each entity represented under a consolidated report will need to have all three roles (Officer, Submitter, Attester) "manned."
Third Parties: The submitter role in the Open Payments system can be filled by a third party user not affiliated with the applicable manufacturer or GPO, but is submitting data on its behalf. The third party submitter must be approved by an Officer in the same way as internal submitters. Third party submitters will not be individually identified in the system—all information will be entered as though it came directly from the reporting entity. Third party software vendors who are not associated with a vetted organization will not have access to Open Payments, nor will they be able to test submission files.
Review and Dispute: CMS received many inquiries about the review and dispute functionality. CMS stated that "review and dispute" is still being designed and will be provided in a future webinar. However, they envision that individual line items under dispute would be re-submitted, not entire submissions.
CMS also offered Clarifications on Reporting Requirements:
- If a reporting entity has multiple transactions for a covered recipient, each transaction should be reported separately rather than aggregated into a single entry.
- At lease one state license number is required for physician covered recipients even if NPI is provided. If the physician covered recipieint doesn't have an NPI, it may be left blank. The applicable manufacturer is responsible for making the best effort to obtain the NPI from the physician for the purposes of reporting.
- The NPI listed in NPPES is the official record that Open Payments uses for matching.
The Webinar concluded with a slide of Resources:
A follow-up webinar is scheduled for January 2014. Monitor Policy & Medicine updates for the latest information on the Sunshine Act. CMS noted that updated data specifications are "in the final stages of review and will be provided in the next couple of days" as a posting on the Open Payments website.