Compliance officers often lament that it is impossible to identify, assess and manage the compliance risks of financial relationships they know nothing about. Too often they are limited to relationships brought to their attention through compliance inquiries, hotline reports or annual conflicts of interest disclosure processes. As it has over the past three years, the Centers for Medicare and Medicaid Services (CMS) has pulled back the curtain on certain payments from drug and device companies to physicians and hospitals.

Affordable Care Act Section 6002 (commonly referred to as the Sunshine Act) established the Open Payments Program, under which CMS collects information about the payments drug and device companies make to physicians and teaching hospitals for travel, research, gifts, speaking fees and meals. It also identifies ownership interests that physicians or their immediate family members have in drug and device companies. Prior to the Sunshine Act, the U.S. Department of Health and Human Services’ Office of Inspector General (OIG) often required parties to a corporate integrity agreement to comply with similar “sunshine” reporting requirements. Now, CMS collects this data from all drug and device companies and publishes it annually.

The 2016 data reveals that payments from drug and device companies to physicians and hospitals increased again. The amount for 2016 is a staggering $8.2 billion. Only $39 million — less than 5 percent — is in dispute. (Physicians and teaching hospitals have an opportunity to review and dispute the data reported by drug and device companies in the year the data is reported.)

With details regarding over $8 billion of undisputed payments, compliance officers have a valuable tool. Because data is published in a searchable format, compliance officers can search for payments made to their organizations and physicians. Indeed, CMS eases this effort with its "search by name" feature. (As a practice tip, keep in mind that, with 11.3 million records, there likely will be misspellings in names and addresses. For organizations with numerous entities in their corporate structure, it’s possible to conduct a search on too few entities. As such, it is important to conduct several unique searches to capture all relevant data.)

Ideally, there would be no entry in the search results about which compliance officers are unfamiliar. Practically, however, that is nearly impossible. Some physicians or hospital departments, no matter how much compliance training occurs, will routinely fail to disclose a reportable payment as is often required by hospital compliance policies. Moreover, the federal government takes an expansive interpretation of payment — even the smallest, such as meals. These easily can be forgotten or overlooked during internal reporting periods, which could be months after the meal in question.

While the past three years have allowed the healthcare industry an opportunity to become familiar with the Open Payments reporting process, the utility of this data is beginning to change. The government can use the Open Payments data to identify questionable financial arrangements and begin an investigation. For example, in its 2017 work plan, the OIG noted it was mining the Open Payments database for at least two studies, which could lead to investigation referrals if questionable payments are identified.

In light of the increased scrutiny of this data, compliance officers need to look behind the curtain and become familiar with it. First, compliance officers, in consultation with legal counsel, should examine the payments for compliance with key laws regulating industry-provider relationships, including federal and state anti-kickback statutes and federal conflicts of interest rules. It is important to include legal counsel because it may become necessary to report potentially problematic relationships to government regulators.

Not all payments from industry to providers are automatically suspect under federal and state fraud and abuse statutes. The OIG recognizes that some financial relationships between industry and providers are less risky than others. In such cases, there are federal anti-kickback safe harbors, which spell out conditions the parties must follow to receive protection. Moreover, through the issuance of advisory opinions, the OIG has approved some payments from industry to providers that do not fit within a safe harbor when certain other safeguards are in place. Finally, other payments may not necessarily run afoul of the anti-kickback statute although the further the payments skew from safe harbors and advisory opinions, the higher the risk of government scrutiny. Compliance officers examining payments listed in the data should be mindful of this dynamic body of work.

Second, use of the CMS Open Payments data file as an audit tool assists organizations with their internal compliance policies. Organizations that have a higher than expected number of payments, a concentration of payments from one particular manufacturer or potentially noncompliant payments can use this data as an opportunity for change. For example, an organization may want to examine the impact of industry relationships on its mission and operations, revise existing compliance policies, enhance auditing and monitoring processes, or launch compliance training about industry relationships and conflicts of interest.

With the federal government's attention squarely focused on fraud and abuse in industry-provider relationships, the CMS Open Payments data file is one resource compliance officers can and should take advantage of to identify and investigate potential compliance risks.