This interpretation was written by Leon Goldman, Kyruus' Chief Privacy Officer and former Chief Compliance Officer at Beth Israel Deaconess Medical Center
The final rule of the Physician Payment Sunshine Act, commonly called “PPSA”, has been published in the Federal Register as of today, February 8, 2013. Anxiously awaited by the healthcare industry and the public alike, the final ruling means applicable manufacturers and group purchasing organizations will be frantically reviewing it, trying to ensure their organization’s processes and systems are ready and able to report the data to CMS by the deadline of March 31, 2014.
While there is anxious activity among the manufactures and GPOs, it is certainly less clear to hospitals and physicians what the PPSA will mean to them, and what exactly they need to be doing to prepare. Aside from providing the opportunity to review the data posted about them, PPSA does not place any statutory obligations on hospitals or physicians - it will, however, reveal a great deal of information about them to the public.
The process by which hospitals have monitored financial relationships with industry has long relied on individual disclosure, either on an annual or transactional basis triggered by specific events, such as seeking permission to perform research studies. Proactive review of publicly available information has not been part of standard review for most institutions - often because the perceived benefit of implementing such a process has not outweighed the cost of review, in both dollars and time. PPSA mandates not only the collection of a vast amount of information about “covered recipients” but also the creation of a vast database that must be downloadable, easily searchable, and aggregated. How and to what extent this will actually change the playing field is yet to be known.
This database will provide (relatively) easy access to vast amounts of information to the public, regulators, or the media for the first time. While some information is already available today via select states reporting and approximately 50 companies currently disclosing, PPSA will significantly increase the amount of information available to the public. We project the following:
- Over 3 million public industry payment disclosures amounting to over $4 billion
- Over 700,000 healthcare professionals indicated with public industry payment disclosures
- Over 1,500 companies disclosing payments
At Kyruus, we have little doubt that agencies, such as the National Institutes of Health, will use the information as a way to “verify” what they are told by their applicants. The media, too, will see the data as an interesting source of information for investigative reporting. Lastly, individual patients and families will likely use the data to become more informed about their physicians and the relationships those physicians have with industry. Given all who will likely use the data, it behooves hospitals and covered recipients to be aware of the data.
Nevertheless, the presence of such a database will not relieve institutions of the need to gather information on their own as they have been doing up to this point. Factors for consideration:
- The annual posting of the data may not provide adequate information for organizations to fulfill their transactional obligations for events such as accepting payment from PHS for funded research.
- The PPSA database will contain nothing about non-physicians receiving payments or transfers of value about which the organizational policies require disclosure.
- There may be payments to physicians that need to be disclosed under an organization's policies, but which are exempt from reporting under the PPSA and can only be discovered through an active disclosure process.
- Consolidation of reporting by manufactures may make the information that is reported less useful to the institution for their assessment need. Again - the institution will need to continue to monitor data internally to understand what PPSA will mean for them, and what they need to do.
Kyruus believes that best practices will move organizations to develop policies and procedures that actively collect disclosure information from affected individuals and actively monitor publicly available information. This allows organizations to be in control of the information, to reconcile discrepancies, identify and eliminate problem areas, and to respond quickly to both public and regulatory inquiries.