Covered recipients and the open payments review and dispute process

Kelly Cooper

Kelly Cooper

Kelly Cooper (kcoo0013@shands.ufl.edu, linkedin.com/in/kellyfcooper/) is Compliance Specialist for UF Health Shands Compliance Services, Gainesville, FL.
8 minute read

by Kelly Cooper RHIA, CHPS, CCS, CHC

The Centers for Medicare & Medicaid Services (CMS) oversees the Open Payments program, a “national transparency program”[1] designed to provide patients and the public with information regarding potential financial relationships between reporting entities such as drug and device manufacturers (reporting entities)[2] and certain healthcare providers (covered recipients).[3] Each year these payments (also known as transfers of value) are reported through a process culminating in publication in the Open Payments database.

The Open Payment processes occur in a static cycle annually, easily lending the process to be included in annual reviews or work plans. Yet, despite the public availability and potential risk of the appearance of improper relationships, many covered recipients elect not to participate and simply allow payments to auto-attest. This allows the reporting entities to paint a picture of their relationship(s) without checks and balances in place to protect the recipient. Additionally, despite over six years’ worth of available data, the Open Payments database (database) is often overlooked. The types of data required by the program—including the nature of payment—provide compliance professionals additional touch points for verifying provider adherence to policies and procedures, vendor activities, and potential risk areas.[4]

To best facilitate the Open Payments process, recipients should be aware of the three main phases of the process—data collection, prepublication review and dispute, and publication. Data collection begins on January 1 of the calendar (or program) year, with entities gathering information regarding reportable payments. Payments must be entered into the Open Payments system by March 30 of the following calendar year. On April 1 of that following year, the annual prepublication review and dispute period begins. This is the optimal time for recipients to review items attributed to them/their organization, as payments effectively disputed may be deleted prior to publication. Based on the results of initial review and dispute activities, the data is refreshed on May 16 for the final phase of prepublication review, which ends on May 31. CMS then publishes the initial data on June 30 with an additional data refresh near the end of each calendar year when payments updated after the May 31 deadline will reflect their current status. This fixed schedule easily blends into annual end-of-fiscal-year activities culminating in a final report to interested stakeholders of attributed payments, trends, and concerns. The first step in adopting the review and dispute process into annual compliance activities is to gain access to the CMS Open Payment system.

The CMS Enterprise Portal and Open Payments system

To facilitate reporting, data collection, and compliance with numerous programs, CMS hosts a variety of applications in the CMS Enterprise Portal.[5] Gaining access to the portal is the first step to accessing those applications, including the Open Payments system. You must register to view and dispute information.[6] Generally, it is an easy process, but it may be complicated by recent changes to users’ legal names, addresses, or jobs, as the system may ask identification questions where the correct answers are from the time before the change. Any questions or concerns should be directed to the “Contact Open Payments,” help desk.[7] As an additional note, it is best for new users to complete the access requirements outside the review and dispute period, as the system can be slow or difficult to use during such high-traffic times. The general steps for creating a new user in the Enterprise Portal include:

  • Go to the CMS Enterprise Portal and select “New User Registration.”

  • Use the drop-down menu of applications, choose Open Payments to proceed to the next step.

  • Review and agree to the terms and conditions.

  • Enter all required information and create the user’s profile. At this step, the system may prompt the new user for additional identification information.

  • Once the email confirmation of registration is received, the user may log into the Enterprise Portal. The new user may need to go through the steps above to add the Open Payments application, as it does not always “stick” during registration.

  • After the initial sign-up, the system will request the user set up multi-factor authentication. This may be done by having the system email a numeric code to the user each time they sign in.

  • All users must log in to their accounts at least once every 180 days or risk their accounts being locked or inactivated.

While these steps provide access to the Open Payments system in general, a second process must be completed to link the user to the covered recipient. Each user must be assigned a role within the Open Payments system granting certain permissions. There are two role types for a covered recipient, depending on what category the recipient falls into. For independent providers, the roles include the provider themselves and an authorized representative, while teaching hospitals have authorized officials and representatives.

Assigning users in the Open Payments System

Individual providers may register themselves for access to the system. During registration, the provider enters their taxonomy type and code, license number, National Provider Identifier, and Drug Enforcement Agency number to gain access to their Open Payments profile. Once in the Open Payments application, the provider can nominate representatives to complete tasks on their behalf. Representatives have 10 calendar days to respond to a nomination request before it expires.

Provisioning system access for staff overseeing the Open Payments process for teaching hospitals is slightly different. As the official has essentially administrative rights to the hospital’s profile, great care should be taken when selecting an official. If the hospital has not previously registered to review and dispute payments, the steps for provisioning the authorized official will be similar to those for the provider. The information needed for teaching hospital registration includes the hospital Taxpayer Identification Number, the doing business as name, and the business address and information as listed in the CMS teaching hospital list. Once access has been granted, the official may nominate other users—up to 10 in total—including no more than four additional officials.

If, however, the teaching hospital was previously registered, the official(s) account(s) is(are) locked, or the official is no longer with the facility, a letter of nomination is needed to access the account. This letter is obtained by contacting the CMS Open Payments help desk and should be reviewed and completed by a senior leader. Once CMS has received the signed letter, they will issue the nomination allowing the official access to the hospital account and rights to manage active users and profile information.

As with all systems, it is best practice to review active users periodically and verify that only current employees, on a need-to-know basis, have access to the Open Payments system.

The review and dispute process

Once the appropriate staff has access to the Open Payments system, preparations for the review and dispute process may begin. Early identification and communication of payments likely to be reported are critical, as it prevents unnecessary review of expected payments. Collaboration between staff in roles such as compliance, finance, purchasing, supply chain, or other related areas overseeing contract fulfillment provides a robust framework for easy annual review. Centralized repositories of expected payments—such as a spreadsheet or highlighted fields in a data management system—allow for quick data review and discussion. Collaboration between these roles can also highlight vendor contacts or account liaisons who can help smooth and expedite a potentially difficult dispute discussion.

Reporting entities make entries—which are identified with a unique number—that include not only the required information outlined by CMS but may also include specific information about contacting the entity to dispute the payment. These entries are available for download in a spreadsheet starting April 1 of each calendar year. Once the payment data is available, it should be cross-referenced internally with regular payments and involved departments (e.g., finance or accounts payable for debt forgiveness reports). Expected reports may be attested in one of two ways, actively by selecting attest and confirming in the system; or passively by simply leaving the record as is for publication.

Conversely, inaccurate, incorrectly attributed (e.g., research payments attributed to a teaching hospital that were made to the associated university college of medicine), or unexpected reports should be disputed. Following the vendor’s comments for contacting them to initiate a dispute is the best method for smooth dispute resolution; however, all disputed payments should be marked by changing the status to “disputed” in the system as well. While this step may seem redundant, it will cause the payment to publish as disputed, allowing anyone reviewing the data to see that the recipient believes there is an error in the report, should resolution discussions extend beyond May 31. After the May 16 data refresh, it is ideal to download and compare the updated data to the previous information as vendors may not have updated records as expected. The final prepublication dispute period between May 16 and May 31 is the last chance for recipients to work with entities to verify accuracy of initially published data.

Data downloaded beginning June 1 reflects the information available to the public on the Open Payments database. Combining the final reported information with data from the review and dispute process provides a high-level overview of trends both in overall reported payments and in payment categories that senior leadership and stakeholders may find useful.

Conclusion

While CMS considers participation in the Open Payments process voluntary, it benefits covered recipients to actively participate in the program. First, it provides checks and balances for reporting entities; second, it adds transparency for patients by dispelling potential inferences of financial relationships between the reporting entities and covered recipients; and finally, it provides accurate data that may be used internally for a variety of processes and reviews.

Organizational departments such as human resources, medical staff services, and/or credentialing/privileging teams may review the reports for individual providers during initial or renewal of employment or privileges to determine if there are any risks or educational opportunities relating to gifts from vendors. Compliance and internal audit teams may use the data during audits, such as reviewing payments made by a particular vendor or spot-checking providers for overall adherence to policies and procedures. Other departments, such as purchasing, supply chain, and finance, may also find value in reviewing the data before contract discussions relating to device loans, space leases, or upticks in purchasing volumes.

Takeaways

  • While participation in the Open Payments process is voluntary, it greatly benefits covered recipients to participate.

  • Access to the Open Payments system is critical to maintaining an accurate covered recipient profile.

  • To promote accuracy of payments attributed to the covered recipient, the Open Payments review and dispute process should be an annual activity.

  • Internal collaboration and collection of expected payments make the review and dispute process operate more effectively.

  • The Open Payments database can provide valuable data to numerous organizational activities and processes.

All opinions expressed in this article are those of the author and do not represent official positions of the University of Florida, UF Health, or affiliated partners.

 
1 Centers for Medicare & Medicaid Services, “Search Open Payments” database, last data update January 2023, https://openpaymentsdata.cms.gov/.
2 Centers for Medicare & Medicaid Services, “Reporting Entities,” last modified January 23, 2023, https://www.cms.gov/openpayments/program-participants/reporting-entities.
3 Centers for Medicare & Medicaid Services, “Covered Recipients,” last modified January 23, 2023, https://www.cms.gov/openpayments/program-participants/covered-recipients.
4 Centers for Medicare & Medicaid Services, “Natures of Payments,” last modified January 23, 2023, https://www.cms.gov/openpayments/natures-of-payment.
5 Centers for Medicare & Medicaid, “Enterprise Portal,” accessed February 1, 2023, https://portal.cms.gov/portal/.
6 Centers for Medicare & Medicaid Services, “Register as a Physician or Non-Physician Practitioner (NPP) Covered Recipient,” last modified January 23, 2023, https://www.cms.gov/OpenPayments/Program-Participants/Covered-Recipients/Registration.
7 Centers for Medicare & Medicaid Services, “Contact Open Payments,” last modified February 1, 2023, https://www.cms.gov/OpenPayments/Contact-Us.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

What to read next...

Transformation of a healthcare compliance and privacy program — consistently evolving effectiveness

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings