Is Your Practice Staff a Covered Recipient? The Sunshine Act Definition Explained (42 CFR § 403.902)

Small practices frequently ask which staff count as “covered recipients” under the federal Open Payments (Sunshine Act) program and when interactions with drug/device companies get reported to CMS. The answer begins at 42 CFR § 403.902, which defines “covered recipient” and frames what payments or transfers of value may appear publicly under the Open Payments database. 

Under § 403.902, covered recipients include physicians and teaching hospitals; the rule now also encompasses physician assistants, nurse practitioners, clinical nurse specialists, certified registered nurse anesthetists, and certified nurse-midwives. If those individuals are not bona fide employees of the manufacturer reporting the payment, value provided to them is generally reportable. 

Because your reputation and payer relationships can be affected by entries on Open Payments, small clinics benefit from a simple vendor-interaction policy, basic training, and a reliable process to monitor and, when appropriate, dispute reported data. Understanding how § 403.902 connects to the reporting mechanics in Subpart I (for example, § 403.904 reporting content; submission/attestation processes; timeframes for review/dispute via CMS guidance) reduces surprises and supports ethical, transparent operations.

The Sunshine Act requires manufacturers of drugs, devices, biologicals, and medical supplies operating in the United States to report certain payments or transfers of value they make to covered recipients. Whether your practice’s clinicians fall inside that “covered recipient” definition drives whether free lunches, honoraria, consulting fees, travel, research funding, or in-kind items are publicly listed. The definitive source is 42 CFR § 403.902, which supplies the definitions for Subpart I, including “covered recipient,” “applicable manufacturer,” “teaching hospital,” and other terms that control Open Payments reporting. 

For lean practices, the operational risks are practical: a staff member accepts a meal or fee without realizing it will be published; your clinicians do not check Open Payments during the review window; or a vendor’s category selection paints a misleading picture. A direct, compliant workflow anchored to § 403.902 and the operational provisions of Subpart I help small practices prevent reputational harm and align with ethical standards. 

Legal Framework & Scope Under 42 CFR § 403.902

What § 403.902 does. Section 403.902 houses key definitions for Open Payments. Most importantly, it defines “covered recipient” as (1) any physician, physician assistant, nurse practitioner, clinical nurse specialist, certified registered nurse anesthetist (including, as recognized by CMS, anesthesiologist assistants), or certified nurse-midwife who is not a bona fide employee of the reporting manufacturer; or (2) a teaching hospital that received certain Medicare payments under sections 1886(d)(5)(B), 1886(h), or 1886(s) of the Social Security Act. 

How § 403.902 interacts with reporting. The definitions in § 403.902 feed directly into the reporting obligations outlined in § 403.904, which specifies what data manufacturers must capture for each reportable payment or transfer of value, including the nature, amount, date, and associated covered recipient. The definitions also inform submission/attestation requirements and the review/dispute process that CMS administers. 

Federal vs. state. Federal Open Payments does not prohibit manufacturers from giving value; it requires transparency. Federal preemption for Open Payments can limit the scope of state laws that require similar reporting about the same interactions, but clinics may still face state gift bans or ethics rules, particularly for public employees or Medicaid-related engagements. Plan your policy primarily around § 403.902 and related Subpart I provision, then add state-specific overlays where applicable. 

Why this reduces friction. Knowing exactly who is a “covered recipient” lets your front office and clinical leads guide staff behavior, anticipate public disclosures, and prepare standard documentation. This guards against billing disputes tied to perceived conflicts and helps you respond quickly if a posting looks inaccurate.

Who enforces. CMS administers the Open Payments program and publishes the data annually. Manufacturers and GPOs bear the duty to report accurately; CMS may impose civil monetary penalties for failures. While § 403.902 itself is definitional, penalties for noncompliant reporting are part of Subpart I and the underlying statute (Social Security Act § 1128G). CMS monitors compliance through data validation and communications during submission, attestation, and publication cycles. 

Common triggers affecting small practices. Although manufacturers are the reporting entities, clinics are pulled into the process when:

• A clinician appears in the pre-publication data and must review or dispute an entry within allotted windows set by CMS.

• A local news story surfaces a clinic’s Open Payments totals, creating reputational exposure if categories or context are misunderstood. (CMS treats these as transparency outputs rather than sanctions.)

• A manufacturer misattributes a payment to the wrong individual or selects an inaccurate “nature of payment” category, which the clinician must challenge through CMS’s review/dispute pathway prior to publication.

Below are lean, non-redundant controls built expressly for small clinics. Each control ties to § 403.902’s covered-recipient definition and related Subpart I operations, with simple evidence artifacts.

1) One-page Vendor-Interaction Policy (V1.0) aligned to § 403.902

Implement: Draft a one-page policy stating which roles in your clinic are “covered recipients” (physicians, PAs, NPs, CNSs, CRNAs, CNMs) and that any payment or transfer of value from a manufacturer may be publicly reported under Open Payments. Prohibit staff from accepting value in clinical areas; require routing all offers to a designated lead. Include examples (lunches, consulting, travel, educational items) mapped to CMS categories. 

 Evidence to retain: Signed staff acknowledgments; version-controlled policy with date; annual training roster.

 Low-cost method: Use a shared drive with e-signature acknowledgment and a simple 10-question quiz.

2) Pre-Approval “Gift/Value” Log for All Covered Recipients

Implement: Before any event (lunch-and-learn, demo, speaker honorarium), require a one-page request listing manufacturer name, nature of value, amount, date, and intended attendees. Clinic leadership approves or denies; if approved, attendees sign in to create an internal record mirroring § 403.904 data elements. 

 Evidence to retain: Event request, sign-in sheet, and a scanned agenda saved in a folder named YYYY-MM-DD_Manufacturer_Event.

 Low-cost method: Free form software or spreadsheet template.

3) Annual Open Payments Review Week

Implement: Each spring, schedule a “Review Week” where all covered recipients log into CMS Open Payments, verify identities, and check pre-publication data. Build a mini-script for identifying inaccuracies and initiating disputes during the designated window outlined by CMS. 

 Evidence to retain: Screenshot of each clinician’s attestation of review; list of disputes filed and resolutions.

 Low-cost method: Fifteen-minute calendar slot per clinician, coordinated by the office manager.

4) Role Mapping: Who Is and Is Not a Covered Recipient

Implement: Maintain a clinic roster, labeling each credentialed professional as within or outside the § 403.902 definition. For example, your RN care coordinators and medical assistants are not listed in § 403.902, whereas your NPs, PAs, and CNMs are explicitly included. 

 Evidence to retain: Roster PDF with credentials and role; hiring checklist requiring role review.

 Low-cost method: Add a “covered recipient = Y/N” column to your HR spreadsheet.

5) Vendor Access Rules in Clinical Space

Implement: Require all manufacturer interactions to occur in a non-patient area, by appointment, with a sign-in and a statement whether anything of value was provided to anyone fitting § 403.902. Decline samples or leave behinds that blur lines between patient benefit and provider value unless routed through a formal process. 

 Evidence to retain: Vendor sign-in log; quarterly summary of visits and declared transfers.

 Low-cost method: A clipboard at reception and a monthly scan upload.

6) “Education vs. Promotion” Checklist for Events

Implement: Before any educational session sponsored by a manufacturer, classify whether the value is personal (e.g., a meal for a PA) or bona fide patient education with no personal benefit. Where personal value is present to a § 403.902 covered recipient, anticipate reporting and record the nature and amount. 

 Evidence to retain: Completed checklist with agendas and slides.

 Low-cost method: One-page checklist template.

7) Dispute Playbook: 5-Step Script

Implement: Provide a template email and CMS-portal steps for clinicians to dispute entries they believe are inaccurate in amount, date, or nature. Include internal escalation to the practice manager for multiple unresolved disputes before publication closes, following CMS timelines described in program guidance. 

 Evidence to retain: Dispute submission confirmations; resolution emails; updated screenshots.

 Low-cost method: Shared doc with copy-paste language.

8) Communications Plan for Media or Patient Inquiries

Implement: Keep a short, plain-English statement explaining that federal law requires public transparency of certain manufacturer payments to clinicians defined in § 403.902 and that your practice adheres to an internal policy to avoid conflicts. Designate a single spokesperson.

 Evidence to retain: Approved statement text; record of any media inquiries and responses.

 Low-cost method: One sheet stored with front-desk FAQs.

Wrap-up: These controls translate § 403.902’s definitions into daily guardrails that prevent confusion, protect reputation, and ensure your clinicians can act quickly during CMS review windows.

Case Study

Scenario. A three-clinician primary care group employs one MD and two NPs. A device manufacturer hosts a lunch in the break room and leaves branded educational materials and boxed meals for “all clinical staff.” A month later, the MD and one NP see themselves listed on the manufacturer’s pre-publication Open Payments' data with meal transfers of $36 each and a “food and beverage” category; the other NP is listed with a $500 “consulting fee” she never received.

Consequences if unmanaged. If the NP does not dispute the $500 entry, the public database will show a significant personal payment. For the clinic, this could lead to questions from patients and payers about conflicts of interest.

Resolution using the Playbook.

• The office manager checks the Role Mapping roster and confirms all three clinicians are covered recipients under § 403.902 because they are a physician and nurse practitioners.

• Using the Dispute Playbook, the affected NP initiates a dispute during the CMS review window, attaching the clinic’s Pre-Approval Gift/Value Log and vendor sign-in (no consulting agreement exists), prompting correction before publication.

• The practice updates the Vendor Access Rules to prohibit unscheduled food drops and requires all value to be declared on the visit log.

Outcome. The incorrect “consulting fee” is removed; the small meal entries remain accurate and published. The clinic’s quick, evidence-based response demonstrates control and protects its reputation.

Wrap-up: This table keeps your controls concise and testable; each row maps to the definitional foundation in § 403.902 and the reporting mechanics that flow from it.

Risk Traps & Fixes Under 42 CFR § 403.902

Before each list item, note how it connects to the covered-recipient definition and avoid assumptions about non-physician roles.

• Assuming NPs, PAs, or CRNAs are not covered recipients. Under § 403.902 they are, so value provided to them is reportable; failure to recognize this leads to public postings that surprise the clinic and clinician. Fix: Update rosters and training to include these roles explicitly.

• Letting vendors host ad-hoc meals in patient areas. Food or beverage to a covered recipient is reportable; sloppy processes raise conflict-of-interest concerns. Fix: Require appointments in non-patient spaces, sign-ins, and pre-approval logs mirroring § 403.904 fields.

• Ignoring the CMS review/dispute window. If clinicians miss the window, inaccurate entries may go public and persist. Fix: Block an annual “Review Week” with screenshot attestations.

• Misclassifying attendees as “employees” of a manufacturer. § 403.902 excludes bona fide manufacturer employees from being covered recipients, but clinic staff are not manufacturer employees. Fix: Train on the employee distinction to avoid bad assumptions.

• Poor evidence discipline. Without logs, your dispute lacks proof. Fix: Keep request forms, sign-ins, agendas, and photos that align with Subpart I data elements.

• Assuming state law duplicates federal rules without conflict. Open Payments has a preemption framework; some state gift or ethics limits may still apply. Fix: Use federal definitions as the baseline, then add a one-page state overlay.

Wrap-up: Fixes anchored to § 403.902 (and § 403.904 for data elements) prevent avoidable exposure and make disputes straightforward if needed. 

A compliance culture around transparency does not require a large department. Assign a single policy owner, often the practice manager or medical director, to maintain the vendor-interaction policy, roster, and calendars for the CMS review window. Incorporate a five-minute briefing during monthly huddles to reinforce who counts as a covered recipient and how to route vendor offers. Use an annual micro-training (ten slides) to refresh staff and capture sign-offs. These simple steps help ensure your practice consistently applies § 403.902’s boundaries and is ready for evidence-based disputes. 

The Sunshine Act’s Open Payments program is fundamentally a transparency regime. The definitional center of gravity is § 403.902, which tells you exactly who is a covered recipient in your clinic. Once you accept that your physicians and certain advanced practice clinicians are included, the rest is operational discipline: policies, logs, and a reliable review/dispute habit tied to CMS timelines. 

Immediate next steps for a small clinic:

1. Publish a one-page vendor-interaction policy and train all covered recipients on its basics this week.

2. Create a pre-approval form and sign-in process that captures § 403.904 data elements for any manufacturer-sponsored event.

3. Put “Open Payments Review Week” on the calendar, with responsibilities and screenshots as evidence of completion.

4. Update your HR roster to clearly mark § 403.902 status for each clinician (Y/N) and refresh annually.

5. Draft a brief public statement explaining transparency and designate a spokesperson for any inquiries.

• 42 CFR § 403.902  Definitions (Open Payments, Subpart I)

• 42 CFR § 403.904  Reports of Payments or Other Transfers of Value

• CMS Open Payments Glossary & Acronyms (Program Definitions and Role Clarifications)

• CMS Open Payments: Overview of Submission, Attestation, and Review/Dispute Processes (Program User Guide/Overview)

• 42 CFR Part 403, Subpart I  General Overview and Section Listing (Regulatory Structure, including Penalties and Preemption)