Still Tracking HCP Interactions on Spreadsheets? Here’s Your Italian Sunshine Act Readiness Plan
Author
Noemi is a Global Solutions Delivery Manager at Vector Health Compliance, where she supports client delivery across global transparency projects. Her work focuses on data accuracy, remediation, and country-specific reporting requirements, with a particular focus on Italy. She plays a key role in coordinating client needs with internal teams to ensure timely and compliant reporting outcomes.
Vector Health Compliance
Your Leading Partner in Global Sunshine Compliance
There is a spreadsheet, somewhere in your company’s shared drive, that contains the names of every physician who attended a dinner event in the past six months. Nobody is quite sure who owns it, the column headers have been renamed twice, and three people have their own local copy. This is not a technology problem. It is a compliance problem that technology has been allowed to defer.
The Italian Sunshine Act is going to demand something that spreadsheets are rarely able to deliver reliably at scale: a consistent, auditable, time-stamped record of every reportable transfer of value (ToV) to HCPs and HCOs, drawn from multiple source systems, reconciled against verified HCP/HCO records, and formatted for submission to the Sanità Trasparente register. That is not what spreadsheets were built for. And the companies that recognise this now, rather than at the moment they try to generate their first XML report, will have a significant advantage over those that don’t.
Why “We’ll Fix It After the ERP Migration” Is the Wrong Strategy
Many Italian life science companies are aware that their current systems aren’t adequate for Italian Sunshine Act reporting. The response, in many cases, is to wait: to wait for the Salesforce implementation that’s twelve months out, the SAP upgrade that’s been in planning for two years, or the ERP migration that is perpetually six months from completion.
This is understandable. But it is also dangerous. ERP projects (ERP migration is the process of moving your organization’s data, processes, and workflows from one enterprise resource planning (ERP) system to another) rarely run on time. Once the reporting obligation becomes operational, the first deadline will not wait for your CRM to finish UAT. The first companies to file will be filing with the systems they have, not the systems they planned to have. The question is whether those systems can produce usable data, or whether someone in finance will be manually reconciling three exports the night before the deadline.
The Three Data Systems That Actually Matter
For many mid-sized Italian medical device or pharmaceutical companies, the TOV data landscape isn’t infinitely complex. It generally comes down to three or four source systems: an ERP for financial transactions (SAP, Oracle, or similar), an expense management tool (Concur being the most common), and one or more manual registers, usually Excel — for events, hospitality, and equipment loans.
The strategic question is not how to replace these systems before the Italian Sunshine Act deadline. It is how to extract, reconcile, and standardise their output into a single reporting-ready dataset. That is a data mapping exercise, not an IT project. It can be done against existing systems, without waiting for transformation programmes to complete, and it can be completed within a realistic timeframe, provided it starts soon enough.
Interim Solutions That Actually Work
The most practical near-term approach for companies facing their first Italian Sunshine Reporting disclosure is to audit each source system for completeness: does it capture the HCP’s fiscal code or the HCO’s identifying details? The date of the activity? The nature of the transfer? For fields that are missing or inconsistently populated, a controlled data-enrichment process, where known gaps are filled manually under documented procedures, is more defensible than doing nothing and hoping the omissions go unnoticed.
Equally important is establishing a single point of control. Rather than multiple functions each maintaining their own records and submitting them independently, compliance teams should designate a central collection point, even if that collection point is, for now, a well-governed SharePoint folder, where all source files are deposited, versioned, and checked before processing begins.
The companies that will struggle are not those with imperfect systems. Every company has imperfect systems. The ones that will struggle are those that discover their imperfections in real time, during the filing window, with no process to manage the gaps. The ones that will be better prepared are those that have already mapped the imperfections, documented their interim mitigations, and built a reporting workflow that accounts for what the data can and cannot reliably provide.
Italian Sunshine Act compliance doesn’t require perfect infrastructure. It requires honest infrastructure, and the discipline to build a process around what you actually have, not what you plan to have.
There is a spreadsheet, somewhere in your company’s shared drive, that contains the names of every physician who attended a dinner event in the past six months. Nobody is quite sure who owns it, the column headers have been renamed twice, and three people have their own local copy. This is not a technology problem. It is a compliance problem that technology has been allowed to defer.
The Italian Sunshine Act is going to demand something that spreadsheets are rarely able to deliver reliably at scale: a consistent, auditable, time-stamped record of every reportable transfer of value (ToV) to HCPs and HCOs, drawn from multiple source systems, reconciled against verified HCP/HCO records, and formatted for submission to the Sanità Trasparente register. That is not what spreadsheets were built for. And the companies that recognise this now, rather than at the moment they try to generate their first XML report, will have a significant advantage over those that don’t.
Why “We’ll Fix It After the ERP Migration” Is the Wrong Strategy
Many Italian life science companies are aware that their current systems aren’t adequate for Italian Sunshine Act reporting. The response, in many cases, is to wait: to wait for the Salesforce implementation that’s twelve months out, the SAP upgrade that’s been in planning for two years, or the ERP migration that is perpetually six months from completion.
This is understandable. But it is also dangerous. ERP projects (ERP migration is the process of moving your organization’s data, processes, and workflows from one enterprise resource planning (ERP) system to another) rarely run on time. Once the reporting obligation becomes operational, the first deadline will not wait for your CRM to finish UAT. The first companies to file will be filing with the systems they have, not the systems they planned to have. The question is whether those systems can produce usable data, or whether someone in finance will be manually reconciling three exports the night before the deadline.
The Three Data Systems That Actually Matter
For many mid-sized Italian medical device or pharmaceutical companies, the TOV data landscape isn’t infinitely complex. It generally comes down to three or four source systems: an ERP for financial transactions (SAP, Oracle, or similar), an expense management tool (Concur being the most common), and one or more manual registers, usually Excel — for events, hospitality, and equipment loans.
The strategic question is not how to replace these systems before the Italian Sunshine Act deadline. It is how to extract, reconcile, and standardise their output into a single reporting-ready dataset. That is a data mapping exercise, not an IT project. It can be done against existing systems, without waiting for transformation programmes to complete, and it can be completed within a realistic timeframe, provided it starts soon enough.
Interim Solutions That Actually Work
The most practical near-term approach for companies facing their first Italian Sunshine Reporting disclosure is to audit each source system for completeness: does it capture the HCP’s fiscal code or the HCO’s identifying details? The date of the activity? The nature of the transfer? For fields that are missing or inconsistently populated, a controlled data-enrichment process, where known gaps are filled manually under documented procedures, is more defensible than doing nothing and hoping the omissions go unnoticed.
Equally important is establishing a single point of control. Rather than multiple functions each maintaining their own records and submitting them independently, compliance teams should designate a central collection point, even if that collection point is, for now, a well-governed SharePoint folder, where all source files are deposited, versioned, and checked before processing begins.
The companies that will struggle are not those with imperfect systems. Every company has imperfect systems. The ones that will struggle are those that discover their imperfections in real time, during the filing window, with no process to manage the gaps. The ones that will be better prepared are those that have already mapped the imperfections, documented their interim mitigations, and built a reporting workflow that accounts for what the data can and cannot reliably provide.
Italian Sunshine Act compliance doesn’t require perfect infrastructure. It requires honest infrastructure, and the discipline to build a process around what you actually have, not what you plan to have.
Author
Noemi is a Global Solutions Delivery Manager at Vector Health Compliance, where she supports client delivery across global transparency projects. Her work focuses on data accuracy, remediation, and country-specific reporting requirements, with a particular focus on Italy. She plays a key role in coordinating client needs with internal teams to ensure timely and compliant reporting outcomes.
Vector Health Compliance
Your Leading Partner in Global Sunshine Compliance