From Raw Data to XML File: How an Effective Italian Sunshine Reporting Process Should Actually Work in Practice
Author
International Expert in Ethics, Compliance, and Transparency
Thought Leader in Reporting on the Italian Sunshine Act
Edoardo, a former MedTech compliance manager, has over 25 years of experience in compliance and transparency. A recognized opinion leader, Edoardo has led ethics programs at major pharmaceutical companies and offers strategic insights into compliance practices in Italy.
Cerchi supporto per la compliance al Sunshine Act?
Hai domande pratiche?
Dai un’occhiata alla nostra sezione Domande Frequenti per risposte chiare su scadenze, obblighi e strategie.
A step-by-step analysis of how data flows and quality controls are managed can make the difference between a correct submission and a compliance issue.
For many compliance and transparency teams, the Italian Sunshine Act raises a practical question that goes beyond legal interpretation: once all transfers of value have been identified and data has been collected across the organization, what actually happens next?
How do you move from potentially multiple Excel files coming from different functions to a validated XML file ready for submission to the Sanità Trasparente platform?
Understanding the full end-to-end data flow is essential—not only to plan activities correctly, but also to build internal confidence among senior management that the submission will be robust and defensible.
Phase 1: Internal Data Collection and Consolidation
The process starts long before any file is submitted or handled by the transparency/compliance team (or a potential external partner).
The most effective approach is to define a clear internal process/methodology, where each business function interacting with healthcare professionals (HCPs) or healthcare organizations (HCOs) is accountable for collecting its own transfer of value (TOV) data.
This is typically supported by a standardized data collection template (e.g., Excel), clearly defining what must be captured:
- HCP/HCO name
- Tax identification code
- Type of transfer of value
- Amount
- Start and end dates
- Any other relevant categories
In my opinion, it can also be beneficial to require each function to formally attest to the accuracy and completeness of the data provided. This creates accountability at the source and reduces the risk that the consolidation phase—where all data is merged into a single master file—becomes a bottleneck.
At agreed intervals (e.g., semi-annually), these files should be submitted to the transparency/compliance team (or the external partner supporting reporting). The data does not need to be in XML format yet, but it must already be structured, consistent, and as complete as possible.
Phase 2: Data Formatting, Processing, and Quality Controls
Once semiannual data is received, the transparency team (or external partner) reorganizes it according to the structure required for submission to the Ministry of Health, aggregating everything into a single company database.
This is where data quality control becomes critical.
Compliance teams—ideally supported by automated validation systems—identify common issues such as:
- Incorrect tax codes
- Duplicate records
- Incorrect values extracted from internal systems
- Decimal or rounding errors
These issues are common in multi-functional data flows and should be resolved before submission to avoid rejections or clarification requests from the Ministry of Health.
Importantly, no corrections should be made unilaterally by an external partner. Any identified anomaly must be sent back to the responsible function for validation and approval. The company must confirm whether to accept, reject, or handle the issue separately.
All changes—whether proposed, approved, or rejected—should be fully tracked in an audit trail.
Phase 3: Dashboard Review, Validation, and Final XML Generation
Once quality checks are completed and corrections approved, the relevant semester’s data should be uploaded to visual analytics dashboards [DBMS systems; database management systems], often developed with tools like Tableau, to be integrated with past data. This helps identify errors or potential undetected TOVs through comparison with historical data, performance of trend analysis, and chasing aberrant data.
These dashboards are critical for engaging business teams and senior management in a format that is easier to understand than raw data tables.
This stage often generates the most valuable insights—not only for compliance, but also for understanding how the organization interacts with HCPs/HCOs.
Once senior management has reached consensus on the data discussed through the dashboard, the compliance function must be able to isolate the data to be reported in the DBMS system (remember that not all data collected for the semester must be reported and that it is also possible that, following the management of the different TOV thresholds, some data must be reported outside the semester to which it actually belongs).
The final data set must be converted into the XML format required by the Ministry of Health for uploading to the Sanità Trasparente platform.
Before submission, the company (or its external transparency partner) must review and verify the accuracy of the XML file created. Upload to Sanità Trasparente can be done directly by the company or delegated to a member of the external compliance partner, but legal responsibility always remains with the company.
The Importance of End-to-End Testing Before Submission
Before the first official submission, it is strongly recommended to run a full test using real but non-official data.
This includes all steps:
- Data collection
- Consolidation
- Formatting
- Quality checks
- Dashboard review
- XML generation
Ideally, using a representative dataset (e.g., one quarter).
This helps:
- Familiarize internal teams and external vendors
- Identify data collection gaps
- Test IT systems and access
- Validate XML output before regulatory deadlines
Organizations that invest in this phase achieve smoother submissions and greater confidence in their data quality.
The Sanità Trasparente platform is already available in a test environment, allowing companies to start familiarizing themselves with the process immediately.
Where to Start
➤ Choose the right transparency partner
Managing the technical and regulatory complexity alone can be risky and resource-intensive. An experienced specialized partner can help design data architecture, collection processes, and XML reporting aligned with both regulatory requirements and the intent of the law.
➤ Participate in Italian Sunshine Reporting events (online or in-person)
With Sanità Trasparente already in testing, this is the time to close gaps in data, processes, and systems. These sessions allow compliance professionals to work directly on structured, audit-ready models.
➤ Seek tailored expert support
Each organization has unique interaction models with HCPs/HCOs, that depends also from the type of business. Expert support helps address specific challenges such as historical data, field operations, and cross-border activities involving Italian stakeholders.
A step-by-step analysis of how data flows and quality controls are managed can make the difference between a correct submission and a compliance issue.
For many compliance and transparency teams, the Italian Sunshine Act raises a practical question that goes beyond legal interpretation: once all transfers of value have been identified and data has been collected across the organization, what actually happens next?
How do you move from potentially multiple Excel files coming from different functions to a validated XML file ready for submission to the Sanità Trasparente platform?
Understanding the full end-to-end data flow is essential—not only to plan activities correctly, but also to build internal confidence among senior management that the submission will be robust and defensible.
Phase 1: Internal Data Collection and Consolidation
The process starts long before any file is submitted or handled by the transparency/compliance team (or a potential external partner).
The most effective approach is to define a clear internal process/methodology, where each business function interacting with healthcare professionals (HCPs) or healthcare organizations (HCOs) is accountable for collecting its own transfer of value (TOV) data.
This is typically supported by a standardized data collection template (e.g., Excel), clearly defining what must be captured:
- HCP/HCO name
- Tax identification code
- Type of transfer of value
- Amount
- Start and end dates
- Any other relevant categories
In my opinion, it can also be beneficial to require each function to formally attest to the accuracy and completeness of the data provided. This creates accountability at the source and reduces the risk that the consolidation phase—where all data is merged into a single master file—becomes a bottleneck.
At agreed intervals (e.g., semi-annually), these files should be submitted to the transparency/compliance team (or the external partner supporting reporting). The data does not need to be in XML format yet, but it must already be structured, consistent, and as complete as possible.
Phase 2: Data Formatting, Processing, and Quality Controls
Once semiannual data is received, the transparency team (or external partner) reorganizes it according to the structure required for submission to the Ministry of Health, aggregating everything into a single company database.
This is where data quality control becomes critical.
Compliance teams—ideally supported by automated validation systems—identify common issues such as:
- Incorrect tax codes
- Duplicate records
- Incorrect values extracted from internal systems
- Decimal or rounding errors
These issues are common in multi-functional data flows and should be resolved before submission to avoid rejections or clarification requests from the Ministry of Health.
Importantly, no corrections should be made unilaterally by an external partner. Any identified anomaly must be sent back to the responsible function for validation and approval. The company must confirm whether to accept, reject, or handle the issue separately.
All changes—whether proposed, approved, or rejected—should be fully tracked in an audit trail.
Phase 3: Dashboard Review, Validation, and Final XML Generation
Once quality checks are completed and corrections approved, the relevant semester’s data should be uploaded to visual analytics dashboards [DBMS systems; database management systems], often developed with tools like Tableau, to be integrated with past data. This helps identify errors or potential undetected TOVs through comparison with historical data, performance of trend analysis, and chasing aberrant data.
These dashboards are critical for engaging business teams and senior management in a format that is easier to understand than raw data tables.
This stage often generates the most valuable insights—not only for compliance, but also for understanding how the organization interacts with HCPs/HCOs.
Once senior management has reached consensus on the data discussed through the dashboard, the compliance function must be able to isolate the data to be reported in the DBMS system (remember that not all data collected for the semester must be reported and that it is also possible that, following the management of the different TOV thresholds, some data must be reported outside the semester to which it actually belongs).
The final data set must be converted into the XML format required by the Ministry of Health for uploading to the Sanità Trasparente platform.
Before submission, the company (or its external transparency partner) must review and verify the accuracy of the XML file created. Upload to Sanità Trasparente can be done directly by the company or delegated to a member of the external compliance partner, but legal responsibility always remains with the company.
The Importance of End-to-End Testing Before Submission
Before the first official submission, it is strongly recommended to run a full test using real but non-official data.
This includes all steps:
- Data collection
- Consolidation
- Formatting
- Quality checks
- Dashboard review
- XML generation
Ideally, using a representative dataset (e.g., one quarter).
This helps:
- Familiarize internal teams and external vendors
- Identify data collection gaps
- Test IT systems and access
- Validate XML output before regulatory deadlines
Organizations that invest in this phase achieve smoother submissions and greater confidence in their data quality.
The Sanità Trasparente platform is already available in a test environment, allowing companies to start familiarizing themselves with the process immediately.
Where to Start
➤ Choose the right transparency partner
Managing the technical and regulatory complexity alone can be risky and resource-intensive. An experienced specialized partner can help design data architecture, collection processes, and XML reporting aligned with both regulatory requirements and the intent of the law.
➤ Participate in Italian Sunshine Reporting events (online or in-person)
With Sanità Trasparente already in testing, this is the time to close gaps in data, processes, and systems. These sessions allow compliance professionals to work directly on structured, audit-ready models.
➤ Seek tailored expert support
Each organization has unique interaction models with HCPs/HCOs, that depends also from the type of business. Expert support helps address specific challenges such as historical data, field operations, and cross-border activities involving Italian stakeholders.
Author
International Expert in Ethics, Compliance, and Transparency
Thought Leader in Reporting on the Italian Sunshine Act
Edoardo, a former MedTech compliance manager, has over 25 years of experience in compliance and transparency. A recognized opinion leader, Edoardo has led ethics programs at major pharmaceutical companies and offers strategic insights into compliance practices in Italy.
Recent Blogs
-
Dal dato grezzo al file XML: come dovrebbe funzionare in pratica un processo efficace per il Sunshine Reporting italiano
-
La Sunshine Act italiana è in arrivo: la tua organizzazione è pronta per il transparency reporting?
-
Le lacune operative nascoste che rallentano la preparazione all’Italian Sunshine Reporting
Cerchi supporto per la compliance al Sunshine Act?
Hai domande pratiche?
Dai un’occhiata alla nostra sezione Domande Frequenti per risposte chiare su scadenze, obblighi e strategie.