Compliance FAQs

What are the Centers for Medicare & Medicaid Services’ (CMS) requirements for Medicare Advantage Organizations and Part D Plan Sponsors in regard to compliance programs?

Federal law requires Medicare Advantage Organizations (MAO) and Prescription Drug Plan (PDP) Sponsors to have a Compliance Plan to prevent, detect and correct Part C or D noncompliance as well as fraud, waste, and abuse. The plan must include:

  1. Written policies, procedures and standards of conduct,
  2. Compliance Officer, Compliance Committee and high-level oversight,
  3. Effective training and education,
  4. Effective lines of communication,
  5. Well-publicized disciplinary standards,
  6. Effective system for routine monitoring and identification of compliance risks and,
  7. Procedures and system for prompt response to compliance issues.

Compliance program overview

What are First Tier, Downstream, Related Entities (FDRs)?

  • A First Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with an MAO or Part D plan Sponsor or applicant to provide administrative services or health care services to a Medicare eligible individual under the MA program or Part D program.  Examples: Pharmacy Benefits Manager (PBM), contracted hospitals, clinics and allied providers.
  • A Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the MA benefit or Part D benefit, below the level of the arrangement between an MAO or applicant or a Part D plan Sponsor or applicant and a first tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services. Examples: pharmacies, marketing firms, and quality assurance companies, claims processing firms and billing agencies.
  • A Related Entity means any entity that is related to an MAO or Part D Sponsor by common ownership or control and
    • Performs some of the MAO or Part D plan Sponsor's management functions under contract or delegation;
    • Furnishes services to Medicare enrollees under an oral or written agreement; or
    • Leases real property or sells materials to the MAO or Part D plan Sponsor at a cost of more than $2,500 during a contract period.

An example of a related entity would be one where a Sponsor is the parent company of its own in-house PBM.

What are my responsibilities as an FDR?

FDRs of Health First Health Plans shall implement policies and procedures that address fraud, waste and abuse, including:

  • What situations constitute fraud, waste or abuse?
  • What methods will be used to prevent and detect fraud, waste and abuse activities?
  • How and who will investigate situations that are reported?
  • How will employees report this information?
  • How will employees be protected from retaliation should they report a potential issue?
  • What corrective and/or disciplinary actions will be taken if fraud, waste or abuse occurs?
  • How will employees receive education on these policies and procedures?

FDRs of Health First Health Plans shall report any potential fraud, waste or abuse related to the MA-PD or PDP program immediately. 

As an FDR already enrolled in the Medicare Program, is my organization still required to meet the annual MA-PDP fraud, waste and abuse training requirements? 

No, FDRs who have met the fraud, waste, and abuse certification requirements through enrollment into the Medicare program are deemed to have met the training and educational requirements for fraud, waste, and abuse.

What should my organization do if we become aware of or suspect FWA?

Every person has the right and responsibility to report possible fraud, waste or abuse. HFHP encourages you to report issues or concerns of FWA by contacting the applicable plan sponsor(s) with whom you are contracted.

Why should I/my organization review the Health First Code of Ethics & Business Conduct?

FDRs are encouraged to adopt and follow a code of conduct particular to their own organization that reflects a commitment to detecting, preventing and correcting fraud, waste and abuse in the administration or delivery of MA and Part D benefits.  As a result, CMS encourages plan sponsors to share their code of conduct with FDRs upon request in order to relay the sponsor’s own commitment and policies and procedures aimed at preventing, detecting and preventing fraud, waste and abuse.

What types of member fraud and abuse can occur in first tier, downstream, and related entities?

Changing, forging or altering any of the following:  prescriptions, medical records, referral forms; any type of misrepresentation of eligibility status, including identity theft; resale of medications on the black market, medication stockpiling, or doctor shopping.

Who is responsible for identifying fraud and abuse?

All Health First Health Plans associates and those defined as a first tier, downstream, and related entities are responsible for identifying fraud and abuse.

What are some examples of first tier and downstream entities? 

Part C examples include:

  • First Tier Entity: Physician Hospital Organization (PHO)
  • Downstream Entity: Group or individual providers that the PHO enters into a contract with hospital employees, provider groups, or individual primary care providers and specialists, employees of a group practice 

Part D examples include:

  • First Tier Entity: Pharmacy Benefit Manager (PBM)
  • Downstream Entity: Pharmacies and pharmacists

Y0089_MP3731FH Approved 2/3/2014
Last updated: 10/01/2013