Compliance resources for First Tier, Downstream, and Related Entities (FDRs)

What are First-Tier, Downstream, and Related Entities (FDRs)?

• First-Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with an MA organization or Part D plan sponsor or applicant to provide administrative services or health care services to a Medicare-eligible individual under the MA program or Part D program.
• Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the MA benefit or Part D benefit, below the level of the arrangement between an MA organization or applicant or a Part D plan sponsor or applicant and a First-Tier Entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.
• Related Entity means any entity that is related to an MA organization or Part D sponsor by common ownership or control and: 1. Performs some of the MA organization or Part D plan sponsor’s management functions under contract or delegation 2. Furnishes services to Medicare enrollees under an oral or written agreement 3. Leases real property or sells materials to the MA organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.

FDR Requirements

We value our partnership with you as an FDR. We also need you to comply with Centers for Medicare & Medicaid Services (CMS) regulations that apply to FDRs. CMS has requirements around:

• Compliance & FWA training
• Code of Conduct distribution
• Exclusion screenings
• Reporting of potential non-compliance and FWA
• Offshore requests
• Oversight and monitoring

Find more information about our FDR requirements in the Devoted Health First Tier, Downstream, and Related Entities (FDR) Compliance Guide. Or keep reading to learn what you should do.

Resources for FDRs

As an FDR, you probably already have your own library of Compliance Policies and Procedures (P&Ps). But just in case, here are our compliance-related policies. They can assist you in developing your own compliance policies and procedures.

• Medicare Compliance Training Policy
• Exclusion-Sanction Screening Policy
• Business Code of Conduct
• Health Insurance Portability and Accountability Act Policy
• Creation, Standardization, and Maintenance of Medicare Compliance Policies
• Compliance Risk Assessment, Auditing, Monitoring and Issue Management Policy
• Fraud, Waste, and Abuse Program

FDRs and attestations

We require all FDRs to sign an annual FDR Attestation. This attestation helps us demonstrate to CMS that we're effectively communicating their requirements, as well as confirming that our FDRs are complying with them. Please use the form:

• FDR Attestation Form

Please note: depending upon the delegation arrangement, additional Attestations may be required.

Complete exclusion, preclusion, and opt-out lists screenings

Federal law prohibits Medicare, Medicaid, and other federal health care programs from paying for items or services provided by a person or entity excluded, precluded, or opted-out from these federal programs. So, before hiring or contracting and monthly thereafter, each FDR must check Federal exclusion, preclusion, and opt-out lists. This will help confirm that your employees and downstream entities aren’t excluded from participating in federally funded health care programs. Use these websites to perform your exclusion list screening:

• General Service Administration (GSA) System for Award Management (SAM)
• Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE)
• Centers for Medicare & Medicaid Services (CMS) Preclusion List
• Centers for Medicare & Medicaid Services (CMS) Medicare Opt Out Affidavits & Provider List

For organizations providing services to our D-SNP members, you must also check State exclusion lists. Each state maintains its own database; however, if the individual or organization you’re screening is excluded in one state, they are considered excluded in all states.

• Your State's Medicaid Exclusion List

Your organization must maintain evidence that you’ve screened against all lists. This includes source documentation such as screenshots, input lists, and/or documentation with date stamps. You must keep logs that track the dates for all screened employees and downstream entities. This will help track exclusion screenings. Also, make sure to keep source documentation.

Perform screenings regularly

The following individuals and entities must be screened before hiring or contracting and then monthly thereafter:

• Employees
• Temporary employees
• Volunteers
• Consultants
• Members of your governing body
• FDRs

To comply with Federal & State requirements, your organization needs to check OIG, GSA, CMS, and State exclusion lists. This will ensure these individuals and entities aren’t excluded.

Take action with those on exclusion lists

If any of your employees or downstream entities are on an exclusion list, you must immediately:

• Remove them from any direct or indirect work on our Medicare plans
• Notify us

You’ll find exclusion list requirements in:

• CMS Medicare Managed Care Manual, chapter 21 § 50.6.8
• CMS Medicare Prescription Drug Benefit Manual, chapter 9
• Social Security Act, § 1862(e)(1)(B)
• Social Security Act, § 1902(kk)
• United States Code of Federal Regulations
  - 42 CFR § 422.503(b)(4)(vi)(F)
  - 42 CFR § 422.752(a)(8)
  - 42 CFR § 423.504(b)(4)(vi)(F)
  - 42 CFR § 423.752(a)(6)
  - 42 CFR § 455.405
  - 42 CFR § 1001.1901

Offshore Approval Request

Devoted is required to notify Government Entities of our FDRs’ use of offshore resources to perform delegated functions. This requirement applies to both your organization’s employees tasked to directly perform the delegated functions, and to downstream entities you have engaged to perform delegated functions (“subcontractors”) on your behalf.

If you intend to directly perform delegated functions offshore and/or subcontract delegated functions offshore, you must first submit the Offshore Approval Request Form and receive approval from us before moving any functions offshore.

Offshore functions are required to be reported annually on the FDR Attestation Form. If any changes in Offshore performance and/or subcontracting occur, please submit a new form via this link.

If you’ll be using or subcontracting delegated functions offshore, you must submit the Offshore Approval Request Form and receive approval from us before moving any functions offshore. 

CMS Regulatory Compliance Program Guidelines

Devoted Health has based our FDR requirements on CMS guidance. In case you'd like to know why we require, below are links to CMS's Compliance Program Guidelines:

• Chapter 21 of the CMS Medicare Managed Care Manual
• Chapter 9 of the CMS Medicare Prescription Drug Benefit Manual

Training

We require our FDRs complete General Compliance and FWA training. If you don't have your own training, these resources may be helpful to you:

• General Compliance Training Course