Establishing and maintaining a well-designed compliance program is key to preventing, detecting, and mitigating noncompliance. The seven elements of an effective compliance program outlined in the Federal Sentencing Guidelines, adopted by the Office of Inspector General (OIG),  sets the framework but there are additional requirements that need to be integrated into the compliance program in order to be effective. CMS requires Medicare Advantage Plan (Part C) sponsors and Medicare Prescription Drug Plan (Part D) sponsors to follow certain compliance program requirements as part of their contract. Moreover, plan sponsors are responsible for ensuring First Tier, Downstream and Related Entities (FDR) also comply with these program requirements. As a result of the FDR relationship, many healthcare providers must submit attestations and/or certifications of compliance to their third-party payors as evidence of their compliance efforts. Understanding where these requirements originate will enable healthcare providers to customize an efficient in-house compliance program that meets all needs.

FDR Defined

First Tier Entity – A party that enters into a written arrangement with a Medicare Advantage Organization or Part D plan sponsor or applicant to provide administrative services or health care services to a Medicare-eligible individual.

Downstream Entity – A party that enters into a written arrangement with a First Tier entity for the provision of administrative services or health care services to a Medicare eligible individual.

Related Entity – An entity that is related to a Medicare Advantage Organization or Part D sponsor by common ownership or control and 1) performs management functions under contract or delegation, 2) furnishes services to Medicare enrollees under an oral or written agreement, or 3) leases real property or sells materials to the Medicare Advantage Organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.

See 42 CFR §§ 422.500 and 423.501.

FDR Compliance Requirements

CMS outlines the Medicare program requirements in Chapter 21 of the Medicare Managed Care Manual and Chapter 9 of the Prescription Drug Benefit Manual. The main requirements third party payors pass on to healthcare providers include the following:

• Distribute written compliance policies and procedures to workforce
• Distribute code of conduct to workforce
• Provide workforce with CMS General Compliance Training and Fraud, Waste, and Abuse Training within 90 days of initial hire and annually thereafter
• Maintain system to receive, respond to and track questions or reports of suspected or detected noncompliance or potential fraud, waste and/or abuse.
• Conduct exclusion screening on employees and vendors at hire and on a monthly basis
• Identify offshore functions
• Retain documentation of all compliance/training efforts

Upcoming Changes

CMS recently issued a Final Rule  that reduces compliance training requirements for FDRs. Beginning January 1, 2019, Part C and D plan sponsors will no longer need to ensure FDRs are completing CMS General Compliance Training and Fraud, Waste, and Abuse Training.

This change arises from providers being subjected to multiple plan sponsors training program requirements, creating administrative burden and inefficiencies in the compliance program training and education element. According to CMS “[plan sponsor] compliance programs are very well established and have grown more sophisticated since their inception,” allowing them to remove this requirement.

With this change, plan sponsors will still be required to develop an effective oversight structure for their FDRs and must still continue to monitor and audit FDRs. CMS will confirm compliance efforts by conducting audits of plan sponsors. Therefore, whether FDRs will be completely relieved of these training requirements or whether providers will be subject to modified training requirements as part of the plan sponsor contract will be determined by each plan sponsor.

Compliance Program Management

In order to meet federal requirements along with payor requirements, it is essential for providers to have a comprehensive compliance program. Without this the risk of breach of payor contracts and moreover government investigations and civil and criminal fines increases.

Incorporating appropriate software tools into your compliance strategy will help streamline processes and serve as your first line of defense against these significant risks areas.  First Healthcare Compliance’s cloud-based software offers solutions to fit your organization. Contact us today for a quick demonstration of our compliance management software solution.