Cody Consulting Group Inc., (“CODY”) is a first-tier entity that supplies administrative and/or operational services to our clients who are health care plan sponsors. As such, CODY is required by federal regulations to ensure that CODY and our contractor partners are compliant with applicable state and federal regulations. Medicare regulations and CODY client contracts require that we hold our contractors accountable to the same Medicare compliance requirements directed of us.
This guide provides you with important information and tools to meet CMS requirements for FDRs.
The laws and regulations governing Medicare Compliance Program requirements are located in the following:
- Code of Federal Regulations (CFR)
- CMS Medicare Managed Care Manual Chapter 21 (MMCM) Compliance Program Guidelines.
- CMS Medicare Managed Care Manual Chapter 11 (MMCM) Medicare Advantage Application Procedures and Contract Requirements.
FDR Compliance Program Requirements
(MMCM Ch 11 Medicare Advantage Application Procedures and Contracting Requirements Sections 100, 110).
FDRs must comply with applicable laws and regulations, including Medicare Compliance Program requirements. This guide provides a summary of these requirements.
What is an FDR?
(42 C.F.R. §423.501) (MMCM Chapter 21.20, 40)
The Centers for Medicare and Medicaid Services (CMS) defines an FDR as follows:
First Tier Entity: Any party that enters into a written arrangement, acceptable to CMS, with a Medicare Advantage Organization or Part D plan sponsor or applicant to provide administrative services or healthcare services to a Medicare eligible individual under the Medicare Advantage Program or Part D program.
Downstream Entity: Any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the Medicare Advantage benefit or Part D benefit, below the level of the arrangement between a Medicare Advantage Organization or applicant or a Part D plan sponsor or applicant and a first-tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.
Related Entity: Any entity that is related to a Medicare Advantage Organization or Part D sponsor by common ownership or control and:
- Performs some of the Medicare Advantage Organization or Part D plan sponsor’s management functions under contract or delegation; or
- Furnishes services to Medicare enrollees under an oral or written arrangement; or
- Leases real property or sells materials to the Medicare Advantage Organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.
Code of Conduct and Compliance Policies
(42 C.F.R. §§ 422.503(b)(4)(vi)(A), 423.504(b)(4)(vi)(A).) (MMCM CH 21.50.1)
FDRs must provide Standards of Conduct to their employees. You may provide either the CODY Code of Business Conduct and Ethics (“Code of Conduct”) and CODY’s Compliance policies (collectively “Compliance Program Policies”) or you may provide your own comparable Code of Conduct and policies. There may be instances in which CODY’s clients require that CODY and CODY’s contractors must comply with the client’s code of conduct. CODY will notify you if this requirement will apply to you.
CMS Regulations state that you must distribute the Code of Conduct and compliance policies as follows:
- Within 90 days of hire or the effective date of contracting
- When there are updates to the Code of Conduct or compliance policies
- Annually thereafter.
You must retain evidence of your distribution of the Code of Conduct and compliance policies for a period of ten years.
General Compliance and Fraud, Waste and Abuse Training
(42 C.F.R. §§ 422.503(b)(4)(vi)(C), 423.504(b)(4)(vi)(C). (MMCM Ch 21 50.3.2)
CMS requires health plan sponsors to provide general compliance and FWA training to employees, senior administrators, governing body members and FDRs.
The 2019 Final Rule (HPMS Memo dated April 2, 2019) no longer requires that plan sponsors and FDRs must take the CMS-developed General Compliance Training. However, CMS will continue to allow health plan sponsors to require FDRs to provide compliance training to the FDRs’ employees, senior administrators, governing body members and contractors.
CODY believes that general compliance training and FWA training are crucial to the success of the Company, our clients and our business partners. Therefore, CODY will continue to provide general compliance and FWA training to our employees, senior administrators, and governing body members.
CODY will require its business partner subcontractors to provide similar general compliance and FWA training.
As CODY contractor, your organization may provide your own training or you may provide CODY’s training to your employees and contractors engaged in work for a CODY client.
CMS no longer provides a general compliance training but does provide FWA training. This training is located on the CMS Medicare Learning Network (MLN). The MLN is located at: https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/WebBasedTraining.html
Contractors must submit (upon request by CODY or CODY’s clients), a certification of completion of the CMS training, an attestation that the contractor organization has completed the training, or other such documentation as requested.
The training must occur within 90 days of initial hiring or contracting and annually thereafter.
Exclusion List Screening Requirements
(42 C.F.R. §§ 422.503(b)(4)(vi)(F), 422.752(a)(8), 423.504(b)(4)(vi)(F), 423.752(a)(6), 1001.1901). (MMCM CH 126.96.36.199)
Federal regulations prohibit Medicare, Medicaid and other federal healthcare programs from paying for items or services provided by a person or entity excluded from participation in these federal programs.
FDRs must check the Office of the Inspector General (OIG) and General Services Administration (GSA) “Exclusion Lists” to confirm that employees and downstream entities performing services for CODY are not excluded from participating in federally-funded healthcare programs.
CODY’s clients require that we conduct these checks and that we require our contractors to do the same. CODY will perform an exclusion check of our contractors’ business name before final contracting with the contractor and monthly thereafter. CODY requires our contractors to conduct the exclusion checks of their employees and any downstream contractors for the term of the contract.
Use the websites below to perform the required exclusion list screenings:
Exclusion screenings must be conducted as follows:
- Prior to hire and/or contract
- Monthly thereafter
CODY contractors must maintain evidence that exclusion checks have been completed. You may use logs and retain copies of the individual checks.
What to do if one of your employee or sub-contractors is on the Exclusion List:
- Immediately remove the employee/contractor from work directly or indirectly related to CODY.
- Notify the CODY Compliance Program upon discovery.
Conflict of Interest Attestation
42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F); 42 C.F.R. §§ 422.503(b)(4)(vi)(F), 423.504(b)(4)(vi)(F)
CODY expects its employees and contractors to transact business according to the highest ethical standards of conduct. CODY contractors to should avoid any activity, investment, interest or association that interferes or appears to interfere with the independent exercise of judgment in carrying out assigned job responsibilities or with the business interests of CODY.
CODY contractors are required to provide an annual contractor Conflict of Interest attestation to CODY. This will be conducted during the contracting process with CODY.
Reporting FWA and Compliance Concerns to CODY
(42 C.F.R. §§422.503(b)(4)(vi)(D), 423.504(b)(4)(vi)(D)). (MMCM CH 188.8.131.52)
Suspected or detected compliance issues or potential FWA issues that affect a contract with CODY must be reported to the CODY Compliance Program. All employees and contractors must contact CODY to report compliance concerns.
CODY’s contractors must adopt and enforce a reporting policy that includes:
- a zero-tolerance policy that provides assurances of non-retaliation or intimidation against anyone who reports, in good faith, suspected or detected compliance issues;
- the ability for employees/contractors to report issues and concerns in an anonymous manner.
Questions or concerns should be directed to CODY’s Director of Compliance via the following reporting avenues:
- Contact the CODY Hotline at 1-855-900-CODY (2639) ext 208.
Contractors and their employees and sub-contractors may report concerns via the Hotline anonymously. However, if you want the Compliance Officer to return your call, you must leave a number.
- CODY Compliance Reporting Email Address:
- Direct phone call to the CODY Compliance Officer:
Office: 855-990-CODY (2639) ext 201.
- Direct email to the Compliance Officer:
Contractors may also refer to the CODY Code of Conduct which contains these reporting avenues.
FDR Record Retention and Attestation Requirements
(42 C.F.R §425.314) (MMCM CH 184.108.40.206)
Your organization must maintain evidence of your compliance with these Medicare Compliance Program requirements by retaining documentation addressed in this guide and by contract with CODY for a period of ten years. Pursuant to the Medicare requirements, CODY and CODY contractors must maintain books, records, documents, and other evidence of accounting procedures and practices for 10 years from the end date of a contract or the completion date of an audit, whichever is later.
Also, each year, an authorized representative from your organization must attest to your compliance with these requirements described in this guide. The authorized individual is a person who has responsibility directly or indirectly for all:
- Contracted Personnel
- Contractors who provide healthcare and/or administrative services on behalf of CODY for CODY’s clients.
The authorized representative may be your Compliance Officer, Practice Manager/Administrator, an Executive Officer or similar related position.
In addition to completing an attestation, CODY or CODY’s Clients, may request that you provide evidence of your compliance with these Medicare Compliance Program requirements for monitoring and auditing purposes.
Monitoring, Auditing and Required Reporting
(42 C.F.R. §§422.503(b)(40)(vi)(F), 423.504(b)(4)(vi)(F). (MMCM CH 21.50.6)
CMS requires that plan sponsors develop a strategy to monitor and audit their first-tier entities. The CMS regulations and CODY’s client contracts may require that CODY monitor and audit our contractors as well. CODY’s clients will routinely monitor and periodically audit CODY which may include the same of CODY’s contractors.
CODY’s contractors must comply with these Medicare compliance guidelines. Should a CODY client request monitoring and auditing reports, documentation or audit data from a CODY regarding a contractor, the CODY Compliance Officer will notify the contractor to discuss the client’s request.
CODY’s clients may also expect routine reporting from CODY and our contractors. Such reporting will be discussed with the contractor in a timely fashion to comply with client expectations.
Federal and State Compliance Obligations
Based upon the services your organization performs for CODY, you may be subject to other federal and state laws, rules and regulations not described in this guide. If you have questions about Medicare compliance requirements for the services you perform, consult CODY’s Director, Compliance.
Compliance Resource Toolbox
|CODY Code of Conduct||www.codyconsulting.com/about-us|
|FDR Compliance Program Guide||www.codyconsulting.com/about-us|
|Exclusion List Screening||https://exclusions.oig.hhs.gov/
|Reporting Mechanisms||CODY Hotline at 1-855-900-CODY (2639) ext 208.|
You may report thru the Hotline anonymously. However, if you want the Compliance Officer to return your call, you must leave a number.
CODY Compliance Reporting Email Address:
Direct phone call to the Compliance Officer:
Office: 855-990-CODY (2639) ext 201.
Direct email to the Compliance Officer:
|CMS MMCM Chapter 21||https://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/Downloads/mc86c21.pdf|
|CMS MMCM Chapter 11||https://www.cms.gov/Regulations-and-Guidance/Guidance/Manuals/Downloads/mc86c11.pdf|
|Code of Federal Regulations||https://www.gpo.gov/|
|CMS Medicare Learning Network||https://www.cms.gov/Outreach-and-Education/Medicare-Learning-Network-MLN/MLNProducts/WebBasedTraining.html|