Medicare Advantage FDR Compliance

Quartz has contracts with the Centers for Medicare and Medicaid Services (CMS) to provide services under Medicare Advantage and Part D programs to Medicare beneficiaries. Quartz Medicare Advantage delegates some of the administrative and health care services it is required to perform under these contracts to external delegated entities. CMS refers to these delegated entities as First Tier, Downstream and Related Entities (FDRs). FDRs are an important part of the Quartz Medicare Advantage and Part D programs and are required to fulfill certain Medicare compliance program requirements – some of which are highlighted below.

Requirements for FDRs

Quartz is committed to operating a health plan that meets the requirements of all the applicable regulations of the Medicare Advantage and Part D programs. CMS requires Medicare Advantage plans to ensure any FDRs which the provision of administrative or health care services are delegated are also in compliance with applicable laws and regulations.

FDRs must also ensure their Downstream Entities they use for our product comply with Medicare compliance program requirements, applicable laws and regulations. Oversight of FDRs is a CMS requirement for all Medicare Advantage and Part D sponsors. If you or your organization is contracted with Quartz Medicare Advantage for participation in our network, you are considered an FDR under CMS guidelines.

What is an FDR?

FDR stands for first tier, downstream or related entities. If you perform administrative or health care services on behalf of Quartz’s Medicare Advantage business, then you are an FDR.

Quartz defines FDRs according to CMS’s current definitions:

  • A First Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with a Medicare Advantage Organization (MAO) or Part D plan sponsor or applicant to provide administrative or health care services to a Medicare eligible individual under the Medicare Advantage (MA) program or Part D program.
  • A Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the MA benefit or Part D benefit. These persons or entities are involved with the MA benefit or Part D benefit, and are below the level of the arrangement and between the following:
    • An MAO or applicant
    • A Part D plan sponsor or applicant
    • A first tier entity

These arrangements continue down to the level of the ultimate provider of both health and administrative services.

  • A Related Entity is any party that is related to a MAO or Part D sponsor by common ownership or control and:
    • Performs some of the MAO or Part D plan Sponsor’s management functions under contract or delegation.
    • Furnishes services to Medicare enrollees under an oral or written agreement.
    • Leases real property or sells materials to the Medicare Advantage Organization or Part D plan Sponsor at a cost of more than $2,500 during a contract period.

For more information, review 42 CFR §§ 422.500 and 423.501 (by clicking on these links, you will leave the Quartz Medicare Advantage website).

Health care service examples include:

Physicians, hospitals, dentists, and other provider types such as vision and dental providers who are contracted with Quartz to provide health care services to our Medicare Advantage members.

Administrative service examples include:

Claims processing, credentialing, utilization management, sales agents contracted to market and sell our Medicare Advantage products, any vendor that provides administrative services for our Medicare Advantage members and delegated entities contracted to make decisions on our behalf for our Medicare Advantage members.

FDR Compliance Program and Annual Attestation Requirements

Quartz obtains an annual attestation from its FDRs to ensure comply with applicable CMS compliance program requirements. An authorized individual from each FDR must attest each calendar year that their organization and any of its Downstream and/or Related Entities are in compliance with requirements relating to the following:

  • Completion of general compliance, fraud, waste, and abuse (FWA) training
  • Distribution of a Code of Conduct or compliance policies
  • Completion of Office of Inspector General (OIG) and General Services Administration (GSA) System for Award Management (SAM) exclusion list screenings
  • Make employees aware of reporting mechanisms
  • Report and request permission to use offshore operations
  • Maintain record retention for 10 years
  • Report Fraud, Waste, and Abuse (FWA) and compliance concerns to Quartz
  • Monitoring and auditing of first tier, downstream and related entities

Each calendar year, Quartz notifies FDRs via email of the deadline to submit the annual attestation.

If FDRs fail to submit a satisfactory attestation by the deadline or fail to satisfy any Medicare compliance program requirements, it may lead to the development of a corrective action plan; retraining; or other contractual remedies (e.g., contract termination).

Quartz also conducts routine auditing and monitoring of its FDRs to further ensure their compliance. FDRs are required to cooperate and participate in these activities, which may, for example, require the FDR to produce evidence that supports the attestation.

General Compliance and FWA Training

As a Quartz FDR, you must provide general compliance and FWA training to all applicable employees including temporary employees, volunteers, governing board members, and downstream entities assigned to provide administrative and/or health care services for Quartz’s Medicare Advantage business.

CMS no longer requires FDRs to complete its Medicare Parts C and D General Compliance and Combating Medicare Parts C and D Fraud, Waste, and Abuse Training. Instead, to comply with this requirement, FDRs may use their own version of general compliance and FWA training specific to their organization’s needs, or complete the CMS standardized general compliance module from 2019 and the CMS standardized FWA Training Module bulleted below:

Training timing
Required education and training must be completed within 90 days of initial hire or the effective date of contracting, when there are material updates; and annually after that.

Record retention requirements

FDRs are required to maintain records of general compliance and FWA training and education taken by employees for a minimum of 10 years. Evidence of completion may be in the form of certificates, attestations, employee training logs or other means determined by the FDR to best represent fulfillment. If training logs or standardized reports are utilized, they must include:

  • Employee names
  • Date of hire
  • Name of training topic
  • Dates of completion
  • Test score (if captured)

Training applicability

The entire staff is not necessarily subject to the requirement. CMS has provided examples of the critical roles within an FDR that should clearly be required to fulfill the training requirements:

  • Senior administrators or managers directly responsible for the FDR’s contract with the Sponsor (e.g., Senior Vice President, Departmental Managers, Chief Medical or Pharmacy Officer);
  • Individuals directly involved with establishing and administering the Sponsor’s formulary and/or medical benefits coverage policies and procedures;
  • Individuals involved with decision-making authority on behalf of the Sponsor (e.g., clinical decisions, coverage determinations, appeals and grievances, enrollment/disenrollment functions, processing of pharmacy or medical claims);
  • Reviewers of beneficiary claims and services submitted for payment; or,
  • Individuals with job functions that place the FDR in a position to commit significant noncompliance with CMS program requirements or health care FWA.

If you have questions about which employee positions within your organization should be required to take the training, please contact Quartz’s Compliance Team at [email protected].

Who doesn’t need to complete the training?

FDRs are not exempt from general compliance training requirements. The only exception to the training requirement is if you are deemed to have met the FWA education and training requirements through one or both of the following:

  • Enrollment in Parts A or B of the Medicare program
  • Accreditation as a Durable Medical Equipment, Prosthetics, Orthotics, and Supplies (DMEPOS) supplier

FDRs who are deemed to have met the FWA training requirements, will need to provide Quartz proof of deemed status.

Code of Conduct and Compliance program policy distribution

As a Quartz FDR, you must provide our Code of Conduct and our compliance policies (or a document of your own that is comparable to both of these documents) to your employees and downstream entities. If you choose to provide your own comparable version, it must describe your commitment to compliance with federal and state laws, expectations that employees conduct themselves in an ethical manner and compliance program operations. FDRs must be able to show proof that they provided the code of conduct. FDRs must provide these documents:

  • Within 90 days of hire or the effective date of contracting
  • When there are updates to the code of conduct
  • Annually thereafter

OIG and GSA SAM exclusion list screening

Federal law prohibits Medicare and other federal health care programs from paying for items or services provided by an individual or entity excluded from participation in these federal programs. Therefore, before hiring or contracting and monthly thereafter, each FDR must check the exclusion lists from the OIG List of Excluded Individuals and Entities (LEIE) and GSA SAM. The following individuals and entities must be screened prior to hiring or contracting and then monthly thereafter: employees, temporary employees, volunteers, consultants, governing board members, and FDRs.

Completing these screenings will confirm your employees and downstream entities aren’t excluded from participating in federally funded health care programs.

FDRs should use these websites to perform their exclusion list screenings:

FDRs must maintain evidence/source documentation that they have screened against both exclusion lists for a minimum of 10 years.

If an FDR discovers an employee or Downstream Entity on one of these exclusion lists, it must immediately remove the employee or Downstream Entity from work directly or indirectly related to Quartz’s Medicare Advantage plans and send an email notification to [email protected].

Reporting FWA and compliance concerns to Quartz

Reporting is vital in the prevention, detection, and correction of noncompliance and FWA. Quartz has safeguards in place that protects any individual who reports a concern in good faith from retaliation. FDRs are expected to have safeguards in place as well.

If any FDR or FDR employee knows of, or suspects, an issue of noncompliance or potential FWA, they are required to report the incident to Quartz. There are a number of ways to report suspected or detected noncompliance or potential FWA. Resources are available through Quartz’s Compliance Reporting Poster found under “FDR Resources”. All reports are confidential. Quartz encourages its FDRs to publicize this reporting poster throughout their organization.

Monitoring and auditing

FDRs are expected to have monitoring and auditing procedures in place to ensure compliance with all applicable laws and regulations. Also, if an FDR subcontracts with other individuals or entities to provide administrative and/or health care services, it is responsible for monitoring and auditing these Downstream Entities to ensure they comply with all laws and regulations that apply to the First Tier Entity.

If you have questions or concerns about any of these requirements, contact our Compliance Team at [email protected].

Record retention requirement

FDRs are required to retain all Medicare documentation and maintain evidence for at least 10 years. This includes any documentation related to services the FDR performs for Quartz Medicare Advantage, including documentation related to:

  • General Compliance and FWA training certificates, attestations, or employee logs
  • Code of Conduct or compliance policy distribution and updates
  • OIG and GSA SAM exclusion screenings
  • Reports of and responses to suspected noncompliance and/or fraud, waste, or abuse
  • Auditing and monitoring activities

Offshore business

The term “offshore entity” refers to an individual or entity physically located outside the United States or one of its territories (American Samoa, Guam, Northern Marianas, Puerto Rico, and Virgin Islands). Examples of countries that meet the definition of “offshore entity” include Mexico, Canada, India, and Philippines.

Offshore services mean the offshore entity will or may receive, process, transfer, handle, store, or access the PHI, in either oral, written, or electronic form, of Quartz Medicare Advantage members.  If your offshore activities involve PHI, we are required to provide CMS with specific offshore subcontractor information and complete an attestation regarding protection of member PHI.

To help make sure Quartz complies with applicable federal and state laws, rules and regulations, FDRs are required to notify Quartz in advance of their intent to use an offshore subcontractor(s) or before employing offshore staff for a function Quartz has asked the FDR to perform. You will be required to complete a Quartz Medicare Advantage Offshore Services Attestation found under the “FDR Resources” and submit to Quartz. FDRs must obtain approval from Quartz prior to use of an offshore subcontractor. An authorized Compliance team representative will review the request and will respond in writing. FDRs who already use an offshore entity, should tell Quartz right away.

We're here for you.

Thanks for choosing Quartz Medicare Advantage. If you have questions or need support, your local Quartz Champion is here for you.