Monitoring and Auditing of FDRs
Community Care monitors and audits the activities of FDRs to ensure compliance with Medicare Parts C and D program requirements. First-Tier Entities that subcontract with other individuals or entities to provide administrative or health services are responsible for ensuring their downstream entities comply with all Medicare Parts C and D requirements. Monitoring and auditing activities may include review of the following elements:
Training
As a FDR, your organization is responsible for providing FWA and General compliance training to all your employees (including temporary workers and governing body members) and Downstream entities that provide administrative and/or health care services on Community Care’s contract. This training must be formally conducted within 90 days of initial contract/employment and annually thereafter. FDRs must be able to demonstrate that their employees and Downstream entities have fulfilled this training requirement. Each FDR is responsible for designing and conducting their own FWA and General compliance training.
Code of Conduct -
Your organization must provide either Community Care’s Code of Conduct or your own comparable Code of Conduct to all applicable employees and Downstream Entities who provide administrative and/or health care services for our Medicare lines of business. The Code of Conduct must contain all the elements set forth in Section 50.1 and subsections of the Medicare Managed Care Manual, Chapter 21. You must distribute the Code of Conduct:
- Within 90 days of hire or the effective date of contracting
- When there are updates to the Code of Conduct
- Annually thereafter
You must retain evidence of your distribution of the Code of Conduct.
You can find Code of Conduct requirements in:
- 42 C.F.R. § 422.503 (b) (4) (vi) (A)
- 42 C.F.R. § 423.504 (b) (4) (vi) (A)
- Medicare Managed Care Manual Chapter 21 § 50.1
Communication and Reporting Mechanisms
If FDRs know, or suspect, an issue of noncompliance or Fraud, Waste, or Abuse involving Community Care’s members, they must report the incident to Community Care. These issues can be reported by:
- Contacting Community Care’s Compliance Department by calling 866-992-6600;
- Calling the Ethics and Compliance Hotline anonymously 24 hours a day at (262) 207-9440;
- Completing the Compliance Inquiry form online at www.communitycareinc. org; or
- Emailing the Compliance Department at [email protected].
You must adopt, maintain, and enforce a zero-tolerance policy for retaliation or intimidation against anyone who reports suspected noncompliance and FWA.
You can find information about reporting noncompliance and FWA in:
- 42 C.F. R. § 422.503 (b) (4) (vi) (D)
- 42 C.F. R. § 422.504 (b) (4) (vi) (D)
- Medicare Managed Care Manual Chapter 21 § 50.4
OIG/GSA Exclusion and Debarment Screenings
Federal law prohibits Medicare health care programs from paying for items or services provided by an individual or entity excluded from participation in federal health care programs. Therefore, before hiring or contracting, and monthly thereafter, each FDR must check exclusion lists from the Office of Inspector General (OIG) and General Administration Services (GSA). These exclusions list are located at the following websites:
You can find information about OIG/GSA exclusion and debarment screenings requirements in:
- The Social security Act § 1862 (e) (1) (B)
- 42 C.F.R. § 422.503 (b) (4) (vi) (F)
- 42 C.F.R. § 422.752 (a) (8)
- 42 C.F.R. § 423.504 (b) (4) (vi) (F)
- Medicare Managed Care Manual Chapter 21 § 50.6.8
Offshore Subcontracting
Because of the unique risks associated with using contractors operating outside the United States or one of its territories (i.e., American Samoa, Guam, Northern Marianas, Puerto Rico and Virgin Islands), CMS requires Medicare Advantage Organization (MAOs) to take extra measures to ensure offshore contractors protect members’ protected health information (PHI). Specifically, CMS is concern with offshore subcontractors that receive, process, transfer, handle, store, or access members’ PHI. If a first-tier entity contracts with an offshore subcontractor, and provides that subcontractor with members’ PHI, the first-tier entity must report it to Community Care immediately.
Record Retention and Record Availability
FDRs must agree to audits and inspections by Community Care, CMS and/or its designees. They must cooperate, assist, and provide information as requested. Documentation and records needed to meet program requirements (i.e., Medicare Parts C and D) must be maintained for 10 years, including but not limited to attendance records, training certificates, and any other documents that demonstrate compliance with program requirements.
Attestations
Each year an authorized representative from your organization must attest to your compliance with the Medicare compliance program requirements described in this guide. An authorized representative is an individual who has authority to act on behalf of your organization. This individual could be a compliance officer, chief medical officer, practice manager/administrator, an executive officer, or a similar position.