How To Build Your Own Compliance Program

What It Means to Be a Downstream Entity

If you have non-agent employees or downline agents, you are what CMS calls a downstream entity. You have to meet carrier First-Tier, Downstream, and Related Entity (FDR) requirements to be compliant. All FDRs have to build and maintain a compliance program, and you will need to take this seriously—CMS and plan sponsors can visit your business to conduct compliance audits. 

To build an effective compliance program, you will need: 

  • written policies and procedures; 
  • a compliance officer and committee; 
  • training and education; 
  • effective lines of communication; 
  • well-publicized disciplinary standards; 
  • routine monitoring and identification of risk; and 
  • a system for prompt response to issues.

How to Build Your Own Compliance Program

To start putting together your compliance program, you will need to designate a competent compliance officer. This will be someone who oversees the program from development to monitoring. Your compliance officer will train and educate your employees on compliance, track their compliance and investigate compliance matters. Choose someone who you trust to see that necessary corrective action is carried out.

Draft a set of policies and procedures that are compliant with the rules and regulations of your state, CMS, and your carriers. They guide all actions and conduct within your organization, and describe the expectations for your employees.

You also need a Code of Conduct, which you can model after your carrier’s. If you have multiple carriers, you will find it easier to draft your own following those requirements.

Maintaining Compliance

Once you have developed your policies and procedures and your Code of Conduct, you will need to distribute these to your non-agent employees and contractors. Going forward, have them sign these documents within 90 days of hire and re-sign every year. Keep the signed documents for 10 years.

Your employees need to complete required trainings. Give them the CMS Medicare Parts C & D Fraud, Waste, & Abuse and General Compliance Training, which you can find at www.cms.gov. Have your non-agent employees and contractors complete these within 90 days of hire and every year after, then keep proof of completion for 10 years. 

Before you hire anyone, check that they are not on the OIG and GSA excluded parties’ lists. After hire, check monthly. If any of your employees show up on these lists, you need to remove them from any interaction with Medicare Advantage or Prescription Drug Plans. Keep the printed results of these searches for 10 years.

Part of maintaining compliance is communicating effectively with your downline agents. Keep them up to date on compliance issues and communicate changes. Provide training and support and someone to go to with compliance questions. Make it simple for your employees and contractors to be proactive, but do your part by monitoring their activity through the compliance officer.