Inovaare is proud to be the Diamond Sponsor of the 2024 HICE Annual Conference. We look forward to engaging with you in Indian Wells this December!

HITRUST
FDR Oversight Audit and Compliance Monitoring FDR Oversight Audit and Compliance Monitoring

FDR Oversight – Turning Policy & Procedure into Practice

Health plans (collectively, “plan sponsors”) that contract with the Centers for Medicare & Medicaid Services (CMS) to provide health services to eligible Medicare beneficiaries are responsible for legal, contractual, and fiduciary obligations whether performed by the plan or those to whom the company delegates those obligations. When these functions are delegated to external entities, oversight of their performances is not optional. CMS refers to delegated entities as First Tier Entity[1], Downstream Entity[2], or Related Entity[3] (FDR). The Common Conditions, Improvement Strategies, and Best Practices report for FDR Oversight released on August 27, 2014[4][5] cited

“Sponsor lacked sufficient resources to implement a compliance program in accordance with CMS requirements, particularly related to FDR oversight.”

FDR Oversight challenges faced by healthcare organizations

A consistent finding has been the lack of a coordinated FDR oversight program by the plan sponsor, without which plan sponsors may not be able to efficiently perform their oversight activities.

An effective delegation oversight program begins with correctly identifying the FDRs[6] and a pre-delegation audit to assess risks associated with the entity to be contracted as an FDR. Subsequent audits can be prioritized on the basis of risk potential. Systematic audits and performance review are to validate the pre-delegation audit results and to ensure continuous compliance within the areas of Credentialing, Sales and Marketing, Claims Processing, Utilization Management, Quality Improvement and other delegated administrative and health services functions.

To learn more about our industry-leading Delegation Oversight solution, download the product overview..

An effective audit tool can categorize various elements as Requirements (as in regulations), Expectations (per CMS guidance) and Best Practices (suggested by CMS) so that at a minimum, compliance requirements are met consistently. The tool should also risk stratify the different areas for prioritization. Table below shows some examples of the aforementioned categories.

When[7]Must (statutory/regulatory requirements)Should (expectations created by guidance)Best Practices (recommendations by CMS)
At the time of contracting with the FDR, annually thereafterCredentialing and re-credentialing of providers  
At the time of contracting with the FDR, monthly thereafterValidation of providers against the Exclusion Lists[8]  
Within 90 days of hiring and annually thereafterEffective training and education, general compliance training of FDR employees  
At the time of contracting and annually thereafter Policies & Procedures for evaluation of administrative and fiscal capacity to perform delegated functions.[9] 
At the time of contracting and annually thereafter Financial control to avert insolvency and to prevent inappropriate beneficiary billing 
At the time of contracting and annually thereafter[10] PBM audit (PBM internal audit reports on FWA, claims processing, rebates, drug pricing) 
At the time of contracting and annually thereafter  FDR’s internal audit work plan and monitoring results including payment reports, utilization management reports for health services and drugs
At the time of contracting  Quality of care standards or guidelines
Annually  Prepare universes for CMS program audits

Inovaare has delegation oversight, audit and compliance solutions to support your FDR activities by:

  • Delivering real-time audit statuses
  • Lowering audit backlog, efforts and timelines
  • Helping health plans with a culture of compliance

Give us a call today to explore how we may be able to support your needs and your healthcare organization’s compliance processes.


[1] First Tier entity is any party that enters into a written arrangement, acceptable to CMS, with a plan sponsor to provide administrative services or health care services for a Medicare eligible beneficiary,

[2] Downstream entity is any party that enters into a written arrangement, acceptable to CMS, below the level of the arrangement between a plan sponsor and a first tier entity.

[3] Related entity is any entity related to the plan sponsor by common ownership or control and (1) Performs some of the plan sponsor’s contractual services to Medicare beneficiaries; or (2) Leases real property or sells materials to the plan sponsor at a cost of more than $2,500 during a contract period.

[4] 2013 Common Findings, Best Practices Memo.pdf

[5] FDR Operations Oversight has been part of the CPE audit protocol since 2010

[6] A list of FDR is required for submission to CMS for a program audit

[7] The FDR should complete the tasks and submit results to the plan sponsor

[8] Published by the Office of Inspector General and General Services Administration through System for Award Management

[9] Medicare Managed Care Manual Chapter 11 Section 110.4

[10] Plan sponsors delegate multiple functions to a pharmacy benefit manager, sponsor can rotate functional areas annually

For more details, please contact us at info@inovaare.com or 408-850-2235