Sponsors and their first‑tier, downstream, and related entities must implement and maintain an effective compliance program that prevents, detects, and corrects noncompliance and fraud, waste, and abuse. The program must include the following core elements:
Maintain written policies, procedures, and standards of conduct that articulate the organization's commitment to Federal and State standards; describe compliance expectations; implement the operation of the compliance program; provide guidance to employees on potential compliance issues; identify how to communicate issues to compliance personnel; describe how suspected, detected, or reported issues are investigated and resolved; and include a non‑intimidation and non‑retaliation policy for good‑faith participation.
Designate a compliance officer and a compliance committee with direct accountability to the sponsor's CEO or other senior management; the compliance officer must be an employee of the sponsor, parent organization or corporate affiliate (not an FDR); the compliance officer and committee must periodically report to the governing body on compliance activities; and the governing body must exercise reasonable oversight of the compliance program.
Provide effective training and education to employees (including CEO, senior administrators/managers, temporary workers, and volunteers), governing body members, and FDRs. General compliance and FWA training must be provided within 90 days of initial hiring/contracting and at least annually thereafter. Sponsors must ensure general compliance information is communicated to FDRs. Note: FDRs enrolled in Medicare or accredited as DMEPOS are deemed to have met FWA certification requirements but still must complete general compliance training.
Establish effective, confidential lines of communication and a system to receive, record, respond to and track compliance reports and questions from employees, governing body members, enrollees, and FDRs. Reporting mechanisms must be user‑friendly, easy to access, available 24 hours a day, and sponsors must educate enrollees on identifying and reporting potential FWA.
Implement well‑publicized disciplinary standards and procedures that encourage good‑faith participation, articulate expectations for reporting, identify noncompliance or unethical behavior, and provide timely, consistent, and effective enforcement when violations are determined.
Establish and implement an effective system for routine monitoring, auditing, and identification of compliance risks, including baseline risk assessments and audits of sponsor operational areas and those of first‑tier entities, to test and confirm compliance with Medicare regulations, guidance, contracts, and applicable law.
Implement procedures and a system for prompt response, investigation, correction, and remediation of compliance issues identified through self‑evaluations, monitoring, or audits. This includes conducting timely, reasonable inquiries into suspected misconduct related to payment or delivery of services, taking corrective actions such as repayment of overpayments and disciplinary actions, and having procedures to voluntarily self‑report potential fraud or misconduct to CMS or its designee.
Screen entities and individuals against the OIG LEIE and GSA/SAM prior to hire or contracting and on a monthly basis thereafter; do not conduct business with debarred or excluded parties.
Maintain documentation and proof from FDRs (for example, attestations and copies of training logs) demonstrating compliance with training and communication requirements.