4. CMS Compliance Program Requirements

First-tier, downstream and related entities (FDRs) 

Medicare compliance program requirements

Dean Health Plan has contracts with the Centers for Medicare and Medicaid Services (CMS) to administer Medicare benefits to Medicare beneficiaries.

We delegate some of the administrative and health care services we are required to perform under these contracts to external entities.

CMS refers to these entities as First-tier, downstream and related entities (FDRs). CMS requires that FDRs comply with certain Medicare compliance program requirements — some of which are summarized below. 

What is an FDR?

We define FDRs according to CMS current definitions:

First-tier entity is any party that enters into a written arrangement, acceptable to CMS, with a Medicare Advantage Organization or Part D plan sponsor or applicant to provide administrative services or healthcare services to a Medicare eligible individual under the Medicare Advantage program or Part D program.

Additional resources

Downstream entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the Medicare Advantage benefit or Part D benefit, below the level of the arrangement between a Medicare Advantage Organization or applicant or a Part D plan sponsor or applicant and a first tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.

Related entity is any party that is related to a Medicare Advantage Organization or Part D sponsor by common ownership or control and: a) performs some of the Medicare Advantage Organization or Part D plan Sponsor’s management functions under contract or delegation; b) furnishes services to Medicare enrollees under an oral or written agreement; or c) leases real property or sells materials to the Medicare Advantage Organization or Part D plan Sponsor at a cost of more than $2,500 during a contract period. 

Compliance program requirements

We obtain an annual attestation from FDRs to ensure they are in compliance with applicable compliance program requirements. An authorized individual from each first-tier entities must attest that its organization and any of its downstream and/or related entities are in compliance with requirements relating to the following:

  • Code of conduct and compliance policies
  • CMS’ fraud waste and abuse (FWA) and general compliance training
  • OIG/GSA exclusion screenings
  • Reporting non-compliance and FWA
  • Offshore operations
  • Auditing and monitoring
  • Maintenance of documentation to support the attestation for at least 10 years


Each year, Dean notifies FDRs via email of the deadline to submit the annual attestation and the availability of the attestation on this site. We may accept an FDR-created attestation as long as the attestation is sufficiently similar to our attestation.

We also conduct routine auditing and monitoring of our first-tier entities to further ensure their compliance. FDRs are required to cooperate and participate in these activities, which may, for example, require the first-tier entities to produce evidence that supports the attestation.

If our FDRs fail to submit a satisfactory attestation by the deadline or fail to satisfy any Medicare compliance program requirements, such failures may lead to a corrective action plan or other contractual remedies (e.g., contract termination).

Reporting known or suspected non-compliance or fraud, waste and abuse

Any FDR or employee of an FDR that knows of or suspects non-compliance, or fraud, waste and abuse are required to report the incident to us as soon as possible.  

Non-Compliance Reporting:

Fraud, Waste, and Abuse Reporting:

Use our form to report insurance fraud

If you have questions or concerns about any of these requirements, contact compliancedetectionandcorrection@medica.com or to our Medicare Compliance Officer, Milly Koranteng.