Compliance toolkit
Our commitment
Security Health Plan of Wisconsin, Inc., a part of Marshfield Clinic Health System, is a not-for-profit health maintenance organization. We are committed to improving members' health, managing health care costs and providing them with a high-quality health care experience.
Our history in helping members obtain affordable health care costs goes back to 1971 when we were founded as the Greater Marshfield Community Health Plan, the first health maintenance organization (HMO) in Wisconsin, and the first rural HMO in the nation. The health plan became Security Health Plan in 1986.
Compliance resources
Hotline Poster
Compliance Program
Standards of Conduct
Standards of Conduct Policy
Fraud, Waste and Abuse Policy
Combating Medicare Parts C and D Fraud, Waste and Abuse training
Records Retention Policy
Records Retention Table
Restraint Policy
Conflict of Interest Policy
OIG Compliance Training Video
OIG/SAM Check Steps
Fraud, Waste and Abuse form
National CLAS Standards Checklist
Our program
Our compliance program helps to ensure honesty and integrity by also:- guaranteeing we comply with applicable laws, rules and regulations
- reducing or eliminating fraud, waste and abuse (FWA)
- ensuring proper training
- creating open lines of communication between our FDRs and Security Health Plan
Security Health Plan prohibits intimidation, retaliation or other abuse of any kind against individuals who have made good faith reports or complaints of violations of the Code of Conduct or other known or suspected illegal or unethical conduct.
What is an FDR?
Security Health Plan defines FDRs according to the current Centers for Medicare and Medicaid Services (CMS) definitions, per 42 CFR§§422.500 and 423.501:
First Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with a Medicare Advantage Organization or Part D plan sponsor or applicant to provide administrative services or health care services to a Medicare-eligible individual under the Medicare Advantage program or Part D program.
Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the Medicare Advantage benefit or Part D benefit, below the level of the arrangement between a Medicare Advantage Organization or applicant or a Part D plan sponsor or applicant and a first-tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.
Related Entity is any party that is related to a Medicare Advantage Organization or Part D sponsor by common ownership or control and: a) performs some of the Medicare Advantage Organization or Part D plan sponsor’s management functions under contract or delegation; b) furnishes services to Medicare enrollees under an oral or written agreement; or c) leases real property or sells materials to the Medicare Advantage Organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.
FDR compliance program and requirements
Security Health Plan obtains an annual attestation from its first-tier entities to ensure its FDRs are in compliance with applicable compliance program requirements. These requirements not only apply to our Medicare Advantage FDRs but also to those contracted with our Federally-facilitated Exchange (FFE, also referred to as FFM/ACA) and Medicaid-BadgerCare Plus products. An authorized individual from each first-tier entity must attest that its organization and any of its Downstream and/or Related Entities are in compliance with requirements relating to the following:- completion of CMS’ general compliance and fraud, waste and abuse (FWA) training
- distribution of the Code of Conduct and compliance policies and maintaining record of distribution
- federal exclusion list screenings (OIG/GSA) and maintaining record of timely checks against those lists
- the availability of a system to receive reports of suspected non-compliance and/or FWA that is confidential, allows anonymity, and includes policies of non-retaliation
- record retention for 10 years
- auditing and monitoring and oversight of Downstream and/or Related Entities
- identification of offshore operations
Security Health Plan also conducts routine auditing of its first-tier entities to further ensure their compliance. FDRs are required to cooperate and participate in these activities, which may, for example, require the first-tier entity to produce evidence that supports the audit.
If Security Health Plan’s FDRs fail to submit a satisfactory audit/attestation by the deadline or fail to satisfy any compliance program requirements, such failures may lead to a corrective action plan including contract termination.
Privacy and security information
The U.S. Department of Health and Human Services (DHHS) has provided three resources to help you understand your responsibility to protect privacy.
Call our privacy number 866-339-0289.
Privacy resources
Guide to Privacy and Security of Electronic Health Information
Summary of the HIPAA Privacy Rule
Summary of the HIPAA Security Rule
Compliance Training
Compliance training is required to be completed via Learning Connection (Learning Management System) for contracted business associates upon hire and annually for the Security Health Plan Board of Directors. Below are links to the log on page and the reference guide.
Learning Connection Log In
Learning Connection External User Reference Guide