Our program

• guaranteeing we comply with applicable laws, rules and regulations
• reducing or eliminating fraud, waste and abuse (FWA)
• ensuring proper training
• creating open lines of communication between our FDRs and Security Health Plan

Security Health Plan prohibits intimidation, retaliation or other abuse of any kind against individuals who have made good faith reports or complaints of violations of the Code of Conduct or other known or suspected illegal or unethical conduct.

What is an FDR?

Security Health Plan defines FDRs according to the current Centers for Medicare and Medicaid Services (CMS) definitions, per 42 CFR§§422.500 and 423.501:

First Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with a Medicare Advantage Organization or Part D plan sponsor or applicant to provide administrative services or health care services to a Medicare-eligible individual under the Medicare Advantage program or Part D program.

Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the Medicare Advantage benefit or Part D benefit, below the level of the arrangement between a Medicare Advantage Organization or applicant or a Part D plan sponsor or applicant and a first-tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.

Related Entity is any party that is related to a Medicare Advantage Organization or Part D sponsor by common ownership or control and: a) performs some of the Medicare Advantage Organization or Part D plan sponsor’s management functions under contract or delegation; b) furnishes services to Medicare enrollees under an oral or written agreement; or c) leases real property or sells materials to the Medicare Advantage Organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.

FDR compliance program and requirements

• completion of CMS’ general compliance and fraud, waste and abuse (FWA) training
• distribution of the Code of Conduct and compliance policies and maintaining record of distribution
• federal exclusion list screenings (OIG/GSA) and maintaining record of timely checks against those lists
• the availability of a system to receive reports of suspected non-compliance and/or FWA that is confidential, allows anonymity, and includes policies of non-retaliation
• record retention for 10 years
• auditing and monitoring and oversight of Downstream and/or Related Entities
• identification of offshore operations

Security Health Plan also conducts routine auditing of its first-tier entities to further ensure their compliance. FDRs are required to cooperate and participate in these activities, which may, for example, require the first-tier entity to produce evidence that supports the audit.

If Security Health Plan’s FDRs fail to submit a satisfactory audit/attestation by the deadline or fail to satisfy any compliance program requirements, such failures may lead to a corrective action plan including contract termination.

Privacy and security information

The U.S. Department of Health and Human Services (DHHS) has provided three resources to help you understand your responsibility to protect privacy.

Call our privacy number 866-339-0289.

Privacy resources

Guide to Privacy and Security of Electronic Health Information
Summary of the HIPAA Privacy Rule
Summary of the HIPAA Security Rule

Compliance Training

Compliance training is required to be completed via Learning Connection (Learning Management System) for contracted business associates upon hire and annually for the Security Health Plan Board of Directors. Below are links to the log on page and the reference guide.
Learning Connection Log In
Learning Connection External User Reference Guide