Skip to Content

Information from your health plan about COVID-19 (coronavirus disease)

Learn more

Compliance toolkit

Security Health Plan has created a compliance toolkit to assist First Tier, Downstream and Related Entities (FDRs) with meeting required regulations.

Our commitment

Security Health Plan of Wisconsin, Inc., a part of Marshfield Clinic Health System, is a not-for-profit health maintenance organization. We are committed to improving members' health, managing health care costs and providing them with a high-quality health care experience.

Our history in helping members obtain affordable health care costs goes back to 1971 when we were founded as the Greater Marshfield Community Health Plan, the first health maintenance organization (HMO) in Wisconsin, and the first rural HMO in the nation. The health plan became Security Health Plan in 1986.

    Our program

    Our compliance program helps to ensure honesty and integrity by also:

    Security Health Plan prohibits intimidation, retaliation or other abuse of any kind against individuals who have made good faith reports or complaints of violations of the Code of Conduct or other known or suspected illegal or unethical conduct.

    What is an FDR?

    Security Health Plan defines FDRs according to the current Centers for Medicare and Medicaid Services (CMS) definitions, per 42 CFR§§422.500 and 423.501:

    First Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with a Medicare Advantage Organization or Part D plan sponsor or applicant to provide administrative services or health care services to a Medicare-eligible individual under the Medicare Advantage program or Part D program.

    Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the Medicare Advantage benefit or Part D benefit, below the level of the arrangement between a Medicare Advantage Organization or applicant or a Part D plan sponsor or applicant and a first-tier entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.

    Related Entity is any party that is related to a Medicare Advantage Organization or Part D sponsor by common ownership or control and: a) performs some of the Medicare Advantage Organization or Part D plan sponsor’s management functions under contract or delegation; b) furnishes services to Medicare enrollees under an oral or written agreement; or c) leases real property or sells materials to the Medicare Advantage Organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.

    FDR compliance program and requirements

    Security Health Plan obtains an annual attestation from its first-tier entities to ensure its FDRs are in compliance with applicable compliance program requirements. These requirements not only apply to our Medicare Advantage FDRs but also to those contracted with our Federally-facilitated Exchange (FFE, also referred to as FFM/ACA) and Medicaid-BadgerCare Plus products. An authorized individual from each first-tier entity must attest that its organization and any of its Downstream and/or Related Entities are in compliance with requirements relating to the following:

    Security Health Plan also conducts routine auditing of its first-tier entities to further ensure their compliance. FDRs are required to cooperate and participate in these activities, which may, for example, require the first-tier entity to produce evidence that supports the audit.

    If Security Health Plan’s FDRs fail to submit a satisfactory audit/attestation by the deadline or fail to satisfy any compliance program requirements, such failures may lead to a corrective action plan including contract termination.

    Privacy and security information

    The U.S. Department of Health and Human Services (DHHS) has provided three resources to help you understand your responsibility to protect privacy.

    Call our privacy number 866-339-0289.

    Privacy resources

    Guide to Privacy and Security of Electronic Health Information
    Summary of the HIPAA Privacy Rule
    Summary of the HIPAA Security Rule

    Compliance Training

    Compliance training is required to be completed via Learning Connection (Learning Management System) for contracted business associates upon hire and annually for the Security Health Plan Board of Directors. Below are links to the log on page and the reference guide.
    Learning Connection Log In
    Learning Connection External User Reference Guide