Skip to content
Navigated to Compliance resources for First Tier, Downstream and Related Entities (FDRs) page

Compliance resources for First Tier, Downstream and Related Entities (FDRs)

What are First-Tier, Downstream and Related Entities (FDRs)?

  • First-Tier Entity is any party that enters into a written arrangement, acceptable to CMS, with an MA organization or Part D plan sponsor or applicant to provide administrative services or health care services to a Medicare-eligible individual under the MA program or Part D program.
  • Downstream Entity is any party that enters into a written arrangement, acceptable to CMS, with persons or entities involved with the MA benefit or Part D benefit, below the level of the arrangement between an MA organization or applicant or a Part D plan sponsor or applicant and a First-Tier Entity. These written arrangements continue down to the level of the ultimate provider of both health and administrative services.
  • Related Entity means any entity that is related to an MA organization or Part D sponsor by common ownership or control and: 1. Performs some of the MA organization or Part D plan sponsor’s management functions under contract or delegation 2. Furnishes services to Medicare enrollees under an oral or written agreement 3. Leases real property or sells materials to the MA organization or Part D plan sponsor at a cost of more than $2,500 during a contract period.

FDR Requirements

We value our partnership with you as an FDR. We also need you to comply with Centers for Medicare & Medicaid Services (CMS) regulations that apply to FDRs. CMS has requirements around:

  • Compliance & FWA training
  • Code of Conduct distribution
  • Exclusion screenings
  • Reporting of potential non-compliance and FWA
  • Offshore requests
  • Oversight and monitoring

Find more information about our FDR requirements in the Devoted Health First Tier, Downstream and Related Entities (FDR) Compliance Guide. Or keep reading to learn what you should do.

Resources for FDRs

As an FDR, you probably already have your own library of Compliance Policies and Procedures (P&Ps). But just in case, here are our compliance-related policies. They can assist you in developing your own compliance policies and procedures.

FDRs and attestations

We require all FDRs to sign an annual FDR Attestation. This attestation helps us demonstrate to CMS that we're effectively communicating their requirements, as well as confirming that our FDRs are complying with them. Use the appropriate attestation form below:

Complete exclusion list screenings

Federal law prohibits Medicare, Medicaid and other federal health care programs from paying for items or services provided by a person or entity excluded from these federal programs. So, before hiring or contracting and monthly thereafter, each FDR must check exclusion lists. This will help confirm that your employees and downstream entities aren’t excluded from participating in federally funded health care programs. Use these websites to perform your exclusion list screening:

  • General Service Administration (GSA) System for Award Management (SAM)
  • Office of Inspector General (OIG) List of Excluded Individuals and Entities (LEIE)

Your organization must maintain evidence that you’ve screened against both lists. This includes source documentation such as screenshots, input lists and/or documentation with date stamps. You may keep logs that track the dates for all screened employees and FDR. This will help track exclusion screenings. Also, make sure to keep source documentation.

Perform screenings regularly

The following individuals and entities must be screened before hiring or contracting and then monthly thereafter:

  • Employees
  • Temporary employees
  • Volunteers
  • Consultants
  • Members of your governing body
  • FDRs

To comply with CMS requirements, your organization needs to check both the OIG and the GSA exclusion lists. This will ensure these individuals and entities aren’t excluded.

Take action with those on exclusion lists

If any of your employees or downstream entities are on an exclusion list, you must immediately:

  • Remove them from any direct or indirect work on our Medicare plans
  • Notify us

You’ll find exclusion list requirements in:

  • CMS Medicare Managed Care Manual, chapter 21 § 50.6.8
  • CMS Medicare Prescription Drug Benefit Manual, chapter 9
  • Social Security Act, § 1862(e)(1)(B)
  • United States Code
    - 42 CFR §§ 422.503(b)(4)(vi)(F)
    - 422.752(a)(8)
    - 423.504(b)(4)(vi)(F)
    - 423.752(a)(6)
    - 1001.1901

Offshore Approval Request

If you’ll be subcontracting delegated functions offshore, you must submit the Offshore Approval Request Form and receive approval from us before moving any functions offshore. You can find the form here.

CMS Regulatory Compliance Program Guidelines

Devoted Health has based our FDR requirements on CMS guidance. In case you'd like to know why we require here is a link to CMS's Compliance Program Guidelines:


We require our FDRs complete General Compliance and FWA training. If you don't have your own training, these resources may be helpful to you: