The Role of Delegated Entities in Exclusion Screening

Posted by Joe Stefansky on December 14, 2021 in Exclusion Screening,

Under federal law, Medicare Advantage plans and Part D plan sponsors may delegate administrative or healthcare service functions to third parties, such as a medical group, pharmacy benefit manager, claims administration organization or hotline vendor. This delegation may cause the subcontracted entity to be identified as a first-tier, downstream or related entity (FDR) if the delegated entity provides a core function under the plan’s contract with CMS. However, being a FDR can come with significant responsibilities, including the duty to screen against the federal exclusion lists –  the OIG’s List of Excluded Individuals/Entities (LEIE) and the GSA’s System of Award Management (SAM) database.  In this article, we will review the duties of Medicare contract delegated entities with particular focus on exclusion screening requirements. 

CMS sets forth very clear expectations for Medicare Advantage plans and Part D Drug plan sponsors. Plans can delegate services but not accountability.  Plans are ultimately responsible for all services rendered whether they provide the services directly or through downstream agreements with third parties. In the event of noted subcontractor deficiencies, the plans remain responsible and will face the contractual consequences.  This dynamic has resulted in the development of downstream entity management infrastructure in many large insurance organizations to assure that subcontractors are fully compliant with their contractual duties.  Many create compliance guides to assist their contractors. However, not every contract entered into by a Medicare plan with a third party creates the same downstream expectations. 

Understanding Medicare’s Third-Party Delegation Requirements

There are three types of subcontracted entities defined by CMS related to its Medicare program.

A first-tier entity is any party that enters a written arrangement, acceptable to CMS, with an MA organization or Part D plan sponsor. These arrangements provide administrative or health care services to a Medicare-eligible individual under the MA program or Part D drug program.

A downstream entity is any that enters a written arrangement, acceptable to CMS, with persons or entities who are involved with the MA benefit or Part D benefit. They are below the level of the arrangement and between the following:

  • An MA organization or applicant
  • A Part D plan sponsor or applicant
  • A first-tier entity

These arrangements continue down to the level of the ultimate provider of both health and administrative services. For example, if a MA plan contacts with a hospital group (first-tier) but does not have a direct contract with the group’s individual hospitals or provider network, then those hospitals and providers are considered downstream entities.

A related entity is any party that holds common ownership or control of an MA organization or Part D sponsor and:

  • Performs some of the MA organization or Plan D plan sponsor’s management functions under    contract or delegation
  • Furnishes services to Medicare enrollees under an oral or written agreement
  • Leases real property or sells materials to the MA organization or Part D plan sponsor

Determining FDR Status

The types of services provided by subcontractors determine whether they are considered FDRs. While a specific methodology is not outlined, your organization should have a process to consistently evaluate the FDR status of subcontractors performing services on your behalf. The Medicare Manual sets forth considerations when determining if an entity qualifies as an FDR:

  • The impact of the services on beneficiaries
  • Access to protected health information
  • Decision-making authority
  • The ability to commit fraud, waste, or abuse
  • The overall risk associated with the entity

Health care providers including physicians, hospitals and other provider types are considered FDRs.  According to Medicare Part C (Medicare Advantage/MA) regulations and CMS rules, providers who contract with Medicare or Part D plans to provide health care services are first-tier entities.  

The picture is less clear for subcontractors who provide administrative services. MA and Part D plans must develop and implement processes to determine which vendors qualify as FDRs. Because FDRs have been delegated to perform a core function of a plan’s Medicare program, they must follow Medicare program requirements and regulations, including oversight of their own downstream entities which provide health care or administrative services to Medicare plans.

Below are some examples of core administrative functions that, if delegated, would likely require FDR designation:

Sales and marketingUtilization management
Quality improvementLicensing and credentialing
Applications processingEnrollment, disenrollment, membership functions
Claims administrationAppeals and grievances
Pharmacy benefit managementProvider network management
Hotline operationsCustomer service
Outbound enrollment verificationCoordination with other benefit programs
Processing of pharmacy claimsNegotiation with prescription drug manufacturers

Duties of a Delegated Entity

FDRs must comply not only with the terms of their contract with their Medicare Advantage plan or Part D plan sponsor but also all applicable Medicare requirements and federal and state regulations and guidance.  Just as Medicare Advantage plans and Part D drug sponsors hold first tier organizations accountable for non-compliance and require remediation of deficiencies, FDRs must do the same for their downstream entities. First tier organization contracts with downstream entities must include the CMS required provisions. The focus of this section is the duties of FDRs relating to exclusion screening.

As an FDR, an organization is required to fulfill the following Medicare program requirements:

  • Distribute a code of conduct or a compliance policy
  • Conduct general compliance and FWA education and training
  • Conduct regular exclusion list screenings
  • Communicate reporting mechanisms to employees for notifications of non-compliance
  • Monitor and audit first tier, downstream and related entities
  • Report FWA and compliance concerns their upstream entity

Exclusion Screening

Individuals or entities that have been excluded from participating with Medicare, Medicaid and other Federal or State health care programs cannot receive compensation, directly or indirectly, related to the administration or delivery of Medicare program services. FDRs must screen all employees, contractors, volunteers, vendors, and board members upon or before hire/contracting and monthly thereafter against the both OIG’s LEIE and the GSA’s SAM database. Neither database alone provides all the exclusion information needed. Evidence of monthly screenings must be documented and retained for not less than 10 years.

If an organization delegates any functions to a downstream or related entity, it must ensure that the downstream entity is also completing the exclusion checks for the same individuals as noted above with the same frequency. A Medicare Advantage plan or Part D plan sponsor may request documentation of these checks to ensure FDR compliance. If an FDR or a downstream entity fails to meet the CMS exclusion screening requirements or identifies an excluded individual/entity during monthly screening, this should be reported upstream immediately.

Downstream Monitoring and Auditing

If an organization is a first-tier entity that contracts with a downstream or related entity to perform services, it must monitor and audit that downstream or related entity to ensure contract and program requirements are being met. This includes monitoring and auditing to assure that exclusion screening is being conducted.  It is expected first tier entities will impose corrective actions when deficiencies are identified. A Medicare Advantage plan or Part D plan sponsor may request documentation of such monitoring and auditing and corrective action.


The duties of an FDR are considerably more burdensome than those of other subcontractors. For this reason, Medicare Advantage plans and Part D plan sponsors organizations generally define FDRs as narrowly as legally permissible. The intent of CMS as pertains to exclusion screening is clear:  All health care and core administrative services will be rendered by individuals and entities who have demonstrated a respect for the law and will provide high quality services to Medicare beneficiaries. Excluded or debarred parties may not participate at any contract tier of Medicare Advantage or Part D plan.

About Joe Stefansky

About Joe Stefansky

Joe Stefansky has a keen sense of business opportunities in complex problems, using technology to transform difficulty into efficiency. The CEO and founder of Streamline Verify specializes in solving compliance, legal and administrative issues through intuitively designed software that reduces costs and saves time.

Related Articles

Texas TULIP Challenges for Nursing Facility ...

May 11, 2022

The Texas Unified Licensure Information Portal (TULIP) is state’s web-based licensure system for the Health and Humans Services Commission (HHSC). TULIP was designed for licensed long-term care faci...

Why One Doctor Just Ended Up ...

March 9, 2015

Anyone working in the field of healthcare human resources should understand the role of the Office of the Inspector General in both investigating fraud related to federal health care programs and pena...

Fraud on the Move – Medical Transportation

October 4, 2021

Medical transportation companies have been on federal and state regulatory radar for decades, for program integrity concerns such as fraudulent billing practices and patient safety concerns. Currently...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking




Average workload reduction by implementing the Streamline Verify program



Establishments trust Streamline Verify nationwide



Serving the healthcare industry’s unique compliance needs since 2011



Setting standards with hourly synchronization to primary source data