Skip to content

First-Tier, Downstream and Related Entities (FDRs) CMS Compliance Program Requirements*

Kaiser Foundation Health Plan, Inc. and its subsidiaries (collectively “Kaiser Foundation Health Plan”) contract with the Centers for Medicare & Medicaid Services (CMS) to provide services under Medicare Parts C and D. To help fulfill its obligations to CMS, Kaiser Foundation Health Plan has entered into contracts with external vendors and providers to provide administrative or health care services to Kaiser Foundation Health Plan’s Medicare enrollees. For the purposes of complying with CMS regulations*, these vendors and providers are generally referred to as first-tier, downstream, and related entities (FDR).

Requirements for FDRs

CMS requires Kaiser Foundation Health Plan to establish and maintain an FDR monitoring and auditing program to ensure that its FDRs meet Medicare program requirements.

Below is a list of Medicare program requirements that apply to all FDRs. Depending on the nature of the services provided, additional requirements may apply:

  • Vendor Code of Conduct
  • Screening for Excluded and Precluded Individuals
  • Offshore Vendor Activities
  • Compliance with Medicare Law
  • Annual Attestation

Each of these requirements are described in greater detail below.

REQUIREMENT: Vendor Code of Conduct

In support of Kaiser’s compliance and Fraud Waste and Abuse (FWA) control program, Supplier agrees to (a) conduct its business in compliance with the Kaiser Permanente Vendor Code of Conduct (Code of Conduct) and (b) make the Code of Conduct available to its Employees and subcontractors.

Employees are defined as those individuals (including temporary workers and volunteers) who are involved in the administration or delivery of services under the FDR’s contract with Kaiser Foundation Health Plan.

The Kaiser Permanente Vendor Code of Conduct, which includes the Federal Flowdown Requirements, is available for review and download here

REQUIREMENT: Screening for Excluded and Precluded Individuals

Kaiser Foundation Health Plan may not use federal funds to pay for services, equipment, or drugs prescribed or provided by a vendor that is debarred, suspended, excluded, precluded or that has opted out from receiving a contract or subcontract funded in whole or in part by federal or state funds, including without limitation Medicare and Medicaid funds.

FDRs must ensure that no persons or entities employed by or contracted with the FDR to provide services under the FDRs contract with Kaiser Foundation Health Plan are sanctioned by or debarred, suspended, excluded, precluded or have opted out from, participation in Medicare or Medicaid under Sections 1128 or 1128A of the Social Security Act.

FDRs will review the Department of Health and Human Services, Office of Inspector General List of Excluded Individuals and Entities (LEIE list),  the U.S. General Services Administration System for Award Management (SAM), CMS Preclusion List prior to initial hiring or contracting and monthly thereafter to ensure that employees and contractors providing services under the contract are not so sanctioned, debarred, suspended, excluded, precluded, or have otherwise opted out of participating in Medicare.

The CMS Preclusion List is a list compiled by CMS of providers/prescribers and vendors who are precluded from receiving payment for Medicare Advantage (MA) items and services or Part D drugs furnished or prescribed to Medicare beneficiaries.  Plans will be required to reject claims to any individual or entity found on the Preclusion List, and terminate any existing contracts with precluded providers/suppliers.  For suppliers to which claims processing or credentialing is delegated, your Kaiser Permanente point of contact will work with you to ensure you are provided with the preclusion list on a monthly basis.  Please contact your Kaiser Permanente point of contact if you have any questions.

If the FDR becomes aware that it has employed or contracted with such a person or entity, the FDR will take prompt and appropriate remedial action to remove the employee or contractor from providing services under the FDRs agreement with Kaiser Foundation Health Plan.

The links for access or guidance to LEIE, SAM and Preclusion lists are:

CMS requires Kaiser Foundation Health Plan to report contracts that involve access, use, or disclosure of Medicare beneficiary protected health information (PHI) from offshore locations (outside of the United States and its territories). As such, FDRs must notify and obtain the written approval of Kaiser Foundation Health Plan of any instances where they plan to perform services offshore or contract with any offshore subcontractors that access, use, or disclose Medicare beneficiary PHI.

Please note the following:

  • Disclosure and approval of all offshore activities must be made prior to contracting with Kaiser Foundation Health Plan.
  • Notification and approval of any new offshore activities must be made within 10 days of beginning those services.
  • Kaiser Foundation Health Plan may also require an annual disclosure of all offshore activities.

Disclosure/notification of offshore activities should be sent to your Kaiser Permanente point of contact.

REQUIREMENT: Compliance with Medicare Law

FDR and any downstream contractors (subcontractors) will comply with Kaiser Foundation Health Plan’s contractual obligations to CMS and all applicable Medicare laws, regulations, and CMS instructions.

REQUIRMENT: Annual Attestation

Each year, Kaiser Foundation Health Plan will require its administrative FDRs to attest and certify, in writing, in compliance with the following requirements:

  • Vendor Code of Conduct
  • Screening for Excluded and Precluded individuals
  • Compliance with Medicare Law
  • Data Accuracy

Please note FDRs may be required to provide evidence of compliance with these requirements during a desk review audit.

If you have questions concerning the FDR requirements, please email your question to

* Reference: Compliance Program Guidelines, Prescription Drug Benefit Manual, Chapter 9 / Medicare Managed Care Manual, Chapter 21

Do you have a compliance concern?

If you think that a compliance or ethics standard has been violated, such as fraud, waste, or abuse, contact the Kaiser Permanente Compliance Hotline or call 1-888-774-9100.