MA Compliance Requirements for Agencies

If you’ve ever wondered if you were following all the guidelines for compliance, you’re not alone. As the Director of Compliance for RB Insurance Group, I talk to agencies nearly every day that are struggling through a carrier audit, often bringing daily business to a grinding halt.  If you are nodding along, don’t panic!  We can help you build processes to get compliance under control.

That’s right, I’m the “FUN” guy in the office.

Compliance = fun right?

All MA carriers are audited for compliance by CMS every 3 years. Contracting with multiple carriers increases your chances that at some point you will be picked for a random agency compliance audit.  CMS requires the carriers to hold agencies accountable for the compliance of contracted agents and employees.

Are you an agency with no employees (besides yourself) and you still get certified every year and sell?  Rejoice, as much of this doesn’t apply to you.

Basic Requirements

The most commonly overlooked CMS requirements for FDR’s (First, Downline and Related Entities) not an exhaustive list.

OIG/SAM Exclusion Check

Upon hire and monthly thereafter you must check all employees, (even yourself), against both the OIG List of Excluded Individuals/Entities and SAM Excluded Persons List System (EPLS).

Most agencies know about the OIG (Office of Inspector General), but not the SAM (System for Award Management) requirement. The button looks like this:

You must keep records of the searches. Some carriers have a spreadsheet they want the tracking in, others want you to make one.

Regardless, it will need to include the basic information on all your employees/agents as well as dates of the checks. A sample Excel Spreadsheet will be made available to contracted agencies inside the Medicare Sales Engine.

CMS General Compliance and Fraud, Waste and Abuse Training (FWA).

GC/FWA training must be completed upon hire and annually thereafter. Every employee must complete it.

If you and all of your staff are licensed writing agents with all the carriers you represent, you’re in luck: it was included in your annual training and you do not have an additional requirement.

For everyone else, there are 3 ways to meet the requirement:

  • Have all your staff enroll in the MLN (Medicare Learning Network) and complete the courses and get the certificates.

  • Go over the CMS training in PDF form with all your staff and have them take the exam on paper, then generate the certificates.

  • Incorporate the CMS training information into your existing compliance training and testing, and generate your own certificates. (Not suggested and not accepted by all carriers.)

We can assist you in obtaining the required materials for this training, just give us a call at 1-800-997-3107.

You must also have:

  • Written Code of Conduct

  • Written Code of Ethics

  • Policies and Procedures manual that applies to Medicare Advantage and Medicare as a whole.

  • HIPAA Security Plan

  • Compliance Officer (yes, you have to have one)

  • A method for employees to report suspected FWA or other violations internally and anonymously.

There are a lot more requirements and details than I can get into in a short blog article, but this will get you started.

If you are currently the subject of a sales allegation, carrier audit, or just want to prepare so you aren’t scrambling to get compliant when you receive an audit notice, you can contact our office for assistance.

RB Insurance Group, LLC 1-800-997-3107