FDR Compliance Requirements and How To Meet Them

Record Retention And Record Availability

Requirements	How to Comply
PBMs, as first tier and downstream entities, must comply with Medicare laws, regulations, and CMS instructions (422.504(i)(4)(v)), and agree to audits and inspection by CMS and/or its designees and to cooperate, assist, and provide information as requested, and maintain records a minimum of 10 years. (Medicare Managed Care Manual Ch. 11 §100.4) Plan sponsors are accountable for maintaining records for a period of 10 years of the time, attendance, topic, certificates of completion (if applicable), and test scores of any tests administered to their employees, and must require Vendor/FDRs to maintain records of the training of the Vendor/FDRs’ employees. (Medicare Prescription Drug Benefit Manual Ch. 9 §50.3.1) CMS has the discretionary authority to perform audits under 42 C.F.R. 422.504(e)(2) and 423.505(e)(2), which specify the right to audit, evaluate, or inspect any books, contracts, medical records, patient care documentation, and other records of plan sponsors or Vendor/FDRs (including PBMs and their downstream entities) that pertain to any aspect of services performed, reconciliation of benefit liabilities, and determination of amounts payable under the contract or as the Secretary of Health and Human Services may deem necessary to enforce the contract. Plan sponsors should cooperate in allowing access as requested. Failure to do so may result in a referral of the plan sponsor and/or FDR to law enforcement and/or implementation of other corrective actions, including intermediate sanctioning in line with 42 C.F.R. Subpart O. (Medicare Prescription Drug Benefit Manual Ch. 9 §50.6.11) Record keeping requirements for Medicaid require any subcontractor or its Vendor/FDRs to retain information, as applicable for a period of no less than ten (10) years. (42 CFR § 438.3)	Maintain all records, reports, and supporting documentation that relate to the functions your organization is performing or providing under the Navitus Medicare and/or Medicaid programs for 10 years. This includes but is not limited to Training and education Attestations Exclusion screening Be prepared to make your records available to Navitus as part of a Navitus audit or monitoring activity and to a Navitus plan sponsor in the event of a CMS program audit.

Requirements

How to Comply

PBMs, as first tier and downstream entities, must comply with Medicare laws, regulations, and CMS instructions (422.504(i)(4)(v)), and agree to audits and inspection by CMS and/or its designees and to cooperate, assist, and provide information as requested, and maintain records a minimum of 10 years. (Medicare Managed Care Manual Ch. 11 §100.4)

Plan sponsors are accountable for maintaining records for a period of 10 years of the time, attendance, topic, certificates of completion (if applicable), and test scores of any tests administered to their employees, and must require Vendor/FDRs to maintain records of the training of the Vendor/FDRs’ employees. (Medicare Prescription Drug Benefit Manual Ch. 9 §50.3.1)

CMS has the discretionary authority to perform audits under 42 C.F.R. 422.504(e)(2) and 423.505(e)(2), which specify the right to audit, evaluate, or inspect any books, contracts, medical records, patient care documentation, and other records of plan sponsors or Vendor/FDRs (including PBMs and their downstream entities) that pertain to any aspect of services performed, reconciliation of benefit liabilities, and determination of amounts payable under the contract or as the Secretary of Health and Human Services may deem necessary to enforce the contract. Plan sponsors should cooperate in allowing access as requested. Failure to do so may result in a referral of the plan sponsor and/or FDR to law enforcement and/or implementation of other corrective actions, including intermediate sanctioning in line with 42 C.F.R. Subpart O. (Medicare Prescription Drug Benefit Manual Ch. 9 §50.6.11)

Record keeping requirements for Medicaid require any subcontractor or its Vendor/FDRs to retain information, as applicable for a period of no less than ten (10) years. (42 CFR § 438.3)

Maintain all records, reports, and supporting documentation that relate to the functions your organization is performing or providing under the Navitus Medicare and/or Medicaid programs for 10 years. This includes but is not limited to
- Training and education
- Attestations
- Exclusion screening
Be prepared to make your records available to Navitus as part of a Navitus audit or monitoring activity and to a Navitus plan sponsor in the event of a CMS program audit.