FDR stands for First-tier, Downstream, and Related entities. It’s a term used by the Centers for Medicare & Medicaid Services (CMS) to describe the network of outside organizations that help Medicare Advantage and Part D prescription drug plans operate. If you work for a company that contracts with a Medicare health plan, or if you’ve been asked to complete “FDR training,” your organization almost certainly falls into one of these three categories.
What Each Term Means
A first-tier entity is any organization that has a direct written contract with a Medicare Advantage or Part D plan sponsor to provide healthcare services or administrative functions. Think of a pharmacy benefit manager, a large physician group, or a claims processing company that signs an agreement directly with the plan.
A downstream entity is any organization that contracts with a first-tier entity (rather than with the plan itself) to carry out some portion of that work. These written arrangements can extend several layers deep, all the way down to the provider or vendor actually delivering the service. A specialty pharmacy that contracts with a pharmacy benefit manager, which in turn contracts with the Medicare plan, would be a downstream entity.
A related entity is an organization connected to the Medicare plan through common ownership or control. To qualify, the entity must do at least one of the following: perform management functions for the plan, furnish services to Medicare enrollees, or lease property or sell materials to the plan at a cost exceeding $2,500 during a contract period.
Together, these three categories capture virtually every outside organization involved in delivering or administering Medicare benefits. CMS holds the plan sponsor ultimately accountable for the actions of all its FDRs, which is why the compliance requirements are so extensive.
Why FDR Compliance Exists
Medicare Advantage and Part D plans don’t do everything in-house. They rely on networks of vendors, subcontractors, and affiliated companies to process claims, manage pharmacy benefits, coordinate care, run call centers, and more. Because federal dollars fund these programs, CMS requires that every organization touching Medicare benefits follows the same fraud, waste, and abuse (FWA) rules, regardless of how many contract layers separate it from the plan sponsor.
Without this framework, a plan could theoretically outsource functions to entities that employ excluded individuals or engage in fraudulent billing, then claim ignorance. The FDR structure closes that gap by making the plan responsible for monitoring and enforcing compliance across its entire contractor chain.
Training Requirements for FDR Employees
If you work for an FDR and have any involvement in administering or delivering Medicare Part C or Part D benefits, you’re required to complete fraud, waste, and abuse training within 90 days of being hired or contracted, and annually after that. The training covers several core areas: federal laws like the False Claims Act, the Anti-Kickback Statute, and HIPAA; how to recognize different types of fraud in your specific work setting; how to report suspected fraud (either to the plan sponsor directly or through your employer); and the protections in place for employees who report concerns.
CMS also offers its own training courses covering topics like coverage determinations, appeals, grievances, and common audit findings. While CMS describes these courses as strongly suggested rather than mandatory, many plan sponsors require their FDRs to use them. Plan sponsors must keep records of training completion, including attendance, topics covered, certificates, and test scores, for 10 years. FDRs are required to maintain equivalent records for their own employees.
Exclusion Screening
Plan sponsors must check two federal databases before hiring any employee, contractor, or FDR, and then recheck monthly: the OIG’s List of Excluded Individuals and Entities (LEIE) and the GSA’s System for Award Management (SAM). Both lists identify people and organizations barred from participating in federal healthcare programs, typically due to fraud convictions, patient abuse, or license revocations. The OIG updates its exclusion files by the middle of each month.
This obligation extends through the entire FDR chain. If a downstream entity employs someone on the exclusion list, the plan sponsor bears responsibility for that failure. In practice, most plan sponsors require their FDRs to conduct their own monthly screening and report the results.
What Happens When FDRs Fall Short
CMS holds plan sponsors directly accountable when their FDR network doesn’t meet program requirements. When CMS determines that a sponsor has substantially failed to comply, or is running its contract in a way that’s inconsistent with efficient program administration, it can take several enforcement actions. These range from civil money penalties to intermediate sanctions like suspending the plan’s ability to market or enroll new members. In the most serious cases, CMS can terminate the contract entirely.
For FDRs themselves, the practical consequence of noncompliance is usually losing their contract with the plan sponsor. Plans have strong incentive to cut ties with underperforming vendors rather than risk their own Medicare contract. This is why many plan sponsors require FDRs to sign attestations confirming they meet all compliance requirements, and why plan sponsors conduct their own audits of FDR operations.
Offshore FDR Requirements
When FDR work involves handling protected health information outside the United States, additional safeguards apply. Organizations performing offshore functions that involve receiving, processing, transferring, storing, or accessing patient data typically must submit a separate attestation form and receive approval from the plan sponsor before that work begins. This ensures that the same privacy and security standards required domestically extend to any overseas operations.
The Other FDR in Healthcare
In medical research and biostatistics, FDR can also stand for False Discovery Rate. This is a statistical method used when researchers test thousands of variables at once, which is common in genomics studies comparing gene expression across different conditions. The false discovery rate estimates the proportion of “significant” findings that are actually statistical noise. It was introduced in 1995 and has become the standard tool for handling large-scale testing in clinical and biological research. If you encountered FDR in a research paper rather than a compliance context, this is likely what it refers to.