Skip to main content

Third-party Compliance Oversight

UPMC Health Plan’s commitment to regulatory compliance includes the requirement that third parties meeting criteria for oversight are in compliance with all applicable regulations and best practices. These third parties may be categorized, depending on the UPMC Health Plan product, as:

  • Delegated and Downstream Entities (DDEs).
  • First-tier, downstream, and related entities (FDRs).
  • Subcontractors.

UPMC Health Plan contracts with third parties to provide administrative or health care services to our enrollees on our behalf; we are ultimately responsible for fulfilling the terms and conditions with program requirements and our contracts with various regulatory agencies including but not limited to the Center for Medicare & Medicaid Services (CMS), the PA Department of Human Services (DHS), the PA Insurance Department (PID), the Office of Personnel Management (OPM), and the National Committee for Quality Assurance (NCQA). Therefore, UPMC Health Plan has developed a process to validate that each contracted DDE, FDR, and subcontractor has met the requirements of the terms and conditions of our contracts with various state, federal, and regulatory agencies, as well as the program requirements per applicable UPMC Health Plan product.

  1. Medicare First-tier, Downstream, and Related Entities (FDRs)
  2. Marketplace Delegated and Downstream Entities (DDEs)
  3. Medicaid, Community HealthChoices, and CHIP Subcontractors
  4. Link to Third-party Compliance Attestation

As part of an effective compliance program, the Centers for Medicare & Medicaid Services (CMS) and other federal and state regulators require that UPMC Health Plan and its affiliate organizations (collectively, our organization) communicate and monitor specific compliance and Fraud, Waste and Abuse (FWA) requirements to our employees and delegated entities (delegates)—including first-tier, downstream, and related entities (FDRs). In the event of a CMS, federal, or state audit, our organization must demonstrate that we evaluate our delegates’ compliance with program requirements, including effective monitoring and oversight of such delegates.

Our organization uses the terms: delegates; delegated entities; vendor; third-party; first-tier, downstream entity, and related entity (FDR); subcontractor; and, occasionally, others interchangeably to name the parties with whom we contract with to support administration of benefits, access to care, and other services performed on our behalf.