Annual CMS FWA Training: Who Must Complete It and What to Include

Training Requirements for CMS FWA

Annual CMS FWA Training applies to Medicare Advantage Organizations (MAOs) and Prescription Drug Plans (PDPs), including their boards, officers, employees, and temporary staff. It also extends to each contracted First-Tier Downstream Related Entity (FDR) whose work supports Medicare Parts C or D.

If you operate as an FDR—such as a pharmacy, PBM, claims or call center vendor, broker/agent, enrollment or marketing firm, utilization management reviewer, or data/IT vendor handling claims or PDE data—your affected staff must complete training before performing Medicare work and on an ongoing basis. Role-based scoping is permitted, but you must document why any role is in or out of scope.

Essential Training Content Elements

Core topics you must cover

• Definitions and examples of fraud, waste, and abuse, with Medicare-specific scenarios for medical, pharmacy, and network operations.
• Key laws and program rules: False Claims Act, Anti-Kickback Statute, beneficiary inducements, marketing and communication standards, and overpayment obligations.
• Fraud Waste and Abuse (FWA) Policies: how to access, acknowledge, and follow plan-specific procedures.
• Red flags and high-risk areas: PDE manipulation, formulary and prior authorization abuses, billing for non-rendered services, upcoding, and risks unique to DME and pharmacy.
• Reporting process: how to report concerns internally and to plan sponsors; anonymity options; non-retaliation protections; what information to include.
• Exclusion screening basics (OIG/GSA) and conflict-of-interest disclosures relevant to MA and Part D operations.
• Privacy and security expectations when handling PHI and operational data tied to claims, PDE, and member records.

Make it practical

• Use role-based case studies (e.g., pharmacy, DME, sales) and quick knowledge checks to confirm understanding.
• Explain how to recognize and escalate errors versus suspected misconduct, with time frames and documentation tips.

Approved Training Methods

Accepted formats

• CMS Medicare Learning Network (MLN) web-based modules for “General Compliance” and “Combating FWA.”
• Plan-sponsor or employer-developed eLearning that aligns with CMS content expectations.
• Live instructor-led training (in person or virtual) with attendance tracking and post-tests.

Verification and access

• Require an assessment, completion attestation, or certificate for each learner to validate competency.
• Ensure training is accessible (language, disability accommodations) and available to vendors and contingent workers who support Medicare tasks.

Deemed Compliance and Exemptions

Certain entities are “deemed” to have satisfied the FWA training requirement when they are enrolled in Medicare (for example, Part A or Part B providers and Durable Medical Equipment Prosthetics Orthotics Supplies (DMEPOS) suppliers). Deeming applies to the FWA module only; general compliance training and policy acknowledgments still apply.

Deeming does not waive your duty to disseminate plan-specific reporting channels, code of conduct, and Fraud Waste and Abuse (FWA) Policies to affected staff. Maintain evidence of Medicare enrollment (e.g., NPI/PECOS details) to substantiate deeming decisions, and document role-based exclusions for staff who truly do not touch MA/PDP work.

Documentation and Proof of Completion

What to retain

• Certificates or attestations from MLN or sponsor-approved courses for each learner.
• Training rosters with names, roles, dates, scores (if tested), and delivery method.
• Current syllabus or slide deck demonstrating required topics were covered.
• Signed acknowledgments of FWA and general compliance policies, plus conflict-of-interest forms where applicable.
• FDR oversight artifacts: contracts requiring training, monitoring logs, and evidence of remediation if gaps are found.

Build a Training Certification Documentation file

Create an annual Training Certification Documentation package per sponsor that consolidates rosters, certificates, policy acknowledgments, and monitoring results. Retain records consistent with CMS and sponsor record-retention requirements (commonly up to 10 years) and any longer period required by contract or litigation hold.

Training Frequency and Deadlines

• New hires and new FDR staff: complete training within 90 days of hire or contracting and before performing Medicare Part C/D duties.
• Existing staff: repeat training at least annually; provide refresher training when laws, plan policies, or job duties materially change.
• Sponsor expectations: MAOs and PDPs may set earlier or fixed annual deadlines—follow the most stringent timeline applicable to your contracts.

CMS Training Resources Availability

The CMS Medicare Learning Network (MLN) makes standardized “General Compliance” and “Combating FWA” courses available at no cost and updates them as guidance evolves. Many MAOs and PDPs accept MLN certificates, sometimes alongside short plan-specific modules and policy acknowledgments.

If you author internal training, align content with MLN topics and your plan contracts, ensure assessments are scored, and make completion artifacts easy to export for audits and FDR oversight reviews.

Conclusion

To meet Annual CMS FWA Training expectations, identify who is in scope, deliver MLN or equivalent training, honor any deeming rules carefully, and maintain airtight documentation. Following sponsor timelines and keeping content current will help you prevent issues, pass audits, and protect beneficiaries and program integrity.

FAQs.

Who is required to complete CMS FWA training?

All MAO and PDP employees, governing body members, and in-scope contractors must complete it, including each First-Tier Downstream Related Entity (FDR) whose work supports Medicare Parts C or D. Medicare-enrolled providers and DMEPOS suppliers may be deemed for the FWA module but still need general compliance training and plan policy acknowledgments.

What topics must CMS FWA training cover?

Training must address definitions of fraud, waste, and abuse; key laws and program rules; high-risk scenarios; reporting channels and non-retaliation; exclusion screening and conflicts; privacy and security basics; and your organization’s Fraud Waste and Abuse (FWA) Policies and escalation procedures.

How often must CMS FWA training be conducted?

Complete training within 90 days of hire or contracting and at least annually thereafter. Provide interim refreshers when significant legal, policy, or role changes occur, and follow any earlier deadlines set by your MAO or PDP contracts.

What documentation is needed to prove FWA training completion?

Maintain certificates or attestations, dated rosters with scores if applicable, copies of training materials, policy acknowledgments, and FDR oversight evidence. Organize these into an annual Training Certification Documentation package and retain records per CMS and sponsor requirements.