CMS Fraud, Waste, and Abuse Certificate: Requirements, Training, and Verification

The CMS Fraud, Waste, and Abuse certificate confirms that you and your organization understand how to prevent, detect, and report FWA within Medicare programs. If you work with Medicare Advantage-Prescription Drug plans or their contracted entities, you must meet specific training, attestation, and documentation standards to stay compliant.

This guide explains who must complete training, what the CMS web-based course covers, acceptable training methods, how to document completion, when Provider Deemed Compliance applies, how to handle CMS Training Attestation, and what auditors verify.

Training Requirements for Medicare Providers

Who must complete training

If you contract with a Medicare Advantage-Prescription Drug (MA-PD) or Part D sponsor—directly or as a first tier, downstream, or related entity (FDR)—you must ensure that your relevant workforce completes Fraud Waste Abuse Training and general compliance training. This includes employees, temporary staff, volunteers, and contractors who touch Medicare operations, benefits, claims, enrollment, billing, or marketing.

Timing and frequency

Training is typically required at onboarding (for new hires or upon initial contracting) and annually thereafter. Sponsors may impose stricter timelines, so align your internal calendar with contract terms and make completion a standing requirement during orientation and annual refreshers.

Training scope

Your program should cover FWA definitions and examples, reporting channels, non-retaliation, penalties, conflicts of interest, privacy and data protection basics, and the seven elements of an effective compliance program. Ensure role-based content for clinical, operational, billing, and sales staff so everyone learns how FWA risks show up in their day-to-day work.

CMS Web-Based Training Content

What the CMS course teaches

The CMS Medicare Learning Network (MLN) web-based training explains how fraud, waste, and abuse differ; common schemes in prescribing, billing, enrollment, and marketing; red flags; reporting obligations; and the consequences of noncompliance. It uses scenarios to show how to escalate concerns and document actions taken.

Certificate of completion

After you pass the MLN module, you can download a certificate that includes your name and completion date. Save it alongside your FWA Compliance Documentation as primary proof when sponsors, auditors, or delegated entities request verification.

Using CMS materials alongside sponsor content

You may use the CMS course as your baseline and add plan-specific procedures, contact points, and case studies. This blended approach helps you meet universal requirements while addressing local processes for reporting, monitoring, and corrective actions.

Approved Training Methods

Acceptable formats

• CMS MLN web-based modules with knowledge checks.
• Organization-developed e-learning hosted in a learning management system.
• Instructor-led sessions (in person or virtual) with sign-in rosters and post-tests.
• Vendor-provided courses that map to sponsor requirements.

Design and delivery best practices

• Use role-based scenarios and brief assessments to confirm understanding.
• Track completions automatically; capture dates, scores, and acknowledgments.
• Provide accessible formats and multiple language options when needed.

Verification expectations

Maintain auditable evidence for each learner: assignment date, completion date, passing score (if applicable), and certificate. Your tracking system should produce reports by person, department, and FDR, enabling quick responses to sponsor requests.

Documentation and Record-Keeping

FWA Compliance Documentation checklist

• Training policy describing who must complete Fraud Waste Abuse Training and when.
• Curriculum map showing learning objectives and how content meets sponsor requirements.
• Completion certificates, sign-in sheets, quizzes, and final scores.
• Roster-level CMS Training Attestation or equivalent sponsor forms.
• Communication artifacts (reminders, escalation paths, non-retaliation statement).
• FDR oversight files: contracts, monitoring reports, and corrective actions.

Training Record Retention

Retain training records for at least ten years, or longer if your contract specifies. Keep records centralized, backed up, and easily retrievable. Apply legal hold procedures if any investigation, audit, or litigation is pending.

Data quality controls

Reconcile LMS data against HR rosters, verify date accuracy, and identify overdue learners weekly. Document remediation steps and re-training when staff transfer roles or return from extended leave.

Deeming Provision for Medicare Enrollees

Provider Deemed Compliance: who qualifies

Healthcare providers and suppliers actively enrolled in Medicare are generally deemed to have satisfied the FWA training requirement. Deemed status does not remove the obligation to complete general compliance training or follow sponsor-specific procedures.

Proving deemed status

Maintain proof such as NPI details, Medicare enrollment confirmation (e.g., PECOS printout), and current licensure. Store this evidence with your FWA Compliance Documentation so you can demonstrate Provider Deemed Compliance during reviews.

Who is not deemed

Entities not enrolled as Medicare providers—such as brokers, PBMs, third-party administrators, and many service vendors—must complete FWA training and cannot rely on deeming. Clarify status for each FDR during onboarding and annually.

Attestation and Certification Process

How attestation works

Sponsors often require a CMS Training Attestation confirming that applicable staff completed FWA and general compliance training or qualify under deeming. You may attest by individual certificate, a roster-level certification, or via the sponsor’s portal.

What to include with your attestation

• Names, roles, and NPI (if applicable) for covered staff.
• Completion dates or deemed rationale with supporting documents.
• FDR listings showing which subcontractors are covered and how you oversee them.

Common pitfalls to avoid

• Missing or mismatched dates between certificates and rosters.
• Attesting for personnel who do not have proof of completion.
• Failing to capture subcontractor training or deeming evidence.

Compliance Verification and Audits

What reviewers check

Auditors and sponsors verify policy coverage, assignment logic, timely completion, and evidence that exceptions were resolved. They also review FDR oversight, escalation pathways, and corrective action plans tied to identified gaps.

CMS Audit Procedures focus areas

• Documented annual training and onboarding completion for applicable staff.
• Ten-year Training Record Retention with reliable, reproducible reports.
• Proof of Provider Deemed Compliance where used, and training for non-deemed staff.
• Control effectiveness: monitoring, issue tracking, and documented remediation.

Readiness tips

• Maintain a single repository for policies, certificates, rosters, and attestations.
• Schedule quarterly self-audits and remediate findings quickly.
• Map your curriculum to sponsor requirements and keep a change log each year.

In practice, you stay compliant by assigning the right training to the right people, documenting it thoroughly, using deeming appropriately, and being able to prove all of the above quickly when asked.

FAQs

What are CMS requirements for FWA training?

If you support a Medicare Advantage-Prescription Drug or Part D sponsor as an FDR, you must complete Fraud Waste Abuse Training and general compliance training at onboarding and annually thereafter. Sponsors can set stricter timelines, so follow your contract and keep evidence of completion for audit purposes.

How can providers obtain the CMS Fraud, Waste, and Abuse certificate?

You can complete the CMS MLN web-based training and download the certificate upon passing, or use an approved sponsor or vendor module that issues a certificate. Save the certificate with your FWA Compliance Documentation and include it with any required CMS Training Attestation.

What documentation must providers maintain for FWA training?

Keep policies, curricula, completion certificates, sign-in sheets, scores, and attestation forms, plus FDR oversight files. Apply Training Record Retention standards by storing records for at least ten years and ensuring they are quickly retrievable.

When is the FWA training attestation required?

Attestation is typically required at initial contracting or onboarding, annually during renewals, and upon request during audits or sponsor reviews. Use rosters or individual certificates to validate completion or to document Provider Deemed Compliance where applicable.