4.       What type of auditing are FDRs required to perform for offshore subcontractors?

Answer:  FDRs are responsible for ensuring that offshore subcontractors abide by all applicable Medicare Part C, Part D, and HIPAA requirements.  FDRs have the discretion to determine the audit criteria that are important for continuing a relationship with an offshore subcontractor. CMS expects FDRs to adopt audit criteria substantial enough to ensure the appropriate protection of PHI. CMS suggests, but does not require, an on-site audit of offshore contractors.  The purpose of an on-site audit is, in part, to observe whether PHI is handled appropriately on a day-to-day basis.  FDRs may hire third-party audit organizations to conduct audits.