General Compliance

  • Standards of Conduct

    Code of Conduct Distribution

    As part of our Compliance & Ethics program, UnitedHealth Group has adopted an enterprisewide Code of Conduct detailing the organization’s commitment to acting ethically and with integrity. The UnitedHealth Group Code of Conduct can be used by delegates as a resource detailing key compliance policies and procedures.


    Delegates must distribute written policies, procedures or standards of conduct within 90 days of hire and annually thereafter, or when the Code of Conduct is updated.

    PDFDownload the UnitedHealth Group Code of Conduct.

  • Fraud, Waste & Abuse and General Compliance Training

    Beginning in 2016, delegates who provide Medicare Parts C & D services are required to use CMS Parts C and D Fraud, Waste & Abuse (FWA)* and General Compliance training.

    • Delegates who support Medicare must provide CMS Parts C and D FWA and General Compliance training to their employees who support the delivery administration of program benefits or services.

    • Delegates who support Medicaid can either use the CMS Parts C and D FWA and General Compliance training or their own training program which includes the FWA and compliance requirements. See Medicaid FWA

    *Important note:  Providers deemed to have met FWA training requirements through certification for Medicare Parts A and B or through accreditation as a Durable Medical Equipment, Prosthetics, Orthotics and Supplies (DMEPOS) provider are still required to complete CMS General Compliance training.


    Delegates must provide training on FWA and general compliance and it must be completed within 90 days of hire and annually thereafter.

    CMS Training

  • Exclusion Checks

    U.S. Department of Health & Human Services – Office of the Inspector General, and the U.S. General Services Administration, and State Exclusion Checks

    Regulators prohibit our organization from hiring, employing or making payments to any person or business excluded or debarred from federal or state health care programs.

    Medicare & Medicaid

    All delegates working with our Medicare Advantage Parts C and D or Medicaid programs must review the federal exclusion lists maintained by the U.S. Department of Health & Human Services – Office of the Inspector General (HHS-OIG) and the U.S. General Services Administration (GSA). These exclusion lists name individuals or organizations that are suspended or otherwise excluded from participation in Medicare and Medicaid programs.


    Delegates must review all employees and subcontractors that support Medicare Advantage Parts C and D and/or Medicaid plans and membership against OIG and GSA federal exclusion lists prior to hiring or contracting with them, and on a monthly basis thereafter.

    Federal Exclusion Checks

    State Exclusion Checks

    Many states maintain state-based sanction/exclusion databases that are in addition to, but do not replace, the OIG and GSA federal exclusion databases. A provider may not participate in the network of a specific state if the provider is listed on that state’s exclusion list, even if the provider is not listed on a federal exclusion list.

    • State Exclusion List Resource
      • Visit Verify Comply®, a vendor that offers several exclusion list search options.

    UnitedHealth Group and its businesses are not affiliated with the above independent websites.

  • Document Retention

    Delegates must maintain records for 10 years to demonstrate compliance with regulatory requirements, including standards of conduct education, Fraud, Waste & Abuse (FWA) and general compliance training, Office of the Inspector General (OIG)/U.S. General Services Administration (GSA) exclusion checks, and supporting policies and procedures. A delegate may be called upon by our organization, or a regulatory agency to provide documentation upon request. Failure to comply may result in any of a series of regulatory enforcement actions and our remediation activities.


    • Communication of Standards/Code of Conduct in an email, website portal or contract;

    • FWA and general compliance training methods, materials used for training, attestations or electronic certifications that include the date of the training;

    • Method of OIG/GSA and state (if applicable) exclusion checks and a copy of a sanction check report for each employee/contractor; and

    • Policies and procedures that describe the processes used to meet the regulatory requirements.
  • Downstream Delegates

    Downstream Oversight Requirements

    Delegates who subcontract the administrative or health benefit services performed for our organization to a subcontractor, or downstream entity, have an obligation to ensure the downstream entity complies with all same applicable federal and state laws, regulations and requirements through contract language, compliance oversight, monitoring and auditing activities. Records of such activities must be maintained for a minimum of 10 years and be available for review by CMS, state regulators or our organization upon request. (See Document Retention section above.)

    Monitoring and/or Auditing of Subcontracted Delegates

    Monitoring activities are reviews performed as part of normal operations to confirm ongoing compliance and to help ensure corrective actions happen and are effective. An audit is a formal review of compliance with a particular set of standards (e.g., policies and procedures, laws and regulations) used as base measures. CMS and state regulators require our organization to monitor and/or audit to confirm delegates’ compliance with the following:

    • Medicare and Medicaid regulations;

    • Sub-regulatory guidance;

    • Contractual agreements;

    • All applicable federal and state laws; and

    • Internal policies and procedures to protect against noncompliance and potential fraud, waste and abuse.