42 CFR § 425.300 - Compliance plan.
(a) The ACO must have a compliance plan that includes at least the following elements:
(1) A designated compliance official or individual who is not legal counsel to the ACO and reports directly to the ACO's governing body.
(2) Mechanisms for identifying and addressing compliance problems related to the ACO's operations and performance.
(3) A method for employees or contractors of the ACO, ACO participants, ACO providers/suppliers, and other individuals or entities performing functions or services related to ACO activities to anonymously report suspected problems related to the ACO to the compliance officer.
(4) Compliance training for the ACO, the ACO participants, and the ACO providers/suppliers.
(5) A requirement for the ACO to report probable violations of law to an appropriate law enforcement agency.
(1) ACOs that are existing entities may use the current compliance officer if the compliance officer meets the requirements set forth in paragraph (a)(1) of this section.
(2) An ACO's compliance plan must be in compliance with and be updated periodically to reflect changes in law and regulations.