New York State OMIG Makes Regulatory Modifications to Compliance Program Requirements
Friday, August 25, 2023
New York State requires every Medicaid provider to have an effective compliance program
Print Mail Download i

It is axiomatic that New York State requires every Medicaid provider to have an “effective” compliance program.  New York Social Services Law § 363-d.  In July 2022, the New York State Office of the Medicaid Inspector General (“OMIG”) proposed extensive modifications to the regulatory requirements governing compliance programs for entities receiving “significant” Medicaid revenue (increased by these regulations from a threshold of $500,000 to $1 million).  These regulations were proposed to implement portions of the New York State 2020-2021 Budget Bill amending the mandatory compliance program requirements.  The regulations were finalized in December 2022, with an effective date of March 28, 2023, and an enforcement moratorium that has just ended. The final regulations, codified at 18 N.Y.C.R.R. Part 521, make several important changes that will affect all Medicaid Providers’ compliance programs throughout New York State.  The majority of the changes will have the effect of making mandatory elements of an effective compliance program that were previously “recommended”. 

Changes of note include:

  1. The implementation of an “Effective Compliance Program” is now a condition of receiving payment under the Medicaid program.  An Effective Compliance Program is one that:

    • Is well integrated into the provider’s operations;
    • Is supported at the highest levels, including the Chief Executive, Senior Management, and Governing Body;
    • Has a Compliance Officer, who is an “individual” responsible for:
      • overseeing and revising the Compliance Program;
      • overseeing a Compliance Work Plan that is created at least annually;
    • Has a Compliance Committee:
      • that is responsible for coordinating with the Compliance Officer to ensure that the required provider is conducting business in an ethical and responsible manner, consistent with its Compliance Program;
      • that advocates for the allocation of sufficient funding, resources and staff for the Compliance Officer;
    • Promotes adherence to legal and ethical obligations;
    • Is reasonably designed and implemented to prevent, detect, and correct non-compliance most likely to occur for the required provider’s risk areas and organizational experience;
    • Has established disciplinary standards and implemented procedures for the enforcement of such standards to address potential violations and encourage good-faith participation by all Affected Individuals in the Compliance Program;
    • Establishes an effective compliance training and education program for its Compliance Officer and all Affected Individuals;
    • Is reviewed annually through on-site visits, interviews with Affected Individuals, review of records, surveys, or any other comparable method the required provider deems appropriate so long as it does not compromise the independence or integrity of the review.  The results must be shared with the Chief Executive, Senior Management, Compliance Committee and the Governing Body; and
    • Retains all records demonstrating that the Compliance Program has been adopted, implemented, and operated by the organization for at least six (6) years.
  2. Providers must certify implementation of a Compliance Program satisfying the regulatory requirements upon enrollment and annually thereafter.  The new regulations drill deeper into program requirements other than the eight required elements of a compliance program.  For example, to be considered an effective Compliance Program, the policies and procedures must:
    • Establish an expectation that Affected Individuals (discussed below) will act in accordance with the Medicaid provider’s Standards of Conduct;
    • Require Affected Individuals to refuse to participate in unethical or illegal conduct, and report any unethical or illegal conduct to the Compliance Officer;
    • Address certain required elements; and
    • Be reviewed annually for effectiveness. 
  3. New Self-Disclosure Program rules (amendments to N.Y. Social Services Law § 363-d) codified in New York State law federal requirements and OMIG policies require Medicaid providers who have received an overpayment to report, return, and explain the overpayment by making a disclosure to OMIG within sixty (60) days of identifying the overpayment.
  4. Monetary penalties are authorized for:
    • Not having an Effective Compliance Program;
    • Failure to grant timely access to records and facilities;
    • Failure to timely report, return, and explain overpayments within sixty (60) days; and
    • Employing or contracting with an individual or entity that has been excluded or suspended from the Medicaid program.
  5. “Affected Individuals” is a newly defined term that specifies which staff associated with a provider are covered by the organization’s Compliance Program requirements, including:
    • Employees;
    • Chief Executive and other Senior Administrators;
    • Managers;
    • Contractors, Subcontractors, and Independent Contractors;
    • Agents;
    • Governing Body; and
    • Corporate Officers
  6. Risk Areas. An organization’s Compliance Program should apply to the Medicaid provider’s risk areas, which are those areas of operation affected by the Compliance Program and applicable to:
    • Billings;
    • Payments;
    • Ordered services;
    • Medical necessity;
    • Quality of care;
    • Governance;
    • Mandatory reporting;
    • Credentialing;
    • Contractor, subcontractor, agent, or independent contract oversight; and
    • Other risk areas that are or should reasonably be identified by the provider through its organizational experience.
  7. “Organizational Experience” is another newly defined term used to help a provider make their Compliance Program specific to the organization, and to the specific issues or risk areas likely to be encountered by the provider.
  8. Lines of Communication.  Lines of communication regarding compliance issues must satisfy specified criteria, including a method for anonymous reporting for potential fraud, waste, and abuse issues directly to the organization’s Compliance Officer.

All covered New York Medicaid providers should ensure that their Chief Compliance Officer and counsel have assessed the organization’s Compliance Program to ensure its compliance with these regulatory changes.  No doubt, the existing policies and procedures of many such entities will already adhere to many of the proposed changes, as they are generally considered best practices.  However, certain policies and procedures will likely need to be updated, as may vendor contracts and their compliance addenda, in order to ensure full compliance with the new regulations.  Additional resources will also likely need to be allocated to Compliance Program activities in many cases.

©2024 Epstein Becker & Green, P.C. All rights reserved.

Current Legal Analysis

More from Epstein Becker & Green, P.C.

U.S. Department of Labor Issues Final Overtime Rule Raising Salary Thresholds
by: Jeffrey H. Ruzal , Alexandria (Alex) Adkins
Medical Clinic’s Use of NDAs to Suppress Negative Online Reviews Violates Federal Consumer Review Fairness Act, Washington Federal Judge Finds
by: Eric J. Neiman
Chamber of Commerce and Others Swiftly File Lawsuits Seeking to Enjoin and Vacate the FTC’s Noncompete Rule
by: Daniel R. Levy , Erik W. Weibust
The FTC Finally Pulls the Trigger on a Final Noncompete Rule, with a Few Changes, but Remains Unlikely to Ever Hit Its Target
by: Erik W. Weibust , Peter A. Steinmeyer
Employment Law This Week Episode 343 - SCOTUS Expands Title VII, EEOC’s Final PWFA Rule, AI Screening Tools [Video, Podcast]
by: George Carroll Whipple, III
EEOC Final Rule Implementing the Pregnant Workers Fairness Act
by: Jennifer Stefanick Barna , Marguerite (Maggie) McGowan Stringer
Interested in Opening a Medical Spa? Here’s What You Need to Know
by: John W. Eriksen , Nivedita B. Patel
Five Commissioners and a Vote on Noncompetes to Come
by: E. John Steren , Patricia M. Wagner
U.S. Judicial Conference Aims to Curb "Judge Shopping": New Guidance Promoting Random Civil Case Assignments
by: Lori A. Medley , Scarlett L. Freeman
FTC Vote on Rule to Ban Non-Competes Scheduled for April 23rd
by: Mark L. Daniels

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins