As New Yorkers are preparing for Thanksgiving and the official start to the holiday season (although some could argue it started a month ago), required Medicaid providers should also be reviewing their Compliance Programs in preparation to submit their Annual Provider Compliance Program Certification to the New York State Office of the Medicaid Inspector General (“OMIG”).  Required providers must submit a certification at the time of their enrollment and each December thereafter.

As defined by Social Services Law Section 363-d (“Section 363-d”) and Part 521 of Title 18 of the New York Code of Rules and Regulations (“Part 521”), required providers are considered any provider that can answer “Yes” to one of the following questions and therefore must implement a comprehensive Compliance Program:

  1. Is the provider organization subject to Article 28 or Article 36 of the NYS Public Health Law?
  2. Is the provider organization subject to Article 16 or Article 31 of the NYS Mental Hygiene Law?
  3. Does the provider organization claim or order, or can be reasonably expected to claim or order, Medicaid services or supplies of at least $500,000 in any consecutive 12-month period?
  4. Does the provider organization receive Medicaid payments, or can be reasonably expected to receive payments, either directly or indirectly, of at least $500,000 in any consecutive 12-month period?
  5. Does the provider organization submit Medicaid claims of at least $500,000 in any consecutive 12-month period on behalf of another person or persons?

There are two important concepts to be aware of when answering these questions.  First, as defined by the OMIG, Indirect Medicaid Reimbursement is any payment that a provider receives for the delivery of Medicaid care, services, or supplies that comes from a source other than the State of New York.  An example of this is when a provider provides covered services to a Medicaid beneficiary who is enrolled in a Medicaid Managed Care Plan, any payment from the Managed Care Organization is considered an indirect payment.

The second important concept is that the OMIG considers any consecutive 12-month period to be exactly that, any twelve consecutive months.  This determination should not be considered solely on a calendar year.  For example, if a provider established her practice on April 1, 2018 and will not reach $500,000 in either claims or payments by December 31, 2018 but can reasonably expect to hit that mark by March 2019, then that provider should have a Compliance Program in place and be prepared to certify to its implementation by December 31, 2018.

To assist providers, the OMIG’s website identifies seven compliance areas that a provider’s Compliance Program must apply to, as well as eight elements that should be included in all Compliance Programs, regardless of provider type.

The Seven Compliance Areas are:

  1. Billings;
  2. Payments;
  3. Medical necessity and quality of care;
  4. Governance;
  5. Mandatory reporting;
  6. Credentialing; and
  7. Other risk areas that are or should with due diligence be identified by the provider.

The Eight Elements required in every Compliance Program are:

Element 1: Establish written policies and procedures that clearly describe and implement compliance expectations, as well as provide guidance to employees and others on dealing with potential compliance issues.  The written policies and procedures must also identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved.

Element 2: Designate a Compliance Officer who is responsible for the day-to-day operation of the Compliance Program.

Element 3: Establish an effective training and education program for all affected employees and persons associated with the provider, including executives and governing body members (“affected persons”).

Element 4: Establish clear lines of communication to the Compliance Officer that allow all affected persons report compliance issues.  Providers must also establish anonymous and confidential reporting systems.

Element 5: Establish disciplinary policies that are fairly and firmly enforced to encourage good faith participation in the Compliance Program by all affected persons.  The policies must include clear expectations for the reporting or and assistance in resolving compliance issues.  The policies must also include defined sanctions for:

  • failing to report suspected problems;
  • participating in non-compliant behavior; or
  • encouraging, directing, facilitating or permitting either actively or passively non-compliant behavior.

Element 6: Conduct routine compliance assessments for those risk areas specific to the individual provider type, including but not limited to self-audits. These self-audits can be conducted internally or a provider may choose to have an external party conduct the audit.

Element 7: Establish a system for responding to and investigating potential compliance problems as the Compliance Officer becomes aware of them, either by a report received from an affected person or as the result of an internal assessment.  Compliance Program must also establish systems for the provider to report compliance issues the OMIG, as well as repay any related overpayments.

Element 8: Establish a policy of non-intimidation and non-retaliation for good faith participation in the Compliance Program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in sections 740 and 741 of the New York State Labor Law.

As mentioned above, each December, required providers must submit a Provider Compliance Program Certification, attesting that they have a Compliance Plan in place and that Compliance Plan satisfies each of the OMIG’s Eight Elements.  If a provider is unable to unequivocally state that their plan meets these requirements then a certification should not be submitted and immediate steps must be taken to all necessary modifications to establish a satisfactory Compliance Plan.  Any provider who submits a false certification may be subject to sanctions, including monetary fines or provider enrollment termination.

If you are unsure whether your Compliance Plan would satisfy the OMIG’s Eight Elements, or if you are a provider who believes you are required to implement a Compliance Plan and have not done so, please do not hesitate to contact Farrell Fritz’s Regulatory & Government Relations Practice Group at 518.313.1450 or NYSRGR@FarrellFritz.com.