Since the advent of the Medicaid managed care program there has been a lingering question as to when a Medicaid dollar stopped being a Medicaid dollar.

With fee-for-service providers that were paid directly by the Medicaid program, the answer was always clear-cut – each dollar received from the Medicaid program was a Medicaid dollar and therefore it and the provider who received it were subject to the audit authority of the New York State Office of the Medicaid Inspector General (“OMIG”).

But what about providers contracted through Medicaid managed care organizations (“MCO”) and not directly enrolled as Medicaid providers? Before Governor Cuomo issued his Executive Budget earlier this month, there was debate as to where the OMIG’s audit authority stopped with arguments on either side of the line.  Many argued that the OMIG’s authority stopped with at the doors of the MCO.  After the money was paid to the MCO it was able to negotiate contracts directly with providers and disburse the funds as it saw fit, with each MCO operating independently of each other.  The other side of the coin was that a dollar spent with the purpose of providing care to a Medicaid recipient established that the dollar was a Medicaid dollar from start to finish, regardless of whether it was passed through a MCO.

With the Executive Budget, however, all confusion and debate will be settled.  Per the proposed language of the Health and Mental Hygiene Article VII Legislation, Social Services Law Section 364-j will be amended to state that “[a]ny payment made pursuant to the state’s managed care program, including payments made by managed long term care plans, shall be deemed a payment by the state’s medical assistance program.”

The Executive Budget goes further, clearly defining the OMIG’s ability to recover overpayments made by a MCO to its contracted providers that were discovered during an OMIG audit or investigation, as well as during an investigation or prosecution by the New York State Office of the Attorney General Medicaid Fraud Control Unit (“MFCU”).  If the OMIG is unable to recover the overpayment, the MCO may be required to act on the OMIG’s behalf to recoup the overpaid funds and repay the State within six months of receiving notice of the overpayment.

The legislation sets January 1, 2018 as the start of the review period and, without any amendments to the budget bill by the Legislature, will go into effect immediately upon the Governor signing the bills into law.  With the OMIG poised to begin these audits, MCO-contracted providers should familiarize themselves with the OMIG’s audit protocols and procedures.

Medicaid providers, both fee-for-service and those contracted with MCO, who are interested in taking a proactive stance in preparing for an OMIG or MFCU audit or investigation, or providers who are already the subject of one are encouraged to contact Farrell Fritz’s Regulatory & Government Relations Practice Group at 518.313.1450 or to plan your next move.

As New Yorkers are preparing for Thanksgiving and the official start to the holiday season (although some could argue it started a month ago), required Medicaid providers should also be reviewing their Compliance Programs in preparation to submit their Annual Provider Compliance Program Certification to the New York State Office of the Medicaid Inspector General (“OMIG”).  Required providers must submit a certification at the time of their enrollment and each December thereafter.

As defined by Social Services Law Section 363-d (“Section 363-d”) and Part 521 of Title 18 of the New York Code of Rules and Regulations (“Part 521”), required providers are considered any provider that can answer “Yes” to one of the following questions and therefore must implement a comprehensive Compliance Program:

  1. Is the provider organization subject to Article 28 or Article 36 of the NYS Public Health Law?
  2. Is the provider organization subject to Article 16 or Article 31 of the NYS Mental Hygiene Law?
  3. Does the provider organization claim or order, or can be reasonably expected to claim or order, Medicaid services or supplies of at least $500,000 in any consecutive 12-month period?
  4. Does the provider organization receive Medicaid payments, or can be reasonably expected to receive payments, either directly or indirectly, of at least $500,000 in any consecutive 12-month period?
  5. Does the provider organization submit Medicaid claims of at least $500,000 in any consecutive 12-month period on behalf of another person or persons?

There are two important concepts to be aware of when answering these questions.  First, as defined by the OMIG, Indirect Medicaid Reimbursement is any payment that a provider receives for the delivery of Medicaid care, services, or supplies that comes from a source other than the State of New York.  An example of this is when a provider provides covered services to a Medicaid beneficiary who is enrolled in a Medicaid Managed Care Plan, any payment from the Managed Care Organization is considered an indirect payment.

The second important concept is that the OMIG considers any consecutive 12-month period to be exactly that, any twelve consecutive months.  This determination should not be considered solely on a calendar year.  For example, if a provider established her practice on April 1, 2018 and will not reach $500,000 in either claims or payments by December 31, 2018 but can reasonably expect to hit that mark by March 2019, then that provider should have a Compliance Program in place and be prepared to certify to its implementation by December 31, 2018.

To assist providers, the OMIG’s website identifies seven compliance areas that a provider’s Compliance Program must apply to, as well as eight elements that should be included in all Compliance Programs, regardless of provider type.

The Seven Compliance Areas are:

  1. Billings;
  2. Payments;
  3. Medical necessity and quality of care;
  4. Governance;
  5. Mandatory reporting;
  6. Credentialing; and
  7. Other risk areas that are or should with due diligence be identified by the provider.

The Eight Elements required in every Compliance Program are:

Element 1: Establish written policies and procedures that clearly describe and implement compliance expectations, as well as provide guidance to employees and others on dealing with potential compliance issues.  The written policies and procedures must also identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved.

Element 2: Designate a Compliance Officer who is responsible for the day-to-day operation of the Compliance Program.

Element 3: Establish an effective training and education program for all affected employees and persons associated with the provider, including executives and governing body members (“affected persons”).

Element 4: Establish clear lines of communication to the Compliance Officer that allow all affected persons report compliance issues.  Providers must also establish anonymous and confidential reporting systems.

Element 5: Establish disciplinary policies that are fairly and firmly enforced to encourage good faith participation in the Compliance Program by all affected persons.  The policies must include clear expectations for the reporting or and assistance in resolving compliance issues.  The policies must also include defined sanctions for:

  • failing to report suspected problems;
  • participating in non-compliant behavior; or
  • encouraging, directing, facilitating or permitting either actively or passively non-compliant behavior.

Element 6: Conduct routine compliance assessments for those risk areas specific to the individual provider type, including but not limited to self-audits. These self-audits can be conducted internally or a provider may choose to have an external party conduct the audit.

Element 7: Establish a system for responding to and investigating potential compliance problems as the Compliance Officer becomes aware of them, either by a report received from an affected person or as the result of an internal assessment.  Compliance Program must also establish systems for the provider to report compliance issues the OMIG, as well as repay any related overpayments.

Element 8: Establish a policy of non-intimidation and non-retaliation for good faith participation in the Compliance Program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in sections 740 and 741 of the New York State Labor Law.

As mentioned above, each December, required providers must submit a Provider Compliance Program Certification, attesting that they have a Compliance Plan in place and that Compliance Plan satisfies each of the OMIG’s Eight Elements.  If a provider is unable to unequivocally state that their plan meets these requirements then a certification should not be submitted and immediate steps must be taken to all necessary modifications to establish a satisfactory Compliance Plan.  Any provider who submits a false certification may be subject to sanctions, including monetary fines or provider enrollment termination.

If you are unsure whether your Compliance Plan would satisfy the OMIG’s Eight Elements, or if you are a provider who believes you are required to implement a Compliance Plan and have not done so, please do not hesitate to contact Farrell Fritz’s Regulatory & Government Relations Practice Group at 518.313.1450 or

In Matter of Koch v. Sheehan, the New York Court of Appeals held that the Office of Medicaid Inspector General (“OMIG”) may remove a physician from the Medicaid program based solely on a consent order between the physician and the Bureau of Professional Medical Conduct (“BPMC”), even if BPMC does not suspend the physician’s license and OMIG does not conduct its own investigation.

The BPMC is the adjudicatory arm of the Office of Professional Medical Conduct (“OPMC”), the authority within the New York State Department of Health (“DOH”) charged with investigating complaints of physician misconduct.  OPMC sends the results of its investigations to OMIG, the DOH agency responsible for policing the Medicaid program.

In Koch, the petitioner-physician entered into a consent order with BPMC pleading “no contest” to charges that his care and treatment of two elderly patients failed to meet accepted standards of care.  He agreed to a 36-month probation, but BPMC allowed him to continue practicing medicine.  OMIG, however, removed him from the Medicaid program, without any further investigation and even though BPMC did not impose a suspension of his license.  The Appellate Division annulled the OMIG determination on the grounds that it was arbitrary and capricious for OMIG to bar petitioner-physician from Medicaid when BPMC allowed him to continue his practice, and that OMIG had to conduct an independent investigation before taking such action.

The Court of Appeals held, however, that OMIG is authorized to exclude a physician from the Medicaid program regardless of the sanctions imposed by BPMC, and OMIG is not required to conduct an independent investigation or develop additional evidence before making its decision.  Nevertheless, the Court held that the OMIG decision was arbitrary and capricious, but for a different reason than the Appellate Division.  The Court held that OMIG’s basis for finding the BPMC consent order sufficient to terminate Medicaid participation was not in the administrative record.  Thus, while OMIG has the power to exclude a doctor from Medicaid based solely on a BPMC consent order, and does not have to defer to the BPMC’s decision to allow a doctor to continue practicing, in this instance the administrative record did not have sufficient reasoning to support OMIG’s decision.

The takeaway from this case is supplied by the Court of Appeals itself:  “When resolving charges of professional misconduct with BPMC, physicians and their attorneys should be mindful that a settlement with BPMC does not bind OMIG.”

The New York State Office of the Medicaid Inspector General today announced their new Facebook page.  This could be the only time anyone in the health care industry might consider a declaration that they “like” the OMIG.

While a Facebook page may appear unusual for this less-than-beloved agency, the OMIG’s office has made several recent attempts to open up to the public, including development of a useful web page, and  informative webinars that often provide free attorney CLE credits.  Through these vehicles, the Office continues its efforts to present a friendlier face to the public and the health care industry.

We may be hesitant to be a “friend” of OMIG, but for those of use who watch them closely and deal with them frequently, following the Facebook page and reviewing the postings may provide additional insight into their workings, priorities and expectations, and help us to understand and address ongoing compliance obligations.

Just a reminder to New York State Medicaid providers that certifications under the NYS Social Services Law and the Federal Deficit Reduction Act are due no later than December 31.

All New York State Medicaid providers who are required to have a compliance program under Social Services Law Section 363-d must certify that their compliance programs are effective.  The certification must be completed during the month of December each year.  The Social Services Law certification is an online certification that may be accessed through the New York State Office of the Medicaid Inspector General website under the Compliance tab. 

Medicaid providers subject to the Federal Deficit Reduction Act of 2005 (DRA) must also provide a certification that they are meeting the DRA’s requirements.  The certification must be completed each year prior to January 1st.  The DRA certification may also be accessed on OMIG’s website under the Compliance tab.

There can be significant consequences both for failing to certify and for certifying compliance when not in compliance with the regulatory requirements.  Parties who are unsure whether they need to certify their programs, or who may have questions regarding their compliance programs or certifications, are advised to consult with their attorneys to review their options.

 The New York State Office of the Medicaid Inspector General (“OMIG”) recently finalized regulatory changes to New York State law which relate to the withholding of payments to Medicaid providers when there is a “credible allegation of fraud.”  A credible allegation of fraud is defined as an “allegation that has indicia of reliability and has been verified by the [OMIG], or the Medicaid fraud control unit, or another State agency, or law enforcement organization.”

The changes, which will modify portions of 18 NYCRR 518.7 and 18 NYCRR 518.9, were required as a result of New York’s participation in the Medicaid program under the Affordable Care Act.

Mirror of Federal Requirements

 The changes finalized by the OMIG will mirror federal requirements and will now state that the OMIG “must withhold payments under the program, in whole or in part, when it has determined or has been notified that a provider is the subject of a pending investigation of a credible allegation of fraud unless the [OMIG] finds good cause not to withhold payments” in accordance with applicable federal regulations.

Prior to the finalization of these changes the determination by the OMIG to implement a withhold was discretionary and the OMIG could withhold amounts where it had “reliable information that a provider is involved in fraud or willful misrepresentation involving claims…or has abused the program or has committed an unacceptable practices.”

A Provider’s Rights to Appeal Withholds

The changes also provide a method for providers that are the subject of the withholding to appeal the OMIG’s decision.  Although not entitled to an administrative hearing, the affected provider may, within 30 days of the notice, submit written arguments and documentation that the withhold should be removed.  The OMIG will provide a response to the provider no later than 60 days after receiving such written arguments or documentation.  The OMIG will, in its response, inform the provider of its determination to either affirm, reverse or modify the withhold, either in whole or in part.

Any provider that is affected by the withholding of Medicaid payments by the OMIG should consult with its counsel to determine an appropriate response to the OMIG.

The New York State Office of the Medicaid Inspector General (“OMIG”) recently released its Compliance Program Guidance for General Hospitals.   While the OMIG had previously released a Compliance Program Assessment Tool, the new Guidance document provides a far greater level of detail as to the expectations of a hospital’s compliance program.

New York State law (Social Services Law Section 363-d and 18 NYCRR Section 521.3) requires that hospitals and most other Medicaid providers adopt and implement “effective compliance programs” in order to participate in New York’s Medicaid program.  If a Medicaid provider fails to implement an effective compliance program, that provider may be ineligible to bill or receive Medicaid payments, and the provider’s participation in the Medicaid program could be revoked.

Eight Elements of an Effective Compliance Program

The compliance program implemented by Medicaid providers must apply to billings, payments, medical necessity and quality of care, governance, mandatory reporting, credentialing and other risk areas that are or should, with due diligence, be identified by the provider.  The Guidance provides OMIG’s views on the eight elements for effective compliance programs.  In brief, the eight elements are as follows:

(1)  Written Policies and Procedures
(2)  Designation of Compliance Officer
(3)  Training and Education
(4)  Communication Lines to the Compliance Officer
(5)  Disciplinary Policies
(6)  Identification of Compliance Risk Areas and Non-Compliance
(7)  Responding to Compliance Issues
(8)  Policy of Non-Intimidation and Non-Retaliation

The Guidance breaks down each element into multiple requirements, and the provides numerous specific recommendations for each requirement.  For example, under Element #2, Requirement #2, these can be as broad as “the compliance officer advises on compliance related contract provisions” and as specific as which committee meetings the Compliance Officer might attend (quality assurance, risk management, billing and coding, and credentialling).

The OMIG continues to conduct compliance program effectiveness reviews, and has stated that adherence to the Guidance document recommendations will be one measure of an effective program.

Not Just for Hospitals

While directly relevant and specific to acute care hospitals in New York, the Guidance is recommended reading for all other Medicaid providers.  Non-acute care providers will gain insight into items OMIG will look for in a compliance program, and may elect to proactively amend their compliance programs.  In addition, providers who service hospitals are likely to find language in their contracts mandating that they abide by the hospitals’ compliance programs.