July 6, 2012

OMIG Releases Compliance Alert for Medicaid Providers

The New York State Office of Medicaid Inspector General (“OMIG”) recently released a Compliance Alert that explains what types of Medicaid providers are required to have a compliance program and what steps those providers can take to ensure that they are meeting their obligations under the law.

The New York Social Services Law and its implementing regulations require certain Medicaid providers to develop, adopt, and implement effective compliance programs, which are designed to detect and prevent inaccurate billing and inappropriate practices in the Medicaid program (“Mandatory Compliance Law”).  N.Y. Soc. Serv. Law § 363-d; 18 N.Y.C.R.R. Part 521.

This Mandatory Compliance Law applies to Medicaid providers operating under Articles 28 or 36 of the Public Health Law or Articles 16 or 31 of the Mental Hygiene Law, or who are newly enrolled in the Medicaid program.  It also applies to providers of care, services, and supplies for which the Medicaid program is or reasonably should be expected to be a “substantial portion of their business operations.”  The regulations define a “substantial portion” as ordering, billing or claiming $500,000 or more from Medicaid during a 12-month period.  The $500,000 threshold applies whether the provider receives the reimbursement directly or indirectly from Medicaid funds.   

Those providers who are required to have a compliance program must submit a certification to the Department of Health (“DOH”) each December that states “that the provider and its affiliates have adopted, implemented and maintain an effective compliance program that meets the requirements of NYS Social Services Law § 363-d and 18 NYCRR Part 521.”  The certification form can be found on the OMIG’s website and is available here.  There is also a tutorial on how to complete the certification form, which is available here.  The 2012 certification form will be available on OMIG’s website on December 1, 2012.  Only on-line certifications will be accepted.

OMIG recommends that providers conduct a self-assessment of their compliance program prior to submitting their annual certification to the DOH:

  • Develop a self-assessment tool:  as a starting point for developing a tool, providers can refer to OMIG’s Compliance Alert 2010-01, which can be accessed here.  The self-assessment tool can be customized to address prior compliance issues or specific compliance risk areas.  Other helpful resources can be accessed through this link to the OMIG Compliance Library.  NOTE: The self-assessment should not be submitted to OMIG, unless it is requested as part of a compliance program review by OMIG.
  • The self-assessment should be conducted early in the year so that the provider will have enough time to make corrections or update the compliance program in advance of the December deadline.
  • The results of the self-assessment should be provided to senior leadership and the governing board.
  • A certification should not be submitted to DOH unless and until the provider makes a determination that it has complied with the Mandatory Compliance Law.

OMIG also recommends that providers take the following additional steps:

  •  The provider should ascertain who the “certifying official” will be.  The certification form has guidance on this.  In most cases, the certifying official will not be the compliance officer.  OMIG strongly encourages that someone from senior management (other than the compliance officer) or a member of the governing authority sign the certification.
  • The provider should also identify the Federal Employer Identification Number (FEIN) that it uses for Medicaid reimbursement purposes.  A separate certification is required for each FEIN.

Lastly, providers should be aware that failure to develop, adopt, and implement an effective compliance program may result in sanctions or penalties, including, but not limited to, the revocation of the provider’s agreement to participate in the Medicaid program. In addition, the OMIG is authorized to impose administrative sanctions, up to and including exclusion from the program, against providers who fail to submit their annual certification.