NY OMIG compliance program enforcements begins, self-disclosure requirements expand

Listen to article
15 minute read

Many healthcare organizations and their boards struggle to know whether their compliance programs are meeting baseline effectiveness expectations. One way to judge a compliance program is to look at various mandatory program requirements imposed by state or federal governments. New York (NY) offers one such guidepost. Significant changes to mandatory compliance program requirements for NY healthcare providers and health plans are now in effect. On December 28, 2022, the NY State (NYS) Office of the Medicaid Inspector General (OMIG) adopted 18 NY Codes, Rules and Regulations (NYCRR) Part 521-1 (Part 521-1), which repealed the former regulations governing compliance programs for providers to detect and prevent fraud, waste, and abuse in the Medicaid program.[1] Noncompliance may result in exclusion and removal from the Medicaid program along with other monetary penalties and sanctions. While the requirements are only applicable to entities doing business in NY, out-of-state providers should pay close attention to OMIG’s mandates and potentially consider incorporating some of the changes into their own compliance programs on a voluntary basis.

NY providers must ensure they have implemented the proper changes into their compliance programs. As of March 28, 2023, OMIG stated it would begin enforcing the requirements of Part 521-1, and as of July 3, 2023, OMIG indicated that it will begin initiating compliance program reviews with a review period beginning on April 1, 2023 (a look back period). Observers are taking particular note of the amendments made to Part 521-1 as OMIG has long stated that eligibility to receive Medicaid payments required compliance with these regulations. This principle is codified in statute as a “condition of payment” for Medicaid claims.[2] Noncompliance may result in exclusion, removal from the Medicaid program, and other monetary penalties and sanctions. Monetary penalties against providers may begin at $5,000 per calendar month for a maximum of 12 calendar months. If a monetary penalty was previously imposed on a provider within five years, an additional penalty of up to $10,000 per calendar month for a maximum of 12 calendar months may be imposed. The requirements of Part 521-1 now apply to managed care providers or managed long-term care plans (collectively referred to as MMCOs), and there are new sections applicable solely to MMCOs.

Compared with the previous version of Part 521-1, the new amendments are substantially more detailed and designed to compel providers to focus on ensuring that their compliance programs are tailored to address their particular areas of potential risk (as subsequently described in more detail) and continually optimize and grow their programs to prevent recurring issues. Many of the mandatory compliance program requirements are consistent with current voluntary standards recommended by the U.S. Department of Health and Human Services Office of the Inspector General and Federal Sentencing Guidelines.[3] But there are areas where OMIG regulations go beyond what some currently, well-designed compliance programs may have in place. Consequently, providers and health plans operating in NY and doing business with the state Medicaid program should assess whether any changes to their programs are required. Additionally, the revised Part 521-1 includes some thoughtful commentary that entities not subject to the mandatory provisions could consider in terms of voluntary compliance.

Providers must certify to the OMIG annually that their compliance program meets these requirements.

In addition to the mandatory compliance program changes, as of August 21, 2023, OMIG has updated and introduced a new process for Medicaid providers to report, return, and explain overpaid Medicaid funds. NY Medicaid providers should be aware that they are required to report any overpayments involving possible fraud, waste, abuse, or inappropriate payment of funds to OMIG “within 60 days of identification, or by the date any corresponding cost report was due, whichever is later.”[4] Providers who discover overpayments through self-review, compliance programs, or internal control should be cognizant that there is no dollar threshold for reporting, and all self-identified inappropriate Medicaid payments received should be disclosed in the manner set forth below.

Certain key amendments to Part 521-1 and to the self-disclosure program that providers should be aware of are summarized as follows:

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field