Mandatory Compliance Program for New York’s Healthcare Providers

The necessity of having a compliance program is no longer a requirement providers can ignore. In the next series of articles, we briefly address the compliance program requirements for New York State Medicaid providers, starting with the overview of the regulations below.

Legal Framework

In 2006, the NYS Legislature passed a law that required healthcare providers and suppliers enrolled in the Medicaid program to adopt and implement a compliance program for the purpose of detecting and correcting payment and billing mistakes as well as fraud. (New York State Social Services Law § 363-d). The same law also established the Office of the Medicaid Inspector General (OMIG), the watchdog agency overseeing the integrity of the Medicaid program. The law directed OMIG to create regulations detailing the requirements of a compliance program. OMIG promulgated such regulations at 18 NYCRR 521, and they went into effect on July 1, 2009.

Who Must Have A Compliance Program?

New York State Social Services Law § 363-d requiers that the following providers and suppliers impliment a compliance program:

  1. those subject to article 28 or 36 of the NYS Public Health law;
  2. those subject to article 16 or 31 of the NYS Mental Hygiene Law; and
  3. other providers of care, services and supplies under the medical assistance program for which the medical assistance program is a substantial portion of their business operations.

The law imposes an obligation on providers subject to Article 28 and 36 of the Publich Health Law and Articles 16 and 31 of the Mental Hygiene Law to have a compliance program, irrespective of the payment amount received from Medicaid. Providers not subject to these Articles are required to have a compliance program only if Medicaid is a “substantial portion of their business.”

A provider for which Medicaid is a “substantial portion of their business” is further defined at 18 NYCRR 521 as a provider that:

  1. claims, orders or has claimed or has ordered or should be reasonably expected to claim or order at least $500,000 in any consecutive 12-month period from Medicaid;
  2. receives or has received or should be reasonably expected to receive at least $500,000 in any consecutive 12-month period directly or indirectly from Medicaid; or
  3. submits or has submitted claims for care, services, or supplies to the Medicaid program on behalf of another person or persons in the aggregate of at least $500,000 in any consecutive 12-month period.

OMIG interprets “direct” payments to mean the fee-for-service payments that a provider receives directly from the Medicaid program. Also being added to the threshold level of $500,000 are the “indirect” payments, such as those made by a managed care organizations to providers.

Basic Areas Targeted for Compliance

The regulation provides that a compliance program must apply to:

  • billings
  • payments
  • medical necessity and quality of care
  • governance
  • mandatory reporting
  • credentialing, and
  • other risk areas that are or should, with due diligence, be identified by the Medicaid provider.

Federal Law Requirements

It should also be noted the Affordable Care Act (Act) Section 6401(a), as part of its enhanced provider screening requirements, imposes an obligation on providers and suppliers enrolling or revalidating with Medicare, to implement a compliance program. The Centers for Medicare & Medicaid Services has indicated that it plans to issue regulations requiring providers and suppliers to adopt compliance programs with certain core elements in the near future. Nursing homes, however, under 6102, must have an effective compliance program by March 2013. Even before it was mandatory, however, the Office of Inspector General (OIG) within the Department of Health and Human Services, recommended that individual and small group physicians have compliance programs to enhance the integrity of the Medicare Program. Similarly, OIG published a Compliance Program Guidance for Clinical Laboratories in 1997 and a Compliance Program Guidance for Hospitals in 1998, as part of its efforts to engage providers and suppliers in reducing fraud, waste and abuse in the Medicare program.

The next articles in this series will address the annual certification requirement as well as the core elements of a compliance program.

If you have questions about the NYS Medicaid compliance program requirements, provider Medicare or Medicaid enrollment or revalidation requirements, the New York State or New Jersey Medicaid Programs, or need other legal assistance, please contact us.