Providers practicing in New York State who are enrolled in Medicaid should strongly consider revisiting their compliance programs following the recent issuance of new requirements by the New York State Office of the Medical Inspector General (OMIG).

On December 28, 2022, the OMIG issued new regulations (18 NYCRR 521-1.1, et seq.) requiring Medicaid-enrolled providers practicing in New York State to maintain their compliance programs in accordance with newly detailed standards and codifying the obligation of providers to self-disclose Medicaid overpayments.

On January 31, 2023, OMIG released three guidance documents to assist providers in ensuring they meet the new obligations. In reviewing the guidance, OMIG states that an effective compliance program:

  • is well-integrated into the company’s operations and supported by the highest levels of the organization, including the chief executive, senior management, and the governing body;
  • promotes adherence to the provider’s legal and ethical obligations; and
  • is reasonably designed and implemented to prevent, detect, and correct non-compliance with Medicaid program requirements, including fraud, waste, and abuse most likely to occur for the provider’s risk areas and organizational experience.

The guidance further provides examples and details of what OMIG considers the necessary items to properly satisfy the seven essential elements of a compliance program, which are:

  1. Written Policies, Procedures, and a Code of Conduct
  2. Establishment of a Compliance Officer and Compliance Committee
  3. Effective Compliance Training and Education
  4. Proper Lines of Communication for Reporting
  5. Defined Disciplinary Standards
  6. Routine Auditing and Monitoring
  7. Established Processes for Responding to Compliance Issues

Of further importance, OMIG has defined the steps it will follow in conducting routine reviews of provider compliance programs. These steps include:

  • Written notification of the review to the required provider;
  • Requiring the provider to download a module from OMIG’s website, complete the module, and submit supporting documentation to OMIG within 30 days for OMIG’s review; and
  • OMIG’s written compliance program assessment, recommendations for improvement, and a numerical scorecard indicating whether the required provider satisfactorily met the compliance requirements for each month of the review period (not to exceed 12 months).

Providers should expect OMIG to increase its reviews and thus should take advantage of the 30-day period to reassess their compliance programs and make the necessary changes.

The self-disclosure obligations included in the revised regulations largely codify what was already required of providers under the Affordable Care Act (ACA), which is that self-disclosure and repayment of Medicaid overpayments is mandatory. Providers should recognize this as a sign that the OMIG intends to more closely scrutinize inaction by providers in the face of identified overpayments. Accordingly, providers have an obligation to report, return, and explain any overpayment they receive from the New York State Medicaid program. These repayments must be returned the later of (i) 60 days after the overpayment is identified or (ii) the date any corresponding cost report is due with the overpayment being deemed identified when a person has identified, or “should have” identified, the overpayment “through the exercise of reasonable diligence.” The new regulations specify that a self-disclosure statement must contain a “detailed explanation” of the circumstances giving rise to the overpayment, how the overpayment was discovered, the provider’s corrective action taken, and other elements. By pursuing a self-disclosure, a provider may request a waiver of interest and a repayment plan for return of the overpayment. See 18 NYCRR 531-3.1, et seq.

While the regulations discussed herein became effective immediately upon issuance, OMIG announced in its guidance that it has given providers until March 28, 2023, to adopt and implement the necessary changes to their compliance programs to bring them into conformity with the new regulatory requirements.

Providers would be wise to consult counsel and closely analyze their compliance programs to identify any potential gaps and strengthen their programs now, rather than awaiting the day when an issue arises.

Tags: Compliance Programs, Medicaid, New York Providers, New York State Office of the Medicaid Inspector General, OMIG
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of John W. Kaveney John W. Kaveney

Partner, Healthcare and Litigation Departments

Mr. Kaveney focuses his practice in the area of healthcare law, representing a range of clients that includes for-profit and non-profit hospitals and health systems, academic medical centers, individual physicians and physician groups, ambulatory surgery centers, ancillary service…

Partner, Healthcare and Litigation Departments

Mr. Kaveney focuses his practice in the area of healthcare law, representing a range of clients that includes for-profit and non-profit hospitals and health systems, academic medical centers, individual physicians and physician groups, ambulatory surgery centers, ancillary service providers, medical billing companies, skilled nursing and rehabilitation facilities, behavioral health centers and pharmacies.

His practice in the healthcare field encompasses advising healthcare clients on corporate compliance matters, including the implementation of new, and the assessment of existing, corporate compliance programs. He also assists healthcare clients with compliance audits and investigations, as well as guiding clients through the self-disclosure and repayment processes. Finally, he provides general legal advice concerning compliance and regulatory matters under state and federal healthcare laws.

In the area of information privacy and data security, Mr. Kaveney advises healthcare clients on issues arising under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH). This includes the implementation and assessment of privacy and security policies and procedures to ensure the proper protection and utilization of protected health information both by healthcare providers and the business associates with which they contract. In addition, he represents healthcare clients in investigating, reporting, and remediating information breaches and the liability such breaches create under various information privacy and security laws.

Additionally, Mr. Kaveney provides counsel on Medicaid and Medicare reimbursement matters before the Division of Medical Assistance and Health Services and the Provider Reimbursement Review Board, as well as assisting clients in civil litigation and with professional licensing and medical staffing concerns.

Contact information:

jkaveney@greenbaumlaw.com | 973.577.1796 | vCard | LinkedIn

For more information visit the Greenbaum, Rowe, Smith & Davis LLP website.

Read more about John W. Kaveney
Show more Show less
Related Posts
 Medicare Telehealth Flexibilities Are Once Again Extended
March 19, 2025
 Foreseeability in Psychiatric Malpractice Claims
March 17, 2025
 Criminalizing Reproductive Care and Abortion Services through Telehealth
February 14, 2025