Providers practicing in New York State who are enrolled in Medicaid should strongly consider revisiting their compliance programs following the recent issuance of new requirements by the New York State Office of the Medical Inspector General (OMIG).

On December 28, 2022, the OMIG issued new regulations (18 NYCRR 521-1.1, et seq.) requiring Medicaid-enrolled providers practicing in New York State to maintain their compliance programs in accordance with newly detailed standards and codifying the obligation of providers to self-disclose Medicaid overpayments.

On January 31, 2023, OMIG released three guidance documents to assist providers in ensuring they meet the new obligations. In reviewing the guidance, OMIG states that an effective compliance program:

  • is well-integrated into the company’s operations and supported by the highest levels of the organization, including the chief executive, senior management, and the governing body;
  • promotes adherence to the provider’s legal and ethical obligations; and
  • is reasonably designed and implemented to prevent, detect, and correct non-compliance with Medicaid program requirements, including fraud, waste, and abuse most likely to occur for the provider’s risk areas and organizational experience.

The guidance further provides examples and details of what OMIG considers the necessary items to properly satisfy the seven essential elements of a compliance program, which are:

  1. Written Policies, Procedures, and a Code of Conduct
  2. Establishment of a Compliance Officer and Compliance Committee
  3. Effective Compliance Training and Education
  4. Proper Lines of Communication for Reporting
  5. Defined Disciplinary Standards
  6. Routine Auditing and Monitoring
  7. Established Processes for Responding to Compliance Issues

Of further importance, OMIG has defined the steps it will follow in conducting routine reviews of provider compliance programs. These steps include:

  • Written notification of the review to the required provider;
  • Requiring the provider to download a module from OMIG’s website, complete the module, and submit supporting documentation to OMIG within 30 days for OMIG’s review; and
  • OMIG’s written compliance program assessment, recommendations for improvement, and a numerical scorecard indicating whether the required provider satisfactorily met the compliance requirements for each month of the review period (not to exceed 12 months).

Providers should expect OMIG to increase its reviews and thus should take advantage of the 30-day period to reassess their compliance programs and make the necessary changes.

The self-disclosure obligations included in the revised regulations largely codify what was already required of providers under the Affordable Care Act (ACA), which is that self-disclosure and repayment of Medicaid overpayments is mandatory. Providers should recognize this as a sign that the OMIG intends to more closely scrutinize inaction by providers in the face of identified overpayments. Accordingly, providers have an obligation to report, return, and explain any overpayment they receive from the New York State Medicaid program. These repayments must be returned the later of (i) 60 days after the overpayment is identified or (ii) the date any corresponding cost report is due with the overpayment being deemed identified when a person has identified, or “should have” identified, the overpayment “through the exercise of reasonable diligence.” The new regulations specify that a self-disclosure statement must contain a “detailed explanation” of the circumstances giving rise to the overpayment, how the overpayment was discovered, the provider’s corrective action taken, and other elements. By pursuing a self-disclosure, a provider may request a waiver of interest and a repayment plan for return of the overpayment. See 18 NYCRR 531-3.1, et seq.

While the regulations discussed herein became effective immediately upon issuance, OMIG announced in its guidance that it has given providers until March 28, 2023, to adopt and implement the necessary changes to their compliance programs to bring them into conformity with the new regulatory requirements.

Providers would be wise to consult counsel and closely analyze their compliance programs to identify any potential gaps and strengthen their programs now, rather than awaiting the day when an issue arises.