Contact Us

The Focus is on “Effectiveness”


With an effective date of October 1, 2009, New York State mandated that any healthcare organization providing services within NY State, and for which Medicaid constitutes $500,000 or more of the provider’s annual business operations (considered “substantial” and defined as ordering, providing, billing or claiming $500,000 or more from Medicaid in a twelve-month period), must have an “effective” compliance program and certify on an annual basis that the compliance program meets related statutory requirements.

The effective compliance program requirement is also applicable to any New York State provider subject to the provisions of Articles 28 or 36 of the New York Public Health Law or Articles 16 or 31 of the New York Mental Hygiene Law, regardless of the amount of Medicaid business.

One important aspect of this mandatory NY State compliance regulation is that it not only calls for the primary organization (e.g. Physician, Hospital, SNF) to have an “effective compliance program, it also calls for any vendor being used by the organization (e.g. Third Party Billing Company, Coding Auditors, Waste Disposal, etc) also has an “effective” compliance program/is part of your program.

What your organization needs to do:

The good news is that the NY State Medicaid OIG guidance recommended specific compliance program elements and identified certain key risk areas are similar in nature to the United States Federal Sentencing Guidelines (“Sentencing Guidelines”), Chapter 8, Part B (§8B2.1, “Effective Compliance and Ethics Program”).

Whether you focus on NY State compliance program elements and risk areas, or are most familiar with the US Federal Sentencing Guidelines, the goal of both are to address overall “effectiveness” factors to determine whether an organization’s compliance program is adequately designed to prevent, detect and respond to criminal conduct. 

The “effectiveness” factors of both NY State and the Federal Guidelines include organizational culture, governance and oversight, communication, training and remediation (including discipline).

The benefit to meeting both:

NY State Medicaid OIG MANDATES an effective compliance plan and certification of such by entities doing business at the $500,000 or greater level with Medicaid while the US Sentencing Guidelines provide the Federal government with standards for the determination of organizational culpability and establishment of sanctions, but meeting the compliance program “effectiveness” criteria can be a significant mitigating factor for organizations in the unfortunate situation of facing penalties as a result of criminal conduct.

Why it’s a good idea to comply and certify:

New York’s Mandatory Medicaid Compliance Program requirements, implemented under the authority of the New York State Office of the Medicaid Inspector General (“NYS OMIG”), are considered a significant step in the transition toward mandatory compliance programs for healthcare organizations and are likely to serve as a model for future State and Federal legislation.

So how to comply?

The New York Mandatory Medicaid Compliance Program requirements are a result of New York Social Services Law §363-d and New York State Codes, Rules and Regulations Title 18, Part 521 (“Provider Compliance Programs” or “Part 521”).  Part 521 defines the entities to which the requirements apply (“covered providers”) and mandates that each covered provider’s compliance program include the following eight elements (as included in §521.3(c)):

1. Policies and Procedures

2. Compliance Officer

3. Training and Education

4. Communication

5. Discipline

6. Auditing and Monitoring/Risk Area Identification

7. Reporting and Response

8. Non-Retaliation

This is not the same old, same old:

As noted, anyone who has familiarity with the US Federal Sentencing Guidelines and the OIG Statement of Work each year will recognize these requirements. One big difference is that the Federal Government has their Statement of Work to give you an idea of what they may choose to examine, and the Federal Sentencing Guidelines to give you an idea of what you would face if problems are found. But they are in fact voluntary guidelines.

The important difference is that New York has both mandated these components of an “effective” plan, and it has made the Part 521 requirements are more stringent than any previous voluntary guidelines! In fact, NYS Part 521 specifies that the compliance program must be effective, and mandates that the scope of the compliance program include the following (as included in §521.3(a)):Billings;Payments;Medical necessity and quality of care;Governance;Mandatory reporting;Credentialing; andOther risk areas that are or, with due diligence, should be identified by the provider.

Certification and OMIG Oversight:

New York covered providers were required to submit an initial executive certification of their compliance with the Mandatory Medicaid Compliance Program requirements to the NYS OMIG (via online form NYS OMIG CCSSL2009-1) by December 31, 2009 and are required to submit an annual certification on or before December 31 of each year thereafter.

What should you be doing?

First, determine if your practice (and the companies with which you do business, such as third party billers, coders, etc) meet the requirements of handling $500,000 of Medicaid monies per year (consider Primary, Secondary and Managed Care sources). If so, you should “enroll” with the NYS OMIG through the certification process, and determine whether or not the applicable vendors with whom you do business have certified as well.  As stated previously, failure to do so can potentially result in serious sanctions or penalties.

Next, conduct a comprehensive “baseline” compliance program effectiveness assessment.  Remember, for New York State providers subject to Part 521, it is not acceptable to have a compliance program that looks “good on paper”! The program must meet the statutory requirements of an “effective plan” which means that is can:

>Identify and disclose any overpayments received

>Identify, evaluate and remediate risk areas

>Investigate and respond to issues reported through hotlines or employee disclosures.

>Demonstrate Governance oversight of the compliance program

>Have a designated Compliance Officer with enough time to devote to compliance and who has an effective reporting structure

>Have a Code of Ethics and written Policies and Procedures for Compliance and associated topics such as risk area assessment, reporting, etc. which are current, comprehensive, and available to all employees, agents, and contractors?)

>Include Compliance training which is documented and tracked and which is provided to all new employees, all current employees, providers, and appropriate vendors.

>Include auditing and assessment of high risk areas

>Has a formal system for compliance reporting and disciplinary activities for failure to comply/retaliation protection for those that report