Jump to Navigation


Mandatory Compliance Programs: Is Your Program Adequate?

Healthcare Law Update

June 4, 2008

The State of New York recently established the New York State Office of Medicaid Inspector General (OMIG). It also created a new Social Services Law which requires Medicaid providers to develop and implement compliance programs aimed at detecting fraud, waste and abuse in the Medicaid program.  The intent and purpose of the law requires Medicaid providers to organize provider resources to resolve payment discrepancies and detect inaccurate billings, and to impose a systemic oversight to prevent future recurrences.  The Law applies to those Medicaid providers of care, services and supplies of which the Medicaid program "constitutes a substantial portion of their business operations." Certain Medicaid providers were automatically covered, including those providers subject to the Public Health Law and the Mental Hygiene Law.  In 2007 the OMIG was authorized to further define the coverage of applicability of the new law to Medicaid providers and directed to outline the types of providers that will be responsible for adopting and implementing a compliance program.

A covered provider must develop and adopt an effective compliance program that is appropriate to the characteristics of the provider.  Generally, for a program or plan to be effective, any compliance program must reflect a provider's size, complexity, resources and culture. The new law contains a set of minimum core program requirements that are applicable to all covered providers, regardless of size. 

The statute mandates that providers have: written policies and procedures; designate an employee vested with responsibility for the day-to-day operation of the compliance program; provide training and education of all affected employees and persons associated with the provider, including executives and governing body members; ensure open lines of communication to the designated compliance employee; these communication lines should include a method for anonymous and confidential good faith reporting of potential compliance issues as they are identified.

A program must also have: a system for routine identification of risk areas specific to the provider type; a system for responding to compliance issues as they are raised; and a policy of whistle blower protection.

The new law authorized the OMIG and DOH to determine at any time if a covered provider's compliance program satisfies the mandated requirements.  Additionally, a provider enrolling in the medical assistance program shall certify with DOH the provider's compliance program satisfactorily meets the requirements of the new law. Failure for a covered provider to comply subjects the provider to sanctions or penalties permitted by federal or state law and regulations, including but not limited to exclusion from participation in the Medicaid program.