On January 14, 2009, the New York Office of Medicaid Inspector General (OMIG) issued proposed regulations that set forth the requirements for OMIG’s mandatory compliance program. These proposed regulations would apply to New York Medicaid providers subject to the provisions of Article 28 and Article 36 of the Public Health Law (for example, hospitals, nursing homes and home care providers) as well as providers subject to Article 16 or Article 31 of the Mental Hygiene Law (mental health facilities). These providers are already required by the Social Services Law Section 363-d to have compliance programs in place. The proposed regulations define the requirements for a third category referenced in Social Services Law Section 363-d, which are the “providers for which Medicaid claims made up a substantial portion of their business operations.” Examples of these types of providers include pharmacies, physicians, dentist and DME companies. This third category of individuals and entities that either order from the Medicaid program, submit claims on behalf of themselves or others, expect to claim, or expect to receive $500,000 or more in Medicaid funds in any 12-month period, are also subject to the compliance program requirements.

Compliance programs must include:

1. A written code of conduct or code of ethics for employees and other personnel;

2. Designation of an employee with day-to-day operational responsibility for the compliance program;

3. Periodic compliance education and training for existing employees, executives and the governing body members, as well as new employees;

4. Mechanisms to report compliance issues to the individual responsible for compliance as they are identified, including a method to report compliance issues anonymously and confidentially;

5. Disciplinary policies to encourage good faith participation program

6. A system by which the provider can routinely identify areas of compliance risk specific to the provider type;

7. A system for responding, investigating and correcting compliance issues that are identified either via reporting or self-audit, and a method to implement policies to prevent recurrence, identifying and reporting compliance issues to the OMIG, and refunding of overpayments; and

8. A policy that prohibits intimidation or retaliation for an individual’s participation in the compliance program.

Upon enrollment with Medicaid, and annually every December for those providers already enrolled, providers will be required to certify that they have a compliance program in place that meets the requirements of the regulations. If a provider does not have a satisfactory compliance program, the provider may be subject to sanctions and penalties, including revocation of the provider’s participation in Medicaid. If the regulations go into effect, providers who do not yet have a compliance program in place will have 90 days from the effective date of the regulations to implement a compliance program that meets the requirements of the regulations. If a provider fails to implement a compliance program within 90 days of the effective date of the regulations, the provider may be subject to sanctions or penalties.

Providers have 45 days from January 14, 2009 to comment on the proposed regulations.

The full text and comments to the regulations are available here.