Compliance Season: Assessing Provider Readiness for OMIG Certification

Medical, health home, mental health, and other providers licensed by the New York State Department of Health, Office of Mental Health or other governmental agency, and any providers ordering, providing, billing or claiming at least $500,000 from Medicaid in a consecutive twelve month period, are required to have an effective compliance program. Those providers must submit annual compliance program certifications to the New York State Office of the Medicaid Inspector General (“OMIG”) by December 31, 2015.

As the deadline to submit the compliance certifications nears, providers should review their existing compliance programs and assess their readiness to certify in order to avoid the imposition by OMIG of administrative penalties and sanctions, including exclusion from the Medicaid program.  According to New York State Law, compliance programs must include the eight elements described below.

Element 1: Written Policies and Procedures

Providers should review their existing compliance program documents to assess whether it addresses risk areas that are specific to the provider type such as billing, payments, medical necessity, quality of care, governance, mandatory reporting, credentialing, and other areas, including those in the OMIG 2015-2016 Work Plan, which may also indicate other risk areas specific to the provider type that will be of focus in the Medicaid program.  It is imperative for providers to ensure that policies and procedures related to compliance are not simply part of a “binder on a shelf,” but are truly implemented and updated in response to identified risk areas and updates in the law.

Element 2:  Designation of Compliance Officer

OMIG has stated that generally, the “Certifying Official” who submits the online certification on behalf of the provider should not be the “Compliance Officer.”  The Compliance Officer must be an employee of the provider who is vested with the responsibility for the day-to-day operation of the compliance program.  This individual must have direct lines of communication with both legal counsel and senior management.  The Certifying Official, on the other hand, is a member of senior management (or the governing board) to which the Compliance Officer reports.

Element 3: Training and Education

Providers should incorporate compliance training and education into the orientation process for new hires and new governing body members to ensure that they are aware and understand their compliance obligations upon commencement of employment or ongoing relationship with the provider.  In addition to annual training, periodic training may be needed for specialized areas or for particular types of employees. Every employee should know that the practice has a compliance program if asked by an auditor, and employees should also be educated that they are not required to answer other inquiries by an auditor; it is acceptable to direct to the practice’s outside counsel.

Element 4: Communication lines to the Compliance Officer

Open lines of communication are necessary to ensure that employees and persons associated with the provider have access to the compliance function to allow for reporting of compliance issues.  Providers must make efforts such as utilizing compliance posters and electronic communications to inform individuals of the methods by which they may contact the compliance officer, including the ability to anonymously and confidentially report potential compliance issues.  Providers need to establish a compliance hotline that does not have caller identification capability, and may also utilize locked drop boxes to accept reports of potential compliance issues.  Locked drop boxes should not be placed in view of security cameras to ensure anonymous and confidential reporting.

Element 5: Disciplinary Policies and Procedures

Disciplinary policies and procedures are an integral factor in encouraging good faith participation in the compliance program.  These policies should give employees and persons associated with the provider a description of the types of sanctions that may applicable and must be fairly and firmly enforced for all persons associated with the provider.

Element 6: Identification of Compliance Risk Areas and non-compliance

Providers must conduct a risk assessment prior to certification and on an ongoing basis, and may use the OMIG self-assessment form or a more customized form to identify areas specific to their provider type. A more customized form may demonstrate that provider’s efforts to determine specific risk areas and ultimately provider’s commitment to compliance.  Internal and external audits must be conducted to ensure compliance with all laws and with the provider’s compliance program.

Element 7:  Responding to Compliance Issues

In response to the identification of compliance issues, providers may need to implement corrective action plans and targeted trainings to adequately address those risk areas.  In certain circumstances, reporting to governmental or private entities may be required.  Providers should work with consulting counsel to carefully construct corrective action plans and reports to agencies.

Element 8:  Policy of Non-Intimidation and Non-Retaliation

Employees and persons associated with the provider must be aware that they are expected to report compliance issues in an environment that is free of intimidation and retaliation.  The provider should emphasize that individuals who engage in intimidation or retaliation will be disciplined.

Ultimately, the provider must review their compliance program in advance of the certification to assess whether they have satisfactorily met the eight elements and statutory and regulatory requirements.  OMIG views this as an annual opportunity to encourage providers to improve their compliance programs and has provided various forms of guidance as well as a compliance program review assessment form to facilitate the providers in their analysis.  Although the provider will be expected to certify to compliance of the eight elements, each provider should aim to establish and implement a compliance program that is customized to their services and needs to ensure a truly effective and comprehensive approach to compliance.

If investigators come knocking, it is good planning for practice’s to have ready a response that all requests and inquiries will be handled through the practice’s compliance counsel.

Further guidance can be found on the OMIG website at https://www.omig.ny.gov/compliance and providers may certify at https://www.omig.ny.gov/ssl-certification.  For questions, please contact Chris Kutner at 516-357-3355 or [email protected].

Article co-written by Reema Sultan, Esq.