The Intersection Between OMIG’s Home Care Audit Protocols and Liability Risk Under The False Claims Act

OMIG publishes audit protocols to “assist the Medicaid provider community in developing programs to evaluate compliance with Medicaid requirements under federal and state statutory and regulatory law.”[1]  Such protocols are “applied to a specific provider type or category of service in the course of an audit and involve OMIG’s application of articulated Medicaid agency policy and the exercise of agency discretion.”[2] The protocols are used by OMIG “as a guide in the course of an audit to evaluate a provider’s compliance with Medicaid requirements and to determine the propriety of Medicaid expended funds.”[3]

These same protocols can be an excellent guide to mitigating liability risk under the False Claims Act (“FCA”), which imposes steep penalties on providers who submit false reimbursement claims to government programs, including Medicare and Medicaid.[4] A provider’s failure to meet many of the same Medicaid requirements under examination in an OMIG audit can also create a predicate for the submission of false claims under the FCA.

For example, one of the most common protocols informing OMIG’s audit of home health providers involves missing or inadequate documentation to support the services that are being billed to Medicaid (e.g., missing service authorization, missing plan of care, missing documentation of hours/visits billed; missing medical documentation; missing supervision documentation; missing personnel records). OMIG will routinely disallow claims that lack supporting documentation. If there has been a deliberate or reckless failure to maintain required supporting documentation for submitted claims, FCA liability could ensue. That, in turn, could mean treble damages and civil monetary penalties, not to mention possible exclusion of a provider from the Medicaid program.

Some additional focus areas in OMIG audits include: (a) whether amounts billed exceeded the service authorization (e.g., billing more units than authorized or billing units prior to obtaining authorization); (b) whether services billed were different from the services authorized; (c) whether services were performed by ineligible individuals; (d) whether health assessments of the provider were not documented, documented late, inadequately performed or not performed at all; (e) whether required signatures on medical orders were obtained; (f) whether required criminal background checks were performed; (g) whether required minimum training standards were satisfied; (h) whether required performance assessments and in-home visits were completed; (i) whether comprehensive patient assessments were properly completed and documented; (j) whether services were provided as specified in the plan of care and whether the plan of care adequately addressed patient needs or were reviewed/updated at least every 60 days; (k) whether the medical need for hours billed or services performed was documented in the record; (l) whether required supervision was provided in the manner required; (m) whether the provider billed for services that actually were performed by another entity; and (n) whether correct rate codes were billed.

As with missing documentation, any one of these focus areas can lead to FCA liability if the failure to comply with Medicaid requirements was “knowing” within the meaning of statute, which is not limited to actual knowledge. A provider that acts in deliberate ignorance or reckless disregard of the falsity of information underlying a claim will be deemed to have “knowingly” submitted that claim for purposes of the FCA. For example, poor or non-existent internal controls leading to a pattern and practice of undisclosed regulatory violations that are material to payment can create liability under the statute.

Given the high stakes, home health organizations are well-advised to review their practices to prevent FCA liability risks that could lead to serious financial and reputational harm. Outside counsel knowledgeable about the FCA and Medicaid compliance requirements can be a valuable resource in this effort.

[1] See, e.g., OMIG Audit Protocol Consumer Directed Personal Assistance Program (CDPAP), Revised 12/09/2020; OMIG Audit Protocol Certified Home Health Agency (CHHA), Revised 06/26/2018; OMIG Audit Protocol

Personal Care Aides (PCA), 12/05/2018

[2] Id.

[3] Id.

[4] The federal FCA is codified at 31 U.S.C. §§ 3729 et seq. New York State, like many other states, has enacted its own version of the statute, which is codified in the State Finance Law, Art. 13, §§ 187-194.