By: Chase Quinn | 01/27/25
In the intricate landscape of healthcare compliance, staying abreast of regulatory changes is crucial to maintaining operational integrity and regulatory adherence. The New York State Office of the Medicaid Inspector General (OMIG) has recently introduced sweeping updates to its compliance regulations, significantly impacting Medicaid-enrolled providers and Medicaid managed care organizations (MMCOs). Let’s delve into what OMIG compliance entails, who it affects, and why annual compliance program reviews are now more critical than ever.
The New York State Office of the Medicaid Inspector General (OMIG) is responsible for safeguarding the integrity of the Medicaid program, ensuring that funds are spent properly and in compliance with all relevant laws. In December 2022, OMIG significantly updated its regulations, marking a major shift in the way Medicaid-enrolled providers must approach compliance. These changes are intended to strengthen the program’s defense against fraud, waste, and abuse, and to ensure that providers operate with the highest standards of integrity. The new regulations require providers to review, revise, and potentially expand their compliance programs to meet new requirements that took effect in 2023, with full compliance expected by 2024.
OMIG has outlined 10 specific risk areas that must be addressed in compliance programs. Some of these areas, like billing practices and medical necessity, are familiar, but the new regulations introduce two additional risk areas—ordered services and contractor oversight. Providers must carefully evaluate these areas to ensure their operations remain compliant. The updated regulations also emphasize the need for providers to identify risks based on their “organizational experience”—a concept that accounts for a provider’s history, audits, investigations, and internal monitoring. This broader definition means providers must take a proactive approach to identifying potential risks that might arise from their operations, services, or relationships with contractors.
The new regulations also place additional responsibilities on compliance officers and compliance committees. Previously, providers were only required to designate an employee to oversee their compliance program, but now OMIG mandates that a compliance officer be designated as the primary individual responsible for managing the day-to-day operations of the program. This officer does not have to be an employee, but must have the necessary authority, resources, and staffing to implement the program effectively. The compliance officer must also report regularly to the governing body and senior management, detailing the program’s progress and ensuring any issues are addressed. To ensure your resources are allocated wisely and avoid costly mistakes, particularly with sales tax compliance software, read more here. The regulations now require that compliance committees be comprised of senior managers, ensuring that the committee has the requisite authority to drive compliance efforts and advocate for necessary resources. These committees must meet at least quarterly, review the program’s effectiveness, and oversee any modifications or adjustments.
Education and training are key components of the new compliance framework. The regulations require that all individuals affected by the compliance program—including providers, contractors, and staff—undergo annual training. This training must cover the provider’s specific risk areas, reporting obligations, and disciplinary actions for violations. It must also include a plan to track attendance and evaluate the effectiveness of the training. This emphasis on annual, structured training ensures that everyone involved in the Medicaid process is well-informed about their responsibilities and the program’s compliance expectations.
Providers must ensure that their written policies and procedures fully outline the standards of conduct and compliance practices. These documents need to cover various elements, such as how compliance issues will be handled, how investigations will be conducted, and the disciplinary actions for non-compliance. The written policies must be reviewed annually, and the process for updating these documents must be clearly documented. The new regulations also require that providers perform annual reviews of their compliance program’s effectiveness. These reviews should include interviews with affected individuals, on-site assessments, and a review of relevant records and documents. The results of these reviews must be shared with senior management and the governing body, ensuring transparency and accountability within the provider’s compliance framework.
The regulations stipulate that providers must maintain records demonstrating compliance with all regulatory requirements for at least six years. This includes documentation of compliance investigations, internal audits, corrective actions, and any changes to the compliance program. These records are essential for both OMIG reviews and any internal audits the provider may conduct.
The new OMIG regulations mark a significant shift in the way Medicaid providers must operate. Providers are now required to conduct a comprehensive review of their compliance programs, making necessary updates and potentially dedicating new resources to meet the more stringent requirements. For those who fail to comply with these new regulations, the consequences can be severe, including penalties or the termination of their participation in the Medicaid program. In short, OMIG’s updates demand that providers not only enhance their internal controls and processes but also take a more proactive stance in identifying risks and ensuring compliance across all areas of their operations. By meeting these requirements, providers help protect both their business operations and the integrity of the Medicaid program.
Under the revised OMIG compliance regulations, only certain providers must adopt formal compliance programs. However, the threshold for what qualifies as a “substantial portion” of a provider’s operations has been raised. Providers now need to have at least $1 million in Medicaid claims or receipts annually to be subject to OMIG’s compliance program rules—up from the previous $500,000 requirement. This higher threshold reduces the number of providers subject to these rules, but those who meet the criteria will need to put more detailed compliance strategies in place to avoid risking participation in the Medicaid program.
Providers who fall into this category must adopt a comprehensive compliance program, but the new rules also broaden the scope of who needs to be involved. In addition to Medicaid providers themselves, contractors—such as agents, subcontractors, and independent contractors—must now adhere to the same compliance expectations when they are involved in activities related to the provider’s risk areas. These contractors are now considered “affected individuals” and must be included in the provider’s compliance program, with contractual provisions that hold contractors accountable for following the program’s standards.
Annual reviews of compliance programs have become a cornerstone of OMIG’s regulatory framework. Providers and Medicaid Managed Care Organizations (MMCOs) must conduct thorough assessments of their compliance programs to ensure alignment with the new regulations outlined in 18 NYCRR Subpart 521-1. These reviews serve several critical purposes:
Regular reviews allow entities to gauge the effectiveness of their compliance measures in identifying and mitigating risks associated with Medicaid operations. This includes evaluating the implementation of policies, training programs, and internal controls required by OMIG. By assessing how well these measures are working, providers can determine if their compliance program is actively addressing potential vulnerabilities and reducing the risk of Medicaid fraud, waste, and abuse.
OMIG’s new regulations stipulate specific elements that compliance programs must incorporate, such as appointing a dedicated compliance officer responsible for program oversight and ensuring robust training on compliance-related topics. Annual reviews facilitate updates to these components to reflect evolving regulatory requirements and operational realities. By conducting these reviews, providers can ensure their programs remain relevant and aligned with the latest OMIG compliance regulations, which are crucial for avoiding penalties during an OMIG audit.
Conducting annual reviews not only helps in identifying areas for improvement but also demonstrates a provider’s proactive approach to compliance. It reinforces a culture of compliance within the organization, enhancing transparency and accountability in Medicaid billing and operational practices. This proactive stance is critical in maintaining strong relationships with regulators like New York OMIG, showing that the provider is committed to adhering to state and federal requirements.
Regular reviews help providers stay ahead of potential audits. By conducting these evaluations on an annual basis, organizations can ensure that their compliance programs are audit-ready. This proactive approach helps mitigate risks associated with non-compliance and positions providers to effectively respond if selected for audit. Audits are often an outcome of failure to maintain a robust compliance program, and providers who actively engage in review processes are better prepared to navigate the audit process successfully.
Annual reviews provide an opportunity to identify trends or recurring issues within the compliance program. This insight can be used to refine strategies, update training programs, and adjust risk management tactics. By addressing deficiencies identified during the review process, providers can continuously improve their operations, reducing the likelihood of compliance failures and ensuring ongoing success in meeting regulatory expectations.
In conclusion, OMIG’s updated compliance regulations represent a proactive approach to safeguarding the integrity of New York State’s Medicaid program. Providers and MMCOs must navigate these regulatory changes diligently, ensuring their operations align with OMIG’s stringent requirements to avoid penalties and uphold their commitment to quality care delivery under Medicaid. By adhering to these guidelines and continuously refining their compliance strategies, healthcare entities can not only meet regulatory mandates but also enhance operational efficiency and maintain public trust in Medicaid services across New York State.
There are many factors to consider when determining what options are best for you. Our experienced, specialized team of healthcare business advisors is here to create a specific plan for your business to find the optimal path forward. For more information, contact Chris Roane or Chase Quinn by email, or calling 770.396.2200.
Back to insights
Never miss an update. Sign up to receive our monthly newsletter to unlock our experts' insights.
Subscribe Now