Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Alerts
    4. New York State OMIG issues new more detailed regulations for provider compliance programs

      Alerts

    Alert / Healthcare

    New York State OMIG issues new more detailed regulations for provider compliance programs

    Jan 18, 2023

    LinkedInX (Twitter)EmailCopy URL

    By Justin Pfeiffer

    Compliance officers should review their compliance programs to ensure consistency with new requirements.

    What’s the impact?

    • Providers must designate a compliance committee comprised of, at a minimum, “senior managers” who meet at least quarterly.
    • Providers must adopt and implement an annual training program that covers nine topic areas.
    • If a provider’s contractor is “affected by” any risk areas under the provider’s compliance program, the contract must specify that the contractor is subject to the provider’s compliance program and must contain a termination clause.
    • Providers are subject to the compliance program regulations if they claim or receive at least $1 million annually from the New York State Medicaid program—an increase from the previous threshold of $500,000.

    DOWNLOAD

    PDF: New York State OMIG issues new, more detailed regulations for provider compliance programs

    On December 28, 2022, the New York State Office of the Medicaid Inspector General (OMIG) introduced comprehensive and detailed regulations.  These regulations mandate Medicare-enrolled providers and their contractors to establish and maintain provider healthcare compliance programs. Additionally, Medicaid managed care organizations (MMCOs) to maintain fraud, waste, and abuse prevention programs and codify in regulation obligations to self-disclose Medicaid overpayments. The OMIG’s new regulations entirely replace the former 18 NYCRR Part 521, which was comparatively brief.

    Although many parts of the OMIG’s new regulations reflect existing state and federal law and guidance, other requirements are new. Compliance officers are encouraged to review their compliance programs to ensure they remain consistent with the OMIG’s new regulations.

    New Provider Compliance Program Requirements

    Although providers have long been required to maintain compliance programs, the new standards in 18 NYCRR Subpart 521-1 are significantly more detailed. Additionally, the old regulations included a presumption that a provider’s compliance program was adequate if it complied with industry-specific guidance published by the federal Department of Health and Human Services Office of Inspector General (OIG). The OMIG’s new regulations contain no such presumption; instead, they directly specify the elements that all provider compliance programs must contain.

    Highlights from the new Subpart 521-1 include:

    • Providers must have a compliance officer responsible for the day-to-day operation of the compliance program—the compliance officer must update the compliance program at least annually
    • Providers must designate a compliance committee that coordinates with the compliance officer to ensure that the provider is conducting its operations consistent with the compliance program
      • Notably, the compliance committee must be comprised of, at a minimum, “senior managers” who meet at least quarterly—the term “senior manager” is not defined
    • Providers must adopt and implement an annual training program that covers nine different topic areas, including, but not limited to, risk areas, policies and procedures, compliance officer and compliance committee roles, internal reporting of potential compliance issues, and claim, coding, and billing requirements
    • Compliance programs must address the risk areas identified in the regulation, including, but not limited to, billing, medical necessity, quality of care, mandatory reporting, and other risk areas that “should reasonably be identified” by the provider—those risk areas should come as no surprise, but the regulations now include additional detail
    • Significantly, if a provider’s contractor is “affected by” any risk areas, the contract between the parties must specify that the contractor is subject to the provider’s compliance program in those risk areas
      • The OMIG’s regulations do not explain how to determine whether a contractor is “affected by” a provider’s risk area
    • The OMIG indicated that it would issue guidance for those contractors subject to both the contractor’s own provider compliance program and the compliance programs of other providers
      • The OMIG’s pending guidance may also address how to determine whether a contractor is “affected by” a risk area
      • In the meantime, providers are encouraged to evaluate their contracted services on a case-by-case basis to determine whether any contract service could be deemed “affected by” a particular risk area
    • Additionally, contracts for services that are affected by a risk area must contain a clause that allows the provider to terminate the contract if the contractor fails to adhere to the provider’s compliance program
      • In its response to public comments, the OMIG stated that it will only enforce this requirement “for contracts executed or renewed starting 90 days and no later than [two] years from the effective date” of the new regulations—i.e., from March 28, 2023, until December 28, 2024—and that this enforcement policy will be “confirmed in guidance”
    • Compliance programs must, among other requirements, include written policies and procedures that describe the provider’s internal compliance expectations “as embodied in standards of conduct,” document the compliance program’s structure and individual roles, explain how compliance issues will be addressed, and establish policies for both employee discipline and non-retaliation
      • These requirements are largely consistent with existing state law and federal guidance; however, the regulations establishing these requirements are now substantially more detailed
    • Providers must implement systems to receive and address reports, including confidential reports, of compliance issues
    • Providers must perform “routine” audits, using internal and/or external auditors, which focus on the required risk areas—government audits do not count
    • Providers must also review their compliance programs at least annually and document their findings
    • Providers will continue to annually certify that their compliance programs meet the requirements of the OMIG’s regulations
      • Additionally, MMCOs will be required to collect these certifications from participating providers via a website or dedicated email address

    Significantly, the OMIG’s new regulations apply only to those providers that claim or receive at least $1 million annually from the New York State Medicaid program—an increase from the previous threshold of $500,000 in Medicaid revenue.

    The OMIG must notify a provider whenever it intends to review the provider’s compliance program. Providers will have 30 days to respond to such a notice, which the OMIG may extend by an additional 30 days “for good cause shown.”

    New Self-Disclosure Regulations

    Consistent with the federal Affordable Care Act, providers continue to have an affirmative obligation to report, return, and explain any overpayments from the NYS Medicaid Program to the OMIG. In general, the deadline for returning overpayments to the OMIG is the later of (i) 60 days after the overpayment is identified or (ii) the date any corresponding cost report is due. An overpayment is identified when a person has identified, or “should have” identified, the overpayment “through the exercise of reasonable diligence.” This deadline is tolled when the OMIG’s Self-Disclosure Program acknowledges receipt of a Self-Disclosure Statement.

    The OMIG’s new regulations largely codify previous self-disclosure policies. The regulations now specify that a provider’s Self-Disclosure Statement must contain a “detailed explanation” of the circumstances that gave rise to the overpayment, how the overpayment was discovered, and the provider’s corrective actions, among other required elements. Notably, the provider’s compliance officer must sign the Self-Disclosure Statement.

    Providers that submit a Self-Disclosure Statement by the regulatory deadline may request a waiver of interest and a repayment plan. (A provider is not eligible to make these requests, however, providers are ineligible to make such requests if the OMIG has already initiated an audit, investigating, or review pertaining to the disclosed overpayment. The OMIG’s Self-Disclosure Form and instructions are available online.

    If the OMIG agrees to waive interest and allow repayments by installment, the OMIG will memorialize the repayment terms in a Self-Disclosure and Compliance Agreement (SDCA), which the provider must timely execute and return. The new regulations provide that the OMIG will terminate the SDCA if the OMIG determines that the provider gave false information or withheld material information or if the OMIG determines that the provider has “attempt[ed] to defeat or evade” its repayment obligations. If the OMIG terminates the SDCA, the regulations state that the full amount of the overpayment will become due.

    Practices

    HealthcareHealthcare Regulatory & ComplianceHealthcare RestructuringHealthcare FinanceHealthcare Dispute ResolutionDigital Health & TelemedicineHealth Information - Privacy, Security & Data Sharing

    Insights And Happenings

    • Alert

      NYS Department of Health proposes clinical staffing regulations for general hospitals

      March 6, 2023
    • Alert

      How healthcare providers can plan ahead for COVID-19 emergency declaration expiration

      Feb 15, 2023
    • Alert

      The rise and fall of Elizabeth Holmes and Theranos: Lessons learned

      Nov 18, 2022
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved