December 19, 2013

Calling all practitioners accepting NYS Medicaid!  If straight or HMO Medicaid monies constitute a "Substantial Portion" of your business operations, you may be required to certify your compliance program before the end of the year. As a reminder.

(b) “Substantial portion” of business operations means any of the following:

(1) when a person, provider or affiliate claims or orders, or has claimed or has ordered, or should be reasonably expected to claim or order at least five hundred thousand dollars ($500,000) in any consecutive twelve-month period from the medical assistance program;

(2) when a person, provider or affiliate receives or has received, or should be reasonably expected to receive at least five hundred thousand dollars ($500,000) in any consecutive twelve-month period directly or indirectly from the medical assistance program; or

(3) when a person, provider or affiliate who submits or has submitted claims for care, services, or supplies to the medical assistance program on behalf of another person or persons in the aggregate of at least five hundred thousand dollars ($500,000) in any consecutive twelve-month period. 18 NYCRR 521.2(a).

Certify Your Compliance Program Here -

To view Medicaid's Frequently Asked Questions click here.

Looking to Order a Compliance Program, don't forget about December's 20% Compliance Discount for Medical and Dental Society Members.


Social Services Law §363-d subd. 2 and 18 NYCRR §521.3(c) set out the following eight core elements that shall be included in all compliance programs:

  1. written policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, provide guidance to employees and others on dealing with potential compliance issues, identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved;
  2. designate an employee vested with responsibility for the day-to-day operation of the compliance program; such employee's duties may solely relate to compliance or may be combined with other duties so long as compliance responsibilities are satisfactorily carried out; such employee shall report directly to the entity's chief executive or other senior administrator and shall periodically report directly to the governing body on the activities of the compliance program;

    Please Note: Due to the high potential for a conflict of interest to exist, related to the billing and payment function for Medicaid providers, OMIG discourages a reporting structure where the compliance officer reports to the chief financial officer. Although no specific New York law or regulation addresses this, some concerns exist with a structure where the compliance officer reports to the Medicaid provider's general counsel.

  3. training and education of all affected employees and persons associated with the provider, including executives and governing body members, on compliance issues, expectations, and the compliance program operation; such training shall occur periodically and shall be made a part of the orientation for a new employee, appointee or associate, executive, and governing body member;
  4. communication lines to the responsible compliance position (as described in "2," above) that are accessible to all employees, persons associated with the provider, executives, and governing body members, to allow compliance issues to be reported; such communication lines shall include a method for anonymous and confidential good faith reporting of potential compliance issues as they are identified;
  5. disciplinary policies to encourage good faith participation in the compliance program by all affected individuals, including policies that articulate expectations for reporting compliance issues and assisting in their resolution and outline sanctions for: (1) failing to report suspected problems; (2) participating in non-compliant behavior; or (3) encouraging, directing, facilitating, or permitting non-compliant behavior; such disciplinary policies shall be fairly and firmly enforced;
  6. a system for routine identification of compliance risk areas specific to the provider type, for self-evaluation of such risk areas, including internal audits and, as appropriate, external audits, and for evaluation of potential or actual non-compliance as a result of such self-evaluations and audits;
  7. a system for responding to compliance issues as they are raised; for investigating potential compliance problems; responding to compliance problems as identified in the course of self-evaluations and audits; correcting such problems promptly and thoroughly and implementing procedures, policies and systems as necessary to reduce the potential for recurrence; identifying and reporting compliance issues to the department or the office of Medicaid inspector general; and refunding overpayments; and
  8. a policy of non-intimidation and non-retaliation for good faith participation in the compliance program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in sections 740 and 741 of the labor law.


The Deficit Reduction Act (DRA) of 2005 instituted a requirement for health care entities receiving or making $5 million or more in Medicaid payments during a federal fiscal year to establish written policies and procedures informing their employees, contractors and agents about federal and state false claim acts and whistleblower protections. If an entity furnishes items or services at more than a single location, under more than one contractual or other payment arrangement, or uses more than one provider or tax identification number, the aggregate of all payments to that entity is used to determine if the entity reached the $5 million annual threshold. The applicability of the $5 million annual threshold is based upon reimbursments for the federal fiscal year (FFY) beginning on October 1 and ending on September 30. The certification due on or before January 1, 2010 is based on the applicability for the FFY ending September 30, 2009.

Certify for DRA here -