MED-02-09-00004-P Compliance Programs for Medical Assistance Providers
1/14/09 N.Y. St. Reg. MED-02-09-00004-P
NEW YORK STATE REGISTER
VOLUME XXXI, ISSUE 02
January 14, 2009
RULE MAKING ACTIVITIES
MEDICAID INSPECTOR GENERAL, OFFICE OF
PROPOSED RULE MAKING
NO HEARING(S) SCHEDULED
I.D No. MED-02-09-00004-P
Compliance Programs for Medical Assistance Providers
PURSUANT TO THE PROVISIONS OF THE State Administrative Procedure Act, NOTICE is hereby given of the following proposed rule:
Proposed action:
Addition of Part 521 to Title 18 NYCRR.
Statutory authority:
Social Services Law, section 363-d; Public Health Law, section 32
Subject:
Compliance programs for medical assistance providers.
Purpose:
To set forth regulations governing compliance programs for medical assistance providers.
Text of proposed rule:
A new Part 521, entitled "Provider Compliance Programs," is added to Title 18 of the Codes, Rules and Regulations of the State of New York to read as follows:
PART 521
PROVIDER COMPLIANCE PROGRAMS
§ 521.1 General requirements and scope.
To be eligible to receive medical assistance payments for care, services, or supplies, or to be eligible to submit claims for care, services, or supplies for or on behalf of another person, the following persons shall adopt and implement effective compliance plans:
(a) persons subject to the provisions of articles twenty-eight or thirty-six of the public health law;
(b) persons subject to the provisions of articles sixteen or thirty-one of the mental hygiene law; or
(c) other persons, providers or affiliates who provide care, services or supplies under the medical assistance program or persons who submit claims for care, services, or supplies for or on behalf of another person for which the medical assistance program is or should be reasonably expected by a provider to be a substantial portion of their business operations.
§ 521.2 Definitions.
For purposes of this Part, the definitions contained in Parts 504 and 515 of this Title shall apply. In addition, the following terms, as used in this Part, shall have the following meanings:
(a) "Required provider" means a provider meeting any of the criteria listed in subpart 521.1 of this Part.
(b) "Substantial portion" of business operations means any of the following:
(1) a person, provider or an affiliate of the provider claims or orders, or has claimed or has ordered, or should be reasonably expected to claim or order at least five hundred thousand dollars ($500,000) in a consecutive twelve-month period from the medical assistance program;
(2) a person, provider or an affiliate of the provider receives or has received, or should be reasonably expected to receive at least $500,000 in any consecutive twelve-month period directly or indirectly from the medical assistance program; or
(3) a person, provider or an affiliate of the provider who submits or has submitted claims for care, services, or supplies to the medical assistance program on behalf of another person or persons in the aggregate of at least five hundred thousand dollars ($500,000) in a consecutive twelve-month period.
§ 521.3 Compliance Program Provider Duties.
(a) Every required provider shall adopt and implement an effective compliance program. The compliance program may be a component of more comprehensive compliance activities by the required provider so long as the requirements of this Part are met. Required providers' compliance programs shall be applicable to:
(1) billings;
(2) payments;
(3) medical necessity and quality of care;
(4) governance;
(5) mandatory reporting;
(6) credentialing; and
(7) other risk areas that are or should with due diligence be identified by the provider.
(b) Upon applying for enrollment in the medical assistance program, and during the month of December each year thereafter, a required provider shall certify to the department, using a form provided by the Office of the Medicaid Inspector General on its website, that a compliance program meeting the requirements of this Part is in place. The Office of the Medicaid Inspector General will make available on its website compliance program guidelines for certain types of required providers.
(c) A required provider's compliance program shall include the following elements:
(1) written policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, provide guidance to employees and others on dealing with potential compliance issues, identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved;
(2) designate an employee vested with responsibility for the day-to-day operation of the compliance program; such employee's duties may solely relate to compliance or may be combined with other duties so long as compliance responsibilities are satisfactorily carried out; such employee shall report directly to the entity's chief executive or other senior administrator designated by the chief executive and shall periodically report directly to the governing body on the activities of the compliance program;
(3) training and education of all affected employees and persons associated with the provider, including executives and governing body members, on compliance issues, expectations and the compliance program operation; such training shall occur periodically and shall be made a part of the orientation for a new employee, appointee or associate, executive and governing body member;
(4) communication lines to the responsible compliance position, as described in paragraph (2) of this subdivision, that are accessible to all employees, persons associated with the provider, executives and governing body members, to allow compliance issues to be reported; such communication lines shall include a method for anonymous and confidential good faith reporting of potential compliance issues as they are identified;
(5) disciplinary policies to encourage good faith participation in the compliance program by all affected individuals, including policies that articulate expectations for reporting compliance issues and assist in their resolution and outline sanctions for:
(i) failing to report suspected problems;
(ii) participating in non-compliant behavior; or
(iii) encouraging, directing, facilitating or permitting either actively or passively non-compliant behavior; such disciplinary policies shall be fairly and firmly enforced;
(6) a system for routine identification of compliance risk areas specific to the provider type, for self-evaluation of such risk areas, including but not limited to internal audits and as appropriate external audits, and for evaluation of potential or actual non-compliance as a result of such self-evaluations and audits, credentialing of providers and persons associated with providers, mandatory reporting, governance, and quality of care of medical assistance program beneficiaries;
(7) a system for responding to compliance issues as they are raised; for investigating potential compliance problems; responding to compliance problems as identified in the course of self-evaluations and audits; correcting such problems promptly and thoroughly and implementing procedures, policies and systems as necessary to reduce the potential for recurrence; identifying and reporting compliance issues to the department or the office of Medicaid inspector general; and refunding overpayments;
(8) a policy of non-intimidation and non-retaliation for good faith participation in the compliance program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in sections seven hundred forty and seven hundred forty-one of the labor law.
521.4 Determination of Adequacy of Compliance Program.
(a) The commissioner of health and the Medicaid inspector general shall have the authority to determine at any time if a provider has a compliance program that is effective and appropriate to its characteristics and satisfactorily meets the requirements of this Part.
(b) A provider whose compliance program that is accepted by the federal department of health and human services office of inspector general and remains in compliance with the standards promulgated by such office shall be deemed in compliance with the provisions of this Part, so long as such plans adequately address medical assistance program risk areas and compliance issues.
(c) In the event that the commissioner of health or the Medicaid inspector general finds that the required provider does not have a satisfactory program, the provider may be subject to any sanctions or penalties permitted by federal or state laws and regulations, including revocation of the provider's agreement to participate in the medical assistance program.
Text of proposed rule and any required statements and analyses may be obtained from:
Erin C. Morigerato, Senior Counsel, Office of Medicaid Inspector General, Riverview Center, 150 Broadway, Albany, NY 12204, (518) 408-0508, e-mail: ecm03@omig.state.ny.us
Data, views or arguments may be submitted to:
Same as above.
Public comment will be received until:
45 days after publication of this notice.
Regulatory Impact Statement
1. Statutory authority:
An independent Office of the Medicaid Inspector General (OMIG) within the Department of Health was created by Chapter 442 of the Laws of 2006 (Chapter 442). OMIG is responsible for coordinating and implementing state-wide initiatives aimed at combating fraud and abuse within the medical assistance program.
Public Health Law (PHL) section 32, which was added by Chapter 442 of the laws of 2006, sets forth the functions, duties and responsibilities of the Medicaid Inspector General. Section 32 specifically authorizes the Medicaid Inspector General to "implement and amend, as needed, rules and regulations relating to the prevention, detection, investigation and referral of fraud and abuse within the medical assistance program and the recovery of improperly expended medical assistance program funds." PHL § 32 (20).
Social Services Law section 363-d, which was also added by Chapter 442, requires that certain medical assistance providers adopt and implement a compliance program, and that the Medicaid Inspector General, in consultation with the Department of Health, promulgate regulations establishing which providers are subject to the compliance program requirement.
2. Legislative objectives:
The overall purpose of Chapter 442 is to implement reform measures that will enhance the integrity of New York's Medicaid program. These measures are aimed at avoiding or recovering improper Medicaid claims and combating fraud and abuse within the Medicaid program. One component of this effort is the requirement that certain medical assistance providers develop and implement a compliance program.
3. Needs and benefits:
The Legislature has determined that medical assistance providers should be required to develop and implement compliance programs in order to reduce fraud and abuse in the Medicaid program. Social Services Law (SSL) section 363-d (4) directs the Medicaid Inspector General to adopt regulations, in consultation with the Department of Health, that establish and specify the types of providers that will be subject to the compliance program requirements. The proposed regulations will apply to any businesses that fall under one or more of three general categories:
1. providers that are subject to the provisions of Articles 28 or 36 of the public health law;
2. providers that are subject to the provisions of Articles 16 or 31 of the mental hygiene law; and
3. persons, providers and affiliates of such persons who submit Medicaid claims totaling $500,000.00 or greater in a twelve month period.
The first two categories of providers are already required by Social Services Law (SSL) section 363-d to put compliance programs into effect. The proposed regulations are consistent with those statutory requirements. The third category of providers was identified generally by the SSL section 363-d as providers for which Medicaid claims made up a "substantial portion" of the provider's business operations. The proposed regulations define "substantial portion" and establish a $500,000.00 threshold for this third category. The $500,000.000 threshold was established because not only has it been previously included in other DOH regulations1 but it also encompasses ten percent of providers and ninety-five percent of the Medicaid billings based on a 2006 and 2007 summary2.
This rulemaking is necessary in order for the Medicaid Inspector General to comply with the statutory directive in SSL section 363-d (4). This rulemaking will also ensure that the regulated community is given appropriate notice as to which providers must produce and implement a compliance program.
This rulemaking is part of an overall effort by New York State to enhance the integrity of its Medicaid program. The compliance program requirement will help to ensure: that Medicaid funds are used properly and that payments are made only for legitimate claims; that providers systematically identify, report, and return overpayments; that medical care, services, and supplies provided meet required standards of care; that individuals can report unacceptable practices, such as fraud, directly and safely; and that providers establish accountability in governance structures. As was noted by the Legislature in the bill memorandum in support of the new SSL 363-d, this rulemaking is part of an initiative that will "achieve substantial savings for taxpayers and preserve quality health care for the state's Medicaid recipients."
Providers that are subject to the proposed regulations may also realize benefits associated with implementation of a compliance program. An effective compliance program will help a provider to ensure that appropriate quality of care is offered to Medicaid recipients by appropriately credentialed staff, that billings and payments are accurate, that sufficient internal controls exist to prevent inappropriate billings and payments and that sanctions are avoided, such as penalties and exclusions, that are imposed as a result of unacceptable practices. Cost benefits to providers are further discussed below.
4. Costs:
The requirement that certain medical assistance providers prepare and adopt compliance programs is established by statute in SSL section 363-d (2). Therefore, any costs that may be incurred by these providers would be a direct result of that statute and not this rulemaking. However, SSL section 363-d also directs OMIG to adopt regulations that establish which providers are subject to the compliance program requirements. In particular, OMIG's regulations must address providers for which the medical assistance program constitutes "a substantial portion" of the provider's business. This rulemaking clarifies the types of providers that are subject to the compliance program requirement and must therefore incur costs, if any, associated with such a program.
Costs to regulated parties:
The costs incurred by regulated parties in order to comply with the proposed rulemaking will vary depending upon any existing control measures the provider has in place at the time the regulation takes effect. For those providers who already have an operating compliance program, potentially little or no costs may be incurred in order to establish a compliance program that satisfies the proposed regulations. However, for those providers who do not have a program in place that meets the requirements set forth in this proposed rulemaking, some costs will be incurred in order to establish a compliance program. The extent of those costs will depend on the level of effort that is necessary for the provider to establish a compliance program that satisfies each of the eight mandatory elements. Those elements are listed and described in both the proposed regulations and SSL section 363-d.
In assessing the costs incurred by a provider when it establishes a compliance program pursuant to SSL § 363-d and the proposed regulations, due consideration should be given to the cost savings that may result from the implementation of an effective compliance program. In preparing this proposed rulemaking, OMIG staff looked for existing literature and studies on the issue of costs associated with compliance programs. Only one report was identified: Impact of a Compliance Program for Billing on Internal Medicine Faculty's Documentation Practices and Productivity, ACADEMIC SCIENCE (March 2001). The results of this study, which focused on the implementation of a compliance program by the Saint Louis University Medical Group (UMG), suggest that compliance programs may provide certain financial benefits to the provider. For example, in the study of UMG, the gross collection rate for all services increased, staff productivity increased, unbillable services decreased, and the financial risks associated with an adverse audit decreased. These cost savings may result in a net cost savings to providers who establish compliance programs. For those providers that do not find net cost savings, the expected cost savings should diminish, if not completely offset, any costs incurred by providers in the development and implementation of a compliance program.
Costs to OMIG, the State and local governments
The proposed rulemaking will not result in any new costs to OMIG or state government in general. OMIG staff may seek to review provider compliance plans, but no new costs would be involved because staff already investigate and audit Medicaid providers for compliance with the requirements of the Medicaid program which compliance programs are intended to address, improve, and enhance. Reviewing compliance plans would become a component of that process.
The proposed rulemaking will not impose costs on local governments in general, but local government entities that fall within the definition of a "required provider" as set forth in the proposed regulations, including school districts, will be required to implement a compliance program. The cost analysis would be the same as the discussion above for "regulated parties." The cost savings discussed above for regulated parties would apply to local government providers as well.
5. Local government mandates:
The proposed rulemaking does not impose any program, service, duty or responsibility on local government entities in general. However, there are a small number of local government entities which will be required under this proposal to have compliance program in place because they fall within the proposed definition of "required provider."
6. Paperwork:
Medical assistance providers who are subject to the proposed regulations will be required to complete paperwork associated with the development and implementation of compliance programs. No additional paperwork will be required for those providers who already have an established compliance program that satisfies the elements contained in the proposed regulations. At a minimum, each required provider will need to have in place certain written policies and procedures and will need to retain documentation that verifies. SSL § 363-d(2)(a).
7. Duplication:
There are no other legal requirements at the state or federal level that duplicate the requirements of the proposed regulations and SSL section 363-d for Medicaid. However, some providers establish compliance programs in connection with their participation in the federal Medicare program, as an effective business practice, or to comply with federal tax and other state and federal statutory and regulatory requirements. Both SSL 363-d and the proposed regulations include a provision recognizing a provider whose compliance program is accepted by the Federal Office of Inspector General for the Department of Health and Human Services. Such a program may satisfy the requirements of the proposed regulations if it adequately addresses "medical assistance risk areas and compliance issues."
8. Alternatives:
The Medicaid Inspector General is required by section 363-d (4) to promulgate these regulations. There are no reasonable alternatives to this rulemaking.
9. Federal standards:
There are no mandatory federal standards or requirements for compliance programs for medical assistance providers. However, the federal government has issued guidance for many types of providers interested in voluntary compliance programs.
10. Compliance schedule:
SSL section 363-d and its compliance program requirements took effect on January 1, 2007. Certain provider types were addressed specifically: providers subject to the provisions of Public Health Law Article 28, Public Health Law Article 36, Mental Hygiene Law Article 16, and Mental Hygiene Law Article 31. These providers are required to have a compliance program, and those programs should have been implemented during the time that has passed since the law took effect. To the extent that any such providers have not fully implemented a compliance program to date, they should be able to do so by the time the proposed regulations take effect, if this proposed rulemaking is adopted.
For those providers that are subject to the proposed regulations but are not specifically mentioned in SSL section 363-d, compliance could reasonably be achieved within sixty days from the date the regulations take effect. In no event should a provider require more than 90 days from the date the regulations take effect in order to implement a provider compliance program. Pursuant to SSL 363-d, providers that do not have a compliance program in place within 90 days from the date the regulations take effect may be subject to sanctions or penalties.
1 18 NYCRR 504.11(a)(3) requires Medicaid providers who bill more than $500,000.00 a year to furnish financial security.
2 Summary of Providers by total yearly billings for 2006 and 2007 calendar years.
Regulatory Flexibility Analysis
1. Effect of the rule:
The proposed regulations require that certain Medicaid providers, including some small businesses, implement and maintain a compliance program. The proposed regulations will apply to any businesses that fall under one or more of three general categories:
1. providers that are subject to the provisions of Articles 28 or 36 of the public health law;
2. providers that are subject to the provisions of Articles 16 or 31 of the mental hygiene law; and
3. persons, providers and affiliates of such persons who submit Medicaid claims totaling $500,000.00 or greater in a twelve month period.
The State Administrative Procedure Act (SAPA) defines "small business" as "any business which is resident in this state, independently owned and operated, and employs one hundred or less individuals." SAPA § 102(8). Small businesses covered by any one of the above three categories will be required to comply with the proposed regulations concerning compliance programs.
The first two categories of providers are already required by Social Services Law (SSL) section 363-d to put compliance programs into effect. The proposed regulations are consistent with those statutory requirements. The third category of providers was identified generally by the SSL section 363-d as providers for which Medicaid claims made up a "substantial portion" of the provider's business operations. The proposed regulations define "substantial portion" and establish a $500,000.00 threshold for this third category. The $500,000.000 threshold is a reasonable threshold because not only has it been previously included in other DOH regulations1 but it also encompasses ten percent of providers and ninety-five percent of the Medicaid billings based on a 2006 and 2007 summary2. The definition includes three scenarios in which a provider's participation in the medical assistance program would constitute a substantial portion of the provider's business. Small businesses falling under this definition will be required to have a compliance program. The types of small business providers that may be subject to these regulations include, but are not limited to, pharmacies, physicians, dentists, durable medical equipment (DME) businesses, service bureaus, and transportation providers.
A small percentage of local government providers, including some school districts, fall under one or more of the categories of providers that are required to establish compliance programs. These entities will be required to comply with the proposed regulations.
2. Compliance requirements:
Any small business or local government that is subject to the proposed regulations will be required to develop and implement a compliance program in accordance with the eight specific elements listed in the proposed regulations. For example, each required provider will need to have in place: "written policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, provide guidance to employees and others on dealing with potential compliance issues, identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved." SSL § 363-d(2)(a). Depending on what policies, procedures and controls a provider has already instituted, additional action may be necessary for a provider to meet each of the remaining seven elements of a Medicaid provider compliance program.
No affirmative acts will likely be required for a provider if that provider already has an effective compliance program that satisfies the elements contained in the proposed regulations.
3. Professional services:
Providers may require the services of certain professionals, including medical professionals, auditors, attorneys, and compliance professionals in order to establish and maintain effective compliance programs.
4. Compliance costs:
The requirement that certain medical assistance providers prepare and adopt compliance programs was imposed by statute in SSL section 363-d (2). Therefore, the costs incurred by these providers are a direct result of that statute and not this rulemaking. However, SSL section 363-d also directs OMIG to adopt regulations that establish which providers are subject to the compliance program requirements. In particular, OMIG's regulations must address providers for which the medical assistance program constitutes "a substantial portion" of the provider's business. This rulemaking clarifies the types of providers that are subject to the compliance program requirement and must therefore incur costs, if any, associated with such a program.
The costs incurred by regulated parties in order to comply with the proposed rulemaking will vary depending upon any existing control measures the provider has in place at the time the regulation takes effect. For those providers who already have an operating compliance program, potentially little or no costs may be incurred in order to establish a compliance program that satisfies the proposed regulations. However, for those providers who do not have a program in place that meets the requirements set forth in this proposed rulemaking, some costs will be incurred in order to establish a compliance program. The extent of those costs will depend on the level of effort that is necessary for the provider establish a compliance program that satisfies each of the eight mandatory elements. Those elements are listed and described in both the proposed regulations and SSL section 363-d.
The costs will also vary depending upon the size and other specific attributes of the provider. SSL section 363-d states that a provider's compliance plan should reflect the provider's size, complexity, resources, and culture. Thus, a large, complex provider may incur more costs in implementing an effective compliance plan than a smaller provider might incur.
The proposed rulemaking will not impose costs on local governments in general, but local government entities that fall within the definition of a "required provider" as set forth in the proposed regulations, including school districts, will be required to implement a compliance program. There are approximately 66 local school districts who fall within the definition of "required providers" statewide. The cost analysis would be the same as for other providers covered by this regulation.
In assessing the costs that may be incurred by a provider when it establishes a compliance program, pursuant to SSL section 363-d and the proposed regulations, OMIG also considered the cost savings that could result from the implementation of an effective compliance program. OMIG staff reviewed existing literature and studies for information concerning the issue of costs associated with compliance programs. During that research, only one report was identified: Impact of a Compliance Program for Billing on Internal Medicine Faculty's Documentation Practices and Productivity, ACADEMIC SCIENCE (March 2001). The results of this study, which focused on the implementation of a compliance program by the Saint Louis University Medical Group (UMG), suggest that compliance programs may provide certain financial benefits to the provider. For example, in the study of UMG, the gross collection rate for all services increased, staff productivity increased, unbillable services decreased, and the financial risks associated with an adverse audit decreased. These cost savings should diminish, if not completely offset, any costs incurred by providers in the development and implementation of a compliance program.
5. Economic and technological feasibility:
Although there may be some costs involved for some providers in complying with the proposed regulations, OMIG anticipates those costs will be lessened or offset entirely by the cost savings that Medicaid providers will realize once the program is implemented.
There are no technologically challenging aspects to the requirements of the proposed rulemaking that do not already exist as requirements in current statutes, such as HIPAA, as a compliance program would establish measures to ensure compliance with laws relevant to the Medicaid program.
For these reasons, OMIG concludes that the proposed regulations will be economically and technically feasible for any affected small businesses and local governments.
6. Minimizing adverse impact:
SSL section 363-d states in part: "The legislature. . . recognizes the wide variety of provider types in the medical assistance program and the need for compliance programs that reflect a provider's size, complexity, resources, and culture. For a compliance program to be effective, it must be designed to be compatible with the provider's characteristics."
While each required provider will need to develop a compliance program that adequately addresses each of the eight elements listed in the proposed regulations and SSL section 363-d, OMIG will give due consideration and attention to the concerns noted by the Legislature and review compliance programs for appropriateness consistent with the provider's characteristics.
A small percentage of local government providers, including some school districts, fall under one or more of the categories of providers that are required to establish compliance programs. These entities will be required to comply with the proposed regulations. Although some local government entities expressed concern with the requirement to have a compliance program, there are no reasonable alternatives to this rulemaking, as the statutorily required providers include certain Medicaid providers that are part of local governments. Additional providers that are include in the regulation but which were not mandated by statute have a sufficiently high billing threshold that failing to require a compliance program would not be a responsible fiscal management expectation. Local government did not suggest any alternatives to having these entities be included in a mandatory compliance program in order to effectuate compliance. The requirement that certain medical assistance providers prepare and adopt compliance programs is established by statute in SSL section 363-d (2).
The benefits associated with implementation of a compliance program far outweigh any adverse economic impact. An effective compliance program will assist a provider in preventing inappropriate payments and avoiding costs, such as reimbursements, penalties, and other adverse consequences that might otherwise be incurred due to violations. The compliance program requirement will also help to ensure: that Medicaid funds are used properly and that payments are made only for legitimate claims; that providers systematically identify, report, and return overpayments; that medical care, services, and supplies provided meet required standards of care; that individuals can report unacceptable practices, such as fraud, directly and safely; and that providers establish accountability in governance structures. As was noted by the Legislature in the bill memorandum in support of the new SSL 363-d, this rulemaking is part of an initiative that will "achieve substantial savings for taxpayers and preserve quality health care for the state's Medicaid recipients."
The federal government has developed and issued model compliance programs for many types of providers such as hospitals, nursing facilities, managed care programs, pharmaceutical manufacturers and the ambulance industry3. The OMIG is in the process of creating compliance guidance for various types of providers which will be posted on the OMIG's website when completed. The DOH may also issue advisory opinions on appropriate standards of compliance once this regulation has been promulgated. Local government entities as well as all affected providers required to comply with this regulation can utilize those guidelines and advisory opinions when developing an effective compliance program pursuant to this regulation.
Although there are no mandatory federal standards or requirements for compliance programs for medical assistance providers, the federal government has issued guidance for many types of providers interested in voluntary compliance programs. The DOH also issues advisory opinions on appropriate standards of compliance. Local government entities required to comply with this regulation can utilize those guidelines and advisory opinions when developing an effective compliance program pursuant to this regulation.
7. Small business and local government participation:
OMIG has posted information on its website concerning "Mandatory Provider Compliance Programs," including a synopsis of SSL section 363-d. The website also indicates that OMIG will be proposing regulations on this issue in the near future.
A copy of this Notice of Proposed Rulemaking will be posted on OMIG's website and also published in the Medicaid Update. These notices will invite comments on the proposal during the public comment period for this rulemaking. The notices will also include instructions for those interested in submitting comments.
OMIG also invited comments from various small business groups and representatives from local governments at an advisory meeting for this regulation held on April 23, 2008. During the advisory meeting, the New York State Association of Counties expressed opposition to this regulation but was advised by OMIG that adoption of a satisfactory compliance program is statutorily required by Social Services Law (SSL) section 363-d and that this regulation is a direct result of that statute.
1 18 NYCRR 504.11(a)(3) requires Medicaid providers who bill more than $500,000.00 a year to furnish financial security.
2 Summary of Providers by total yearly billings for 2006 and 2007 calendar years.
3 For a complete list of voluntary Federal compliance guidance and resource materials see www.oig.hhs.gov/fraud/complianceguidance.html
Rural Area Flexibility Analysis
1. Types and estimated numbers of rural areas:
This rulemaking implements Social Services Law (SSL) section 363-d and applies to certain Medicaid providers. Both SSL section 363-d and the proposed regulations apply uniformly throughout the State, including all rural areas of the State.
2. Reporting, recordkeeping and other compliance requirements; and professional services:
Any public or private entities in rural areas that are subject to the proposed regulations will be required to develop and implement a compliance program in accordance with the eight specific elements listed in the proposed regulations. For example, each required provider will need to have in place: "written policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, provide guidance to employees and others on dealing with potential compliance issues, identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved." SSL § 363-d(2)(a). Depending on what control measures a provider has already instituted, additional action may be necessary for a provider to meet the remaining seven elements of a Medicaid provider compliance program.
No affirmative acts will likely be required for a provider if that provider already has an established compliance program that satisfies the elements contained in the proposed regulations.
Professional services are not likely to be required to comply with the reporting, record keeping, and other requirements of this rule.
3. Costs:
This rulemaking clarifies the types of providers, including those in rural areas, that are subject to the compliance program requirement and must incur costs, if any, associated with such a program. Therefore, the costs incurred by these providers, including those in rural areas, are a direct result of that statute and not this rulemaking. SSL section 363-d directs OMIG to adopt regulations that establish which providers are subject to the compliance program requirements. In particular, OMIG's regulations must address providers for which the medical assistance program constitutes "a substantial portion" of the provider's business.
The costs incurred by regulated parties in order to comply with the proposed rulemaking will vary depending upon any existing control measures the provider has in place at the time the regulation takes effect. For those providers who already have an operating compliance program, such as those who have a program as a result of their participation in Medicare, there may be little or no costs incurred in order to satisfy the proposed regulations. However, there will be some costs for those providers who do not have a program in place that meets the requirements set forth in this proposed rulemaking. The extent of those costs will depend on the level of effort that is necessary for the provider to establish a compliance program that satisfies each of the eight mandatory elements. Those elements are listed and described in both the proposed regulations and SSL section 363-d.
The costs will also vary depending upon the size and other specific attributes of the provider. SSL section 363-d states that a provider's compliance plan should reflect the provider's size, complexity, resources, and culture. Thus, a large, complex provider may incur more costs in implementing an appropriate compliance plan than a smaller provider might incur.
The proposed rulemaking will not impose costs on local governments in general, but local government entities in rural areas that fall within the definition of a "required provider" as set forth in the proposed regulations, including school districts, will be required to implement a compliance program. The cost analysis would be the same as the discussion above for "regulated parties." The cost savings discussed above for regulated parties would apply to local government providers as well.
In assessing the costs that may be incurred by a provider when it establishes a compliance program, pursuant to SSL section 363-d and the proposed regulations, OMIG also considered the cost savings that could result from the implementation of an effective compliance program. OMIG staff reviewed existing literature and studies for information concerning the issue of costs associated with compliance programs. During that research, only one report was identified: Impact of a Compliance Program for Billing on Internal Medicine Faculty's Documentation Practices and Productivity, ACADEMIC SCIENCE (March 2001). The results of this study, which focused on the implementation of a compliance program by the Saint Louis University Medical Group (UMG), suggest that compliance programs may provide certain financial benefits to the provider. For example, in the study of UMG, the gross collection rate for all services increased, staff productivity increased, unbillable services decreased, and the financial risks associated with an adverse audit decreased. These cost savings should diminish, if not completely offset, any costs incurred by providers in the development and implementation of a compliance program.
4. Minimizing adverse impact:
SSL section 363-d states in part: "The legislature. . . recognizes the wide variety of provider types in the medical assistance program and the need for compliance programs that reflect a provider's size, complexity, resources, and culture. For a compliance program to be effective, it must be designed to be compatible with the provider's characteristics."
While each required provider will need to develop a compliance program that adequately addresses each of the eight elements listed in the proposed regulations and SSL section 363-d, OMIG will give due consideration and attention to the concerns noted by the Legislature and review compliance programs for appropriateness consistent with the provider's characteristics.
5. Rural area participation:
OMIG has posted information on its website concerning "Mandatory Provider Compliance Programs," including a synopsis of SSL section 363-d. The website also indicates that OMIG would be proposing regulations on this issue in the near future.
A copy of this Notice of Proposed Rulemaking will be posted on OMIG's website and also published in the Medicaid Update. These notices will invite comments on the proposal during the public comment period for this rulemaking. The notices will also include instructions for anyone interested in submitting comments, including public and private entities in rural areas.
Job Impact Statement
The Office of the Medicaid Inspector General (OMIG) has determined that this rule will not have a substantial adverse impact on jobs or employment opportunities. Therefore, a job impact statement is not required.
The Legislature has determined that medical assistance providers should be required to develop and implement compliance programs in order to reduce errors and fraud in Medicaid billing. Social Services Law (SSL) section 363-d (4) directs the Medicaid Inspector General to adopt regulations, in consultation with the Department of Health, that establish and specify the types of providers which will be subject to the compliance program requirements. This rulemaking is necessary in order for the Medicaid Inspector General to comply with the statutory directive in SSL section 363-d (4). This rulemaking will also ensure that the regulated community is given appropriate notice as to which providers must produce and implement a compliance program.
This rulemaking is part of an overall effort by New York State to enhance the integrity of its Medicaid program. The compliance program requirement will help to ensure that Medicaid funds are used properly and that payments are made only for legitimate claims. As was noted by the Legislature in the bill memorandum in support of the new SSL 363-d, this rulemaking is part of an initiative that will "achieve substantial savings for taxpayers and preserve quality health care for the state's Medicaid recipients."
Although this rulemaking will require providers that are subject to the proposed regulation to develop guidelines for employee training and education and designate an employee with the responsibility of overseeing the compliance program, those providers may also realize benefits associated with implementation of a compliance program. An effective compliance program will assist a provider in preventing inappropriate payments and avoiding costs; reimbursements, penalties, and other adverse consequences that might otherwise be incurred due to violations.
The costs incurred by regulated parties in order to comply with the proposed rulemaking will vary depending upon any existing control measures the provider has in place at the time the regulation takes effect. For those providers who already have an operating compliance program, such as those who have a program as a result of their participation in Medicare, potentially little or no costs may be incurred in order to certify that a program is in place that satisfies the proposed regulations. However, for those providers who do not have a program in place that meets the requirements set forth in this proposed rulemaking, some costs will be incurred in order to achieve compliance. The extent of those costs will depend on the level of effort that is necessary for the provider to establish a compliance program that satisfies each of the eight mandatory elements. Those elements are listed and described in both the proposed regulations and SSL section 363-d.
The requirement that certain medical assistance providers prepare and adopt compliance programs is established by statute in SSL section 363-d (2). Therefore, any adverse impact on jobs or employment opportunities that may be incurred by these providers would be a direct result of that statute and not this rulemaking. However, SSL section 363-d also directs OMIG to adopt regulations that establish which providers are subject to the compliance program requirements. In particular, OMIG's regulations must address providers for which the medical assistance program constitutes "a substantial portion" of the provider's business. This rulemaking clarifies the types of providers that are subject to the compliance program requirement and must therefore incur costs, if any, associated with such a program.
In assessing the adverse impact on jobs or employment opportunities incurred by a provider when it establishes a compliance program pursuant to SSL § 363-d and the proposed regulations, due consideration should be given to the cost savings that may result from the implementation of an effective compliance program. In preparing this proposed rulemaking, OMIG staff looked for existing literature and studies on the issue of costs associated with compliance programs. Only one report was identified: Impact of a Compliance Program for Billing on Internal Medicine Faculty's Documentation Practices and Productivity, ACADEMIC SCIENCE (March 2001). The results of this study, which focused on the implementation of a compliance program by the Saint Louis University Medical Group (UMG), suggest that compliance programs may provide certain financial benefits to the provider. For example, in the study of UMG, the gross collection rate for all services increased, staff productivity increased, unbillable services decreased, and the financial risks associated with an adverse audit decreased. These cost savings should diminish, if not completely offset, any costs incurred by providers or adverse impacts on jobs or employment opportunities in the development and implementation of a compliance program.
It is anticipated that the total impact on jobs and employment opportunities associated with establishing a provider compliance program will be relatively modest, particularly for providers who already have a full or partial program in place. For those providers who do not yet have an established program, the cost savings associated with such a program will help to offset the expense of implementing the program.
Therefore, the statutorily required compliance program for certain Medicaid providers, as implemented by this rulemaking, should not have a substantial adverse impact on jobs and employment opportunities.
