Healthcare Law Alert: Changes to the Office of Medicaid Inspector General (“OMIG”) Mandatory Compliance Program and Certification Requirements

While providers were consumed by the first wave of the COVID-19 pandemic in April of this year, changes to OMIG’s mandatory compliance program (understandably) flew under the radar. Those changes, included in the New York State budget bill, reordered certain provisions in the existing law and significantly changed the requirements for an effective compliance program as detailed in NY Social Services Law (“SSL”) § 363-d.

Among the more legally-significant changes, compliance with SSL § 363-d is now a “condition of payment” from the Medicaid program, meaning that a provider’s receipt of Medicaid reimbursement could be jeopardized if it fails to have an effective compliance plan that satisfies the new requirements. To help enforce these changes, the legislation also established a new monetary penalty of $10,000 per month, to ensure provider compliance. OMIG will begin enforcing the new requirements on January 1, 2021.

In addition, providers are no longer required to separately certify their compliance with the NY Social Services Law or the federal Deficit Reduction Act by December 31st each year. Instead, a provider’s certification of these matters will be combined with the Certification Statement for Provider Billing Medicaid form, which providers must submit annually on anniversary of their Medicaid enrollment.

The changes to SSL § 363 track the previous “eight elements” of an effective compliance plan quite closely, though they have been reorganized and, in certain cases, augmented. OMIG has not yet updated the regulations or its guidance, as found in its previously-publicized Compliance Program Effectiveness Tool, to shed further light on how it will interpret the new requirements. However, some of the key changes providers should consider heading into 2021 include:

  • The establishment of a compliance committee is now explicitly required. While many organizations likely have a compliance committee, policies should be updated to include that committee in the “lines of communication” between individuals, the compliance officer, senior managers and the board.
  • The compliance officer is no longer required to be a W-2 employee of the organization and must now receive effective training and education annually.
  • Disciplinary policies encouraging good faith participation in the compliance program must be “well publicized” within the organization, likely meaning they should be explicitly incorporated into training and education programs and materials and should be made widely available to employees, vendors, etc.
  • Training and education must be provided annually (rather than “periodically”) to employees, senior managers and the board. Providers are no longer required to provide training to “persons associated with the provider”.

For providers that strictly operated in conformance with OMIG’s Compliance Program Effectiveness Tool, a few updates to certain compliance policies and procedures is likely all that is needed to bring in the new year.


This communication is for informational purposes and is not intended as legal advice.