The New York State Office of the Medicaid Inspector General (“OMIG”) held a recent Webinar on Evaluating the Effectiveness of Compliance Programs.

New York was the first state to require providers to have a compliance program. The requirement applies to hospitals, nursing homes, clinics, ambulatory surgery centers, home care providers, mental health facilities and facilities for people with mental disabilities that participate in the Medicaid program. It also applies to those providers for which the Medicaid program “constitutes a substantial portion of their business operations,” which OMIG has defined as ordering, providing, billing or claiming $500,000 or more from Medicaid in any consecutive 12-month period. The $500,000 threshold applies if a provider receives the reimbursement directly or indirectly (i.e., Medicaid managed care) from Medicaid funds. There are administrative penalties for failing to meet this requirement, including exclusion from the Medicaid program.

Beginning December 31, 2009, these providers were also required to certify to OMIG that they have an “effective compliance program.” OMIG reported that of the 60,000 Medicaid providers, 12,000 are required to certify that they have an effective compliance program. As of April 1, 2010, only 50% of those providers had provided the required certification. OMIG is contacting those who have not done so. Most who were contacted were unaware of the certification requirement or confused it with the Deficit Reduction Act of 2005 requirement to provide training on the False Claims Act to employees and vendors.
OMIG has redesigned the certification form for 2010 to address this confusion. The new form will be available on December 1, 2010 on the OMIG website.

OMIG’s next priority is to audit whether the certification is accurate. Does the provider really have an effective compliance program? The new form advises providers NOT to submit the certification if they do not have an effective compliance program.

According to OMIG, an effective compliance program will meet the following standards:
• The organization exercises due diligence to prevent and detect inappropriate conduct.
• The organization promotes a culture that encourages ethical conduct and is committed to compliance with the law.
• The compliance program is reasonably designed, implemented and enforced so that the program is generally effective in preventing and detecting improper conduct – the failure to detect a specific offense does not mean this standard is not met.

Beginning next year, OMIG will be measuring the effectiveness of a provider’s compliance programs. What are the metrics that they will use to gauge effectiveness?
1. The provider’s certification history. Has the provider submitted the required certification that it has an effective compliance program in 2009 and 2010?
2. The provider’s audit and investigation history. What has OMIG found when it audited the provider? Has the provider been the subject of an investigation or complaint? How often has the provider been the subject of a Division of Medicaid Investigation audit?
3. The provider’s self-disclosure and self-reporting history. In this regard, more is better. Those providers who have never made a self-disclosure are not detecting inappropriate conduct.
4. The provider’s billing error rate and its ability to detect obvious billing errors, such as billing for services provided after the patient’s date of death or ordered by an excluded person.
5. The provider’s refund and void history, and whether there are any reports of issues associated with rebates and net acquisition cost.
6. Whether the provider is an outlier on the card swipe program for determining a beneficiary’s Medicaid eligibility. OMIG expects providers to achieve card swipe compliance of 85 percent, monitored through post-payment audits of a provider’s claims.
7. Whether the provider accepts orders for automatic refills of supplies and other items.
8. The provider’s performance on quality of care assessments, such as Medicare’s Hospital and Nursing Home Compare Reports and Program for Evaluating Payment Patterns Electronic Report.
9. Whether the provider uses unlicensed or unqualified providers to provide services. For example, is the provider billing for the services provided by a certified alcohol and substance abuse counselor when the services are not billable unless provided by a certified social worker.
10. Whether the provider bills for medically unnecessary services or so-called “Never Events”.
11. Is the provider subject to a corporate integrity agreement or corporate compliance assessment? What is the status of its compliance with these requirements? What does the independent review organization report about the provider?
12. Is the provider the subject of any other regulatory action, such as by the Department of Health, Office of Mental Health, or Medicaid Fraud Control Unit, or a special investigation unit review by a Medicaid managed care program?
13. Does the provider do self-assessments? OMIG has provided a self-assessment tool that providers can use to do the self-assessment.