Professional Learning Center


For questions, please contact us at: (212) 742-1600

OMIG Part 521 Compliance

The Regulations are codified at 18 N.Y.C.R.R. Part 521.  They require certain entities to adopt and implement an effective compliance program.  The Regulations apply to:

  • Entities licensed under Article 28 or 36 of the New York Public Health Law or Article 16 or 31 of the New York Mental Hygiene Law.
  • Persons or entities that submit claims for, order, bill for or receive payment for Medicaid-covered services with a value of at least $500,000 during any 12-month period. 

Providers must certify their compliance to OMIG each December. An effective compliance program must include the following elements:

  • A code of conduct and written compliance policies
  • Appointment of a compliance officer
  • Training and education of employees and Board members
  • Mechanisms for reporting fraud and abuse, including an anonymous reporting option
  • Employee disciplinary policies
  • Audits and risk assessments
  • Procedures for investigating and responding to compliance problems
  • A policy prohibiting retaliation against employees for reporting fraud or abuse

Description of the Policy Templates

Set forth below is a list of each Policy together with a description of how the Policy is linked to compliance with the Regulations.  These policies were created by our healthcare policy attorney.

Employee Screening Policy.  Although not specifically referenced in the Regulations, a system for screening employees and contractors to ensure that they are not excluded from participating in government health care programs is widely recognized as an essential element of an effective compliance program.  Federal statutes and regulations impose civil monetary penalties on health care providers for submitting claims for reimbursement to a federal health care program for services the provider knows, or should have known, were furnished by or at the direction of an excluded person.  See Social Security Act § 1128A(a)(6); 42 C.F.R. § 1003.102; Article 13 of the New York State Finance Law.  The U.S. Department of Health and Human Services Office of Inspector General (the “OIG”) has stated that providers have an affirmative duty to check the list of excluded persons to avoid liability.  See OIG Special Advisory Bulletin, “The Effect of Exclusion From Participation in Federal Health Care Programs,” September 1999.  The law prohibits the employment or retention of excluded persons not only to directly provide health care services but also to render administrative or management services related to the provision of care reimbursed by a federal health care program. 

Compliance Training Policy.  The Regulations require compliance training and education of all “affected employees and persons associated with the provider, including executives and governing body members ...”  The Regulations state that such training must be carried out “periodically” and must be part of the orientation process for new employees and directors.  18 N.Y.C.R.R. § 521.3(c)(3).

Employee Discipline Policy.  The Regulations require “disciplinary policies to encourage good faith participation in the compliance program by all affected individuals ...”  The policies must include sanctions for (i) failing to report suspected problems, (ii) participating in non-compliant behavior and (iii) encouraging, directing, facilitating or permitting non-compliant behavior.  8 N.Y.C.R.R. § 521.3(c)(5).

Vendor Screening Policy.  See discussion above on the Employee Screening Policy.

Vendor Relations Policy.  Although not specifically referenced in the Regulations, a policy governing relationships with vendors is an important element in reducing the risk of liability under state and federal anti-kickback statutes and assuring compliance with the provisions of the DRA obligating certain health care providers to educate their contractors about the False Claims Act.

Fraud and Abuse Reporting Policy.  The Regulations require communication mechanisms for the reporting of compliance issues by employees, Board members and vendors.  These mechanisms must include an option for anonymous reporting  8 N.Y.C.R.R. § 521.3(c)(4).  The Regulations also require a system for investigating potential compliance programs, taking corrective action, reporting problems to OMIG and refunding overpayments when appropriate.  8 N.Y.C.R.R. § 521.3(c)(7).

Non-Retaliation Policy.  The Regulations require the adoption of a policy of non-intimidation and non-retaliation for reporting compliance concerns and otherwise participating in the compliance program.  8 N.Y.C.R.R. § 521.3(c)(8).

Internal Auditing Policy.  The Regulations require a system for the identification of compliance risk areas and internal auditing of compliance by the organization.  8 N.Y.C.R.R. § 521.3(c)(6).

Government Investigations Policy.  Although not specifically referenced in the Regulations, a policy for managing and assuring cooperation with government audits and investigations is generally considered an important element of an effective compliance program.

Directors and Officers Conflicts of Interest Policy Although not specifically referenced in the Regulations, this policy can assist agencies in ensuring proper governance, which is one of the risk areas identified in the Regulations.  10 N.Y.C.R.R. § 521.3(a)(4).  This policy can also assist agencies in complying with New York statutes governing conflicts of interest in not-for-profit organizations (Sections 715 through 717 of the New York Not-for-Corporation Law) and IRS requirements applicable to tax-exempt organizations.

Employee Conflicts of Interest Policy.  Although not specifically referenced in the Regulations, this policy may be useful for tax-exempt organizations in avoiding claims of private inurement or private benefit.  In addition, the policy may assist agencies in reducing the risk of cost reporting fraud and avoiding violations of state and federal anti-kickback statutes.