Sorry, you need to enable JavaScript to visit this website.

Title: Section 521.3 - Compliance Program Required Provider Duties

Effective Date


521.3 Compliance Program Required Provider Duties.

(a) Every required provider shall adopt and implement an effective compliance program. The compliance program may be a component of more comprehensive compliance activities by the required provider so long as the requirements of this Part are met. Required providers’ compliance programs shall be applicable to:

(1) billings;

(2) payments;

(3) medical necessity and quality of care;

(4) governance;

(5) mandatory reporting;

(6) credentialing; and

(7) other risk areas that are or should with due diligence be identified by the provider.

(b) Upon applying for enrollment in the medical assistance program, and during the month of December each year thereafter, a required provider shall certify to the department, using a form provided by the Office of the Medicaid Inspector General on its website, that a compliance program meeting the requirements of this Part is in place. The Office of the Medicaid Inspector General will make available on its website compliance program guidelines for certain types of required providers.

(c) A required provider's compliance program shall include the following elements:

(1) written policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, provide guidance to employees and others on dealing with potential compliance issues, identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved;

(2) designate an employee vested with responsibility for the day-to-day operation of the compliance program; such employee's duties may solely relate to compliance or may be combined with other duties so long as compliance responsibilities are satisfactorily carried out; such employee shall report directly to the entity's chief executive or other senior administrator designated by the chief executive and shall periodically report directly to the governing body on the activities of the compliance program;

(3) training and education of all affected employees and persons associated with the provider, including executives and governing body members, on compliance issues, expectations and the compliance program operation; such training shall occur periodically and shall be made a part of the orientation for a new employee, appointee or associate, executive and governing body member;

(4) communication lines to the responsible compliance position, as described in paragraph (2) of this subdivision, that are accessible to all employees, persons associated with the provider, executives and governing body members, to allow compliance issues to be reported; such communication lines shall include a method for anonymous and confidential good faith reporting of potential compliance issues as they are identified;

(5) disciplinary policies to encourage good faith participation in the compliance program by all affected individuals, including policies that articulate expectations for reporting compliance issues and assist in their resolution and outline sanctions for:

(i) failing to report suspected problems;

(ii) participating in non-compliant behavior; or

(iii) encouraging, directing, facilitating or permitting either actively or passively non-compliant behavior;
such disciplinary policies shall be fairly and firmly enforced;

(6) a system for routine identification of compliance risk areas specific to the provider type, for self-evaluation of such risk areas, including but not limited to internal audits and as appropriate external audits, and for evaluation of potential or actual non-compliance as a result of such self-evaluations and audits, credentialing of providers and persons associated with providers, mandatory reporting, governance, and quality of care of medical assistance program beneficiaries;

(7) a system for responding to compliance issues as they are raised; for investigating potential compliance problems; responding to compliance problems as identified in the course of self-evaluations and audits; correcting such problems promptly and thoroughly and implementing procedures, policies and systems as necessary to reduce the potential for recurrence; identifying and reporting compliance issues to the department or the office of Medicaid inspector general; and refunding overpayments;

(8) a policy of non-intimidation and non-retaliation for good faith participation in the compliance program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in sections seven hundred forty and seven hundred forty-one of the labor law.


VOLUME C (Title 18)