New York State Legislature Passes Sweeping Health Care Fraud Reform Legislation

The New York State Legislature recently enacted tough new health care fraud provisions intended to strengthen the state’s Medicaid enforcement efforts. Senate Bill No. S8450, which the governor is expected to sign, mandates a reorganization of the state’s anti-health-care-fraud system by creating an independent Medicaid inspector general’s office that will oversee all Medicaid fraud detection, prevention, and recovery efforts. In addition, S8450 contains provisions directly affecting health care providers, including a requirement that virtually all Medicaid providers must implement a health care compliance program in accordance with the state’s requirements. Finally, S8450 creates new criminal offenses for health care fraud against public as well as private health care plans. Health care providers should take note of this legislation because it not only will result in increased Medicaid fraud enforcement efforts but also will impose a new mandate regarding health care compliance programs that goes well beyond federal law.

Perhaps the most important provision of the new legislation is the requirement that all Medicaid providers must implement a compliance program that addresses billing to and payments from the Medicaid program. According to the legislation’s statement of intent, the purpose of such programs is to "organize provider resources to resolve payment discrepancies and detect inaccurate billings…as quickly and efficiently as possible, and to impose systemic checks and balances to prevent future occurrences."

Providers will receive some guidance on how to comply with this new requirement. The IG, in consultation with the Department of Health, will promulgate regulations establishing which providers are subject to this requirement. In addition, S8450 also requires the IG to create and post on its website a model compliance program to guide providers in evaluating the adequacy of their respective programs.

Affected providers must have a satisfactory program in place within 90 days of the effective date of the new regulations. Although provider compliance programs may differ based on a provider’s size, complexity, resources, and cultures, they all must contain the following key elements:

• written policies and procedures that describe compliance expectations (i.e., a code of conduct or code of ethics) and guide employees on certain aspects of implementation;

• the designation of an employee who is responsible for compliance matters on a daily basis;

• periodic compliance training of all affected employees and persons associated with the provider;

• a method for reporting compliance issues, which must allow for anonymity;

• disciplinary policies that address the consequences for failure to comply with the compliance program;

• a system for routine identification and evaluation of compliance risk areas specific to provider type; and

• a policy of non-retaliation for good faith compliance participation.

A new provider must certify its compliance with these requirements upon enrollment in the Medicaid program. The commissioner of health and the IG have the authority to evaluate continued compliance at any time. Noncompliance can result in sanctions, including revocation of the provider’s Medicaid participation agreement.

This requirement is significant because it is more stringent than federal law. Although the federal Office of Inspector General for the Department of Health and Human Services has recommended that most health care providers and suppliers institute a compliance program, it has not mandated that providers and suppliers take such action. Given the tight timeframe for compliance, all New York Medicaid providers should begin taking steps toward compliance now by evaluating whether current compliance efforts conform to the legislation’s requirements. With only 90 days to become compliant after the regulations are enacted, efforts must start as soon as possible.

Senate Bill No. S8450 establishes an independent office of the Medicaid inspector general (IG) within the Department of Social Services. The IG will coordinate the anti-fraud efforts of Medicaid-related state agencies and local government, and S8450 grants the IG sweeping powers to achieve this goal. In addition to directing state and local anti-fraud efforts, the IG will have far-reaching civil and administrative enforcement powers, which include the authority to:

• solicit, receive, and investigate complaints regarding Medicaid fraud and abuse;

• make appropriate referrals to law enforcement and other governmental authorities;

• withhold Medicaid payments;

• impose administrative sanctions;

• exclude providers and other entities from the Medicaid program;

• pursue civil recoveries and seizure of property and other assets;

• recover illegally obtained funds;

• subpoena documents and witnesses; and

• conduct on-site inspections.

The new legislation requires the IG to report regularly to the governor and other various public officials and agencies on the IG’s activities. Given this high level of public scrutiny, the IG likely will feel pressure to produce results. All Medicaid providers therefore should prepare for a marked increase in Medicaid enforcement activities.

Senate Bill No. S8450 creates five new crimes, including four felonies, related to health care fraud against a private or public health plan. In the past, health care fraud was punishable under other, more general provisions of the criminal code, but these newly created crimes create increased chances of criminal liability for health care fraud. A person is guilty of health care fraud when he or she intentionally defrauds the health plan by knowingly or willfully providing materially false information or by omitting material information for the purpose of requesting payment for health care services. The term "health plan" includes public as well as private payers and therefore extends to interactions with private insurance companies. Violators are subject to fines, imprisonment, or both.

Although the above-mentioned provisions are the most significant, they capture only a portion of the new fraud legislation. Providers should take immediate steps to prepare for implementation of S8450 by evaluating current compliance program policies, procedures, and processes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.