(a) written policies and procedures that describe compliance expectations as embodied in a code of conduct or code of ethics, implement the operation of the compliance program, provide guidance to employees and others on dealing with potential compliance issues, identify how to communicate compliance issues to appropriate compliance personnel and describe how potential compliance problems are investigated and resolved;
(b) designate an employee vested with responsibility for the day-to-day operation of the compliance program; such employee's duties may solely relate to compliance or may be combined with other duties so long as compliance responsibilities are satisfactorily carried out; such employee shall report directly to the entity's chief executive or other senior administrator and shall periodically report directly to the governing body on the activities of the compliance program;
(c) training and education of all affected employees and persons associated with the provider, including executives and governing body members, on compliance issues, expectations and the compliance program operation; such training shall occur periodically and shall be made a part of the orientation for a new employee, appointee or associate, executive and governing body member;
(d) communication lines to the responsible compliance position, as described in paragraph (b) of this subdivision, that are accessible to all employees, persons associated with the provider, executives and governing body members, to allow compliance issues to be reported; such communication lines shall include a method for anonymous and confidential good faith reporting of potential compliance issues as they are identified;
(e) disciplinary policies to encourage good faith participation in the compliance program by all affected individuals, including policies that articulate expectations for reporting compliance issues and assist in their resolution and outline sanctions for: (1) failing to report suspected problems; (2) participating in non-compliant behavior; or (3) encouraging, directing, facilitating or permitting non-compliant behavior; such disciplinary policies shall be fairly and firmly enforced;
(f) a system for routine identification of compliance risk areas specific to the provider type, for self-evaluation of such risk areas, including internal audits and as appropriate external audits, and for evaluation of potential or actual non-compliance as a result of such self-evaluations and audits;
(g) a system for responding to compliance issues as they are raised; for investigating potential compliance problems; responding to compliance problems as identified in the course of self-evaluations and audits; correcting such problems promptly and thoroughly and implementing procedures, policies and systems as necessary to reduce the potential for recurrence; identifying and reporting compliance issues to the department or the office of Medicaid inspector general; and refunding overpayments;
(h) a policy of non-intimidation and non-retaliation for good faith participation in the compliance program, including but not limited to reporting potential issues, investigating issues, self-evaluations, audits and remedial actions, and reporting to appropriate officials as provided in sections seven hundred forty and seven hundred forty-one of the labor law. 3. Upon enrollment in the medical assistance program, a provider shall certify to the department that the provider satisfactorily meets the requirements of this section. Additionally, the commissioner of health and Medicaid inspector general shall have the authority to determine at any time if a provider has a compliance program that satisfactorily meets the requirements of this section.
(a) A compliance program that is accepted by the federal department of health and human services office of inspector general and remains in compliance with the standards promulgated by such office shall be deemed in compliance with the provisions of this section, so long as such plans adequately address medical assistance program risk areas and compliance issues.
(b) A compliance program that meets Federal requirements for managed care provider compliance programs, as specified in the contract or contracts between the department and the Medicaid managed care provider shall be deemed in compliance with the provisions in this section, so long as such programs adequately address medical assistance program risk areas and compliance issues. For purposes of this section, a managed care provider is as defined in paragraph (c) of subdivision one of section three hundred sixty-four-j of this chapter, and includes managed long term care plans.
(c) In the event that the commissioner of health or the Medicaid inspector general finds that the provider does not have a satisfactory program within ninety days after the effective date of the regulations issued pursuant to subdivision four of this section, the provider may be subject to any sanctions or penalties permitted by federal or state laws and regulations, including revocation of the provider's agreement to participate in the medical assistance program. 4. The Medicaid inspector general, in consultation with the department of health, shall promulgate regulations establishing those providers that shall be subject to the provisions of this section including, but not limited to, those subject to the provisions of articles twenty-eight and thirty-six of the public health law, articles sixteen and thirty-one of the mental hygiene law, and other providers of care, services and supplies under the medical assistance program for which the medical assistance program is a substantial portion of their business operations.