Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

December 11, 2013

The 2013 Medicaid Provider Certification Process

It is December and that means it is time to certify the effectiveness of your compliance plan. The process is generally the same as last year, but the forms are new with slight variations. The New York State Office of the Medicaid Inspector General (OMIG) reminds providers that they only need to submit the certification forms and do not need to forward their compliance plan or assessment form unless OMIG requests such information at a later time.

Medicaid providers are subject to two sets of certification requirements, a federal requirement under the Deficit Reduction Act of 2005 (DRA) and a New York State requirement under Social Services Law § 363-d(3). Under both laws, providers must certify compliance for the year 2013 by December 31, 2013, which is accomplished by completing the forms located on the website of OMIG. OMIG is tasked with administering both the federal and state certification process in New York and requires completion of the forms in December of each year.

The DRA requires health care entities which receive or make $5 million or more in Medicaid payments during the federal fiscal year (October 1 to September 30) to certify annually that they are in compliance with the federal DRA. The DRA requires providers to establish written policies and procedures designed to inform employees, contractors and agents about the federal and state false claims acts and whistleblower protections. Each year, the provider must certify that it maintains written policies, that its employee handbook includes the materials required by the DRA, that the materials have been properly adopted by the entity and that the materials have been disseminated to employees, contractors and agents. New this year is an option for providers to identify which federal Fiscal Year they are certifying. Most providers will certify the year that has past but the option of certifying both the past and current Fiscal Year is available. Providers can access the DRA certification form on the OMIG website through the following link: This form CANNOT be used to certify that providers have an effective compliance program as required by NYS Social Services Law (SSL) §363-d and 18 NYCRR Part 521.

NYS Social Services Law § 363-d(3) requires the following providers to certify that they have an effective compliance plan:

  • Those providers subject to Article 28 and Article 36 of the Public Health Law (e.g., hospitals, clinics);
  • Those providers subject to Articles 16 and 31 of the Mental Hygiene Law (e.g., OMH and OPWDD providers);
  • Those providers for which Medicaid is a "substantial portion of business operations." That has been interpreted to mean those that claim, order or receive payment for services or supplies directly or indirectly, or submit claims totaling at least $500,000 a year.

OMIG has specifically recognized that some providers may be required to certify to the effectiveness of its compliance plan, even though they are not enrolled in Medicaid (e.g., LHCSAs) and have added that category into the form and into the Frequently Asked Questions.

The eight elements of an effective compliance plan are set forth in Social Services Law § 363-d(2):

  1. written compliance policies and procedures; 
  2. designation of an employee to be the compliance officer;
  3. training for all employees, executives and board members regarding the compliance program;
  4. available communication lines to the compliance officer;
  5. disciplinary procedures to encourage good faith participation;
  6. identification of compliance risk areas;
  7. institution of a system for responding to and investigating reports of non-compliance; and
  8. a policy of non-intimidation and non-retaliation for good faith participation in the compliance program. Again, providers can access the SSL § 363-d(3) certification form on the OMIG website at the following link:

In completing the DRA and § 363-d(3) certification forms, providers should be aware of the following requirements and gather needed information in advance of completing the forms:

  • A certification must be made for each Federal Employer Identification Number (FEIN) that bills or receives a Medicaid payment.
  • The certifying official should be someone at the senior management or Board level. OMIG has stated that, to avoid conflicts of interest, the certifying official should not be the compliance officer, chief financial officer or legal counsel for the agency.
  • The Social Services Law § 363-d(3) certification form contains a section asking the provider to certify each of the eight elements. If a provider cannot answer yes to each element, the form now provides a section to complete explaining what actions will be instituted to complete the requirement and asks when it will be completed. If you have not completed the requirements, OMIG may be following up to ensure compliance.
  • Both the certifying official and the compliance officer should now receive confirmation of the certification. Keep your confirmation. If you cannot locate the confirmation, do not recertify. You can request a copy by email to

Having an effective compliance program is extremely important. OMIG has been reviewing the effectiveness of provider plans and will continue to do so in the coming year. OMIG has posted its Assessment of Results as of March 31, 2013 which includes Best Practices, Opportunities for Enhancement, and Identified Insufficiencies with respect to compliance plan effectiveness reviews. These documents, which can be found at, detail each specific element and how providers have met or not met those elements.

Failure to certify is a violation of statutory and regulatory requirements. A provider's certification history is reviewed and OMIG has stated that certification history is the first metric it will use to identify providers who will become the subject of a compliance program review. New Medicaid providers will not be able to complete the enrollment process without certifying. The certification is an official document and therefore, you must undertake a reasonable level of diligence to ensure that no false or incorrect statements are being made.

Should you need assistance with the certification process or a review of the effectiveness of any current plan, contact Margaret Surowka Rossi at (518) 429-4295 or, Melissa M. Zambri, Chair of the Health Care & Human Services Practice Area at (518) 429-4229 or, or any member of our firm's Health Care & Human Services Practice Area.


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


EPA Lists Two New "Forever Chemicals" Under CERCLA


NYS Governor Hochul Announces Final RFP for New Certified Community Behavioral Health Clinics


The Second Department Affirms Successful Storm in Progress Defense of Slip and Fall Case


The New York FY 2025 Budget – CDPAP FIs Under Threat


Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Anderson, Beauchamp, Murray, Angeles, Monegro, and Bullock—Targeting Businesses in Recent Flurry of Lawsuits


Updated Bulletin on Tracking Technologies in the Health Care Industry

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out