This FAQ is also available as a PDF for Download.
General Information
Q. What are protocols?
A. Audit protocols are documents which summarize the audit criteria in reference to the rules and regulations governing specific program areas for a defined retrospective period of time.
Q. Why does the applicable service date range sometimes extend beyond six years?
A. The applicable service date range at the top of protocols may extend beyond six years because protocols are designed to reflect long-term regulatory guidance and any relevant changes that may have occurred over an extended period. Although the date range may appear lengthy, it does not represent the timeframe each audit will cover. The broader date range in protocols simply ensures that the latest guidance and historical regulatory context are available in one comprehensive document.
Q. What do the “For Service Dates” represent?
A. The regulatory and policy references listed on the audit protocol pertain to services performed during the period listed. OMIG audits continue to be bound by the six-year look-back period, as required in Title 18, Sections 504.3 and 517.3. Note that a longer timeframe may be reviewed for situations where fraud may be involved.
Q. Why do some protocols not include “For Service Dates” at the top and other protocols do?
A. OMIG’s current format for protocols is to indicate the specific date range covered by the protocol. Previous versions of protocols may not have indicated this, but as protocols get updated and new protocols developed, the date range covered will be specified on each set of protocols.
Q. How is the look-back period applied to audits?
A. Audits are strictly limited to reviewing services furnished or billed, whichever is later, within the six years preceding OMIG’s notification of its intent to audit the provider. To continue to toll the audit time period, OMIG must commence the audit within 60 days of its written notice of intent to audit, or 120 days with subsequent written notice. This look-back period is bound by regulation and is not impacted by the applicable service date range displayed at the top of each protocol. The protocol’s date range is intended for reference and regulatory context, not to represent the scope of each audit.
Public Health Emergency
Q. Can you clarify intent of the Public Health Emergency (PHE) section of the Protocols?
A. During the PHE, flexibilities or waivers to certain programmatic and billing policies were issued by federal and state agencies overseeing the NYS Medicaid Program. On page 2 of each protocol is a chart listing the guidance documents and communications addressing these flexibilities and waivers, the program agency that issued the guidance, and the date the guidance was issued and revised, if applicable. OMIG collaborated with program agencies in compiling the relevant guidance relating to the PHE. Audit disallowances will not occur where providers adhered to the PHE related guidance. However, disallowances could still apply when regulations and policy not altered by the PHE were not adhered to.
Q. How will COVID-19 PHE flexibilities and waivers impact documentation requirements for audit?
A. During the COVID-19 PHE, federal and state agencies, including New York State Department of Health (DOH), Office of Mental Health (OMH), Office of Addiction Services and Supports (OASAS), and Office for People With Developmental Disabilities (OPWDD), introduced various flexibilities and waivers to support providers in delivering care under challenging conditions. These flexibilities included adjustments to documentation requirements, telehealth service expansions, and temporary modifications to care standards.
For audits covering this period, OMIG will apply these PHE flexibilities when reviewing claims and records for programmatic and billing compliance. Auditors are expected to review such claims within the context of the PHE, meaning they will recognize legitimate, documented uses of flexibilities. However, since flexibilities and/or waivers did not apply to all regulations and policies, audit disallowances may still apply to claims not meeting all requirements. As with all audits, providers are afforded the opportunity to respond to all draft notices of findings which are reviewed and considered by audit staff before finalizing an audit. When a provider believes a PHE flexibility was not appropriately taken into consideration, they may submit documentation and other written materials for OMIG to consider, along with any other written response to a draft notice of findings. Additionally, providers may request an administrative hearing where they can raise any objection contained within their written response to the Draft Audit Report, including any objections to how OMIG applied PHE flexibilities and waivers.
Protocol Development
Q. How is the “Targeted Next Publication” date determined?
A. Audit Protocols go through multiple review phases. A general estimated publication date is established early on, and a more specific date, by quarter, is given after the program agency review (Phase 2) is complete.
Q. If a protocol is updated, how does this impact ongoing audits?
A. Ongoing audits remain bound to the regulations and guidance that were active at the time the service occurred. When protocols are updated, regulations and policies are included to cover all audits already in process up through the current policy at the time of the update.
Q. When are protocol documents updated, and how will I know if there are changes?
A. Protocols are reviewed and updated periodically to align with evolving regulations and audit standards. When no relevant regulatory or policy changes occur for a particular set of protocols, then periodically the end date of the range on the protocol will be updated to the current date. Providers are informed of protocol updates through official OMIG channels, including but not limited to the agency listserv, public website, Medicaid Update, and social media channels. Additionally, current audit protocols and archived protocols are posted on OMIG’s public website.
Q. Can providers request clarification on protocol criteria or service date ranges?
A. Yes, any questions related to the audit protocols or on OMIG’s audit process should be sent to [email protected]. Please note that any questions related to the Medicaid policy cited within the protocols should be directed to the program agency that issued the policy (e.g., DOH, OMH, OASAS, OPWDD, etc.).
Q. What should I do if I notice an error in the protocol or applicable service date range?
A. If a provider suspects an error or discrepancy in a protocol document or its applicable service date range, they should contact [email protected]. Ensuring accurate protocol information is essential for both compliance and audit accuracy, and provider feedback is valuable to keep these resources reliable.
Q. What is my role in receiving audit protocols for comment?
A. Before posting new or updated protocols, OMIG will share the draft protocols with provider associations for review and comment. Comments may indicate errors, discrepancies or disagreements with audit criteria, request that additional policy be referenced, and/or request that additional information be included or modified for clarity. Associations have discretion with how they choose to comment, but all comments are reviewed by OMIG and may result in changes to the protocol, as determined appropriate.
Q. Will provider feedback result in changes to the audit protocols?
A. Provider feedback on drafted audit protocols is an important step, and all comments submitted are carefully reviewed. Changes will be made to the audit protocols where applicable. If comments do not align with regulatory or guidance standards, or reference an aspect which is under the discretion of the department, changes may not be applied. As determined appropriate, OMIG may consult with the applicable program agency before any changes are made to protocols based on association comments.
Q. What types of new rules or audit protocols is OMIG considering?
A. OMIG actively reviews all aspects of the Medicaid program. As part of this review, OMIG assesses the need for new protocols. A new section has been added to the webpage to reflect protocols in development.