New York Medicaid · 18 NYCRR Subpart 521-1

New York Medicaid compliance, actually operated.

part521 helps Medicaid providers build, run, and document the compliance program required under Subpart 521-1 — without hiring a full-time compliance department.

If you receive $1M+ from New York Medicaid, directly or indirectly, your organization is required to maintain an effective compliance program. We give you the software, workflows, screening, training, hotline, reminders, and optional access to independent compliance professionals to keep that program running.

See what part521 does
Built for NY Medicaid providers Monthly exclusion screening Anonymous hotline included Starts at $99/month
Required threshold
$1M+ Medicaid
Direct or indirect, in any consecutive 12-month period
Penalty for failure to adopt
$5K/month
Plus recoupment, enrollment risk, and termination exposure
Starts at
$99/month
Software, workflows, hotline, screening, and training
Are you required?

If Medicaid is more than a sliver of your revenue, the rule probably applies.

OMIG has been actively enforcing Subpart 521-1 since March 2023. The threshold is broader than most operators realize.

Subpart 521-1 applies to any provider that claims, orders, refers, attests, or receives $1,000,000 or more in any consecutive 12-month period from the New York Medicaid program — directly or indirectly.

"Indirectly" is the part most operators miss. If you contract with a Medicaid Managed Care Organization, an MCO, or another Medicaid-funded entity, those payments count toward your threshold. So do payments routed through brokers like MAS or ModivCare for NEMT.

If you cross that threshold, you're a "Required Provider" and your organization must adopt, implement, and maintain an effective compliance program — and review it annually.

Three quick tests

Are you in scope?

Test 1

Revenue threshold

You received $1M+ from Medicaid in any rolling 12 months — direct, indirect, or via MCO/broker.

Test 2

Provider type

You are a Medicaid-enrolled provider or you serve Medicaid beneficiaries through a Medicaid-funded contract.

Test 3

Activity

You claim, order, refer, attest, or are paid for services that touch the Medicaid program.

Not sure if you're in scope? Take the 60-second eligibility check. We'll tell you whether Subpart 521-1 likely applies and what to do next.
The real problem

A compliance program is not a binder on a shelf. It's an operating requirement.

Adopting a written program is the easy part. Keeping it actually running every month — and being able to prove it — is where most providers come up short.

Subpart 521-1 doesn't just require you to have a program. It requires you to adopt, implement, and maintain one — and to review its effectiveness annually.

That means the program has to be active. Someone has to screen employees and contractors against the federal and state exclusion lists every month. Someone has to assign training and track who completed it. Someone has to maintain a reporting hotline. Someone has to hold compliance committee meetings, document issues raised, follow up on them, and keep the records together for the next audit.

Most small and mid-sized providers don't have that person.

So the job falls to the owner, the administrator, the biller, the dispatcher, or whoever has the least-full plate that week. Which means the program either doesn't get built, doesn't get updated, or — when OMIG asks — can't be proven.

  • Monthly LEIE / SAM / OMIG exclusion screening
  • Training assignment and completion tracking
  • Anonymous reporting and intake
  • Compliance committee meetings and minutes
  • Issue tracking and follow-up
  • Annual effectiveness review and documentation
  • Policy and Code of Conduct updates
  • Audit-ready evidence storage
What part521 does

part521 turns compliance from a scramble into a monthly operating system.

One platform that helps you build the program, keep it running, and add independence — purpose-built for the way Subpart 521-1 actually works.

Build

We help you build the program.

Written compliance program, Code of Conduct, policies, risk areas, committee structure, and adoption documents — generated and tailored to your provider type. You go from zero to a defensible program in days, not months.

Run

We keep it running every month.

Monthly exclusion screening, anonymous hotline, training assignment, meeting agendas and minutes, reminders, follow-ups, and a guided annual effectiveness review. The work happens on a calendar, not on a panic.

Independence

We help you add independence.

Optional access to a curated network of independent compliance professionals — including healthcare attorneys and former regulators — who can serve on your committee or support your program directly. You contract with them; we handle the matching.

What you get

Concrete deliverables. Audit-ready records.

Everything you need to demonstrate that your compliance program is real, active, and documented — in one place.

1

A generated compliance program

Written program, Code of Conduct, policies, risk areas, and adoption documents tailored to your provider type and operations.

2

A live compliance calendar

Monthly, quarterly, and annual tasks queued and tracked — so nothing depends on memory or someone else's calendar.

3

Monthly exclusion screening

LEIE, SAM, and New York exclusion list checks for every employee, contractor, and vendor — with timestamped evidence saved.

4

Training and tracking

Assign required compliance training, track completion across staff, and keep dated records of who took what and when.

5

Anonymous reporting hotline

An independent anonymous reporting channel — phone and web, 24/7, multi-language — operated by a vetted third-party partner. Intake is routed to your team with full case documentation; reporters' identity stays with the partner, not with you.

part521 may receive a referral fee from our hotline partner. See disclosures.

6

Committee meeting workflow

Agendas, minutes, attendance, issues raised, follow-up items, and supporting evidence — stored together by meeting.

7

Guided annual effectiveness review

A structured walk-through that produces the documentation package required for your annual program review.

8

Audit-ready records

Every screening result, training record, meeting minute, hotline log, and policy version stored in one place — ready when OMIG asks.

Who we built this for

Built for Medicaid providers without compliance departments.

part521 is designed for owner-operated and mid-sized New York Medicaid providers who cross the $1M threshold but don't have, and shouldn't need to hire, a full-time compliance department.

NEMT & ambulette Home care (LHCSA / CHHA) Pharmacies DME suppliers Dental practices Behavioral health PT / OT / SLP Article 16 / 28 / 31 Specialty clinics

If Medicaid is a major part of your revenue, the question isn't whether compliance matters. The question is whether you can prove your program is actually operating.

How it works

Four steps from "we should probably do this" to running.

Step 01

Intake

Tell us your provider type, services, and program status. We tailor what comes next.

Step 02

Program generated

Your written program, Code of Conduct, policies, and committee structure — drafted and ready to adopt.

Step 03

Monthly operation

Screening, training, hotline, meetings, and reminders run on the calendar. Records save automatically.

Step 04

Annual review

Guided effectiveness review and documentation package — assembled, not improvised, when OMIG comes calling.

Pricing

Transparent pricing. Built around what your operation actually needs.

Software-led, with optional access to independent compliance professionals through our network. You contract with them directly — we handle the matching and quality control.

Starter
$99/month
Software, workflows, and the records you need to show your program is running.
  • Generated written compliance program
  • Monthly exclusion screening (LEIE, SAM, NY)
  • Anonymous hotline (independent partner)
  • Committee meeting workflow
  • Training assignment and tracking
  • Audit-ready records
Join the waitlist
Operating
$299/month
Everything in Starter plus a guided annual review and direct support when issues come up.
  • Everything in Starter
  • Guided annual effectiveness review
  • Issue triage and escalation support
  • Policy update library
  • Quarterly compliance check-ins
  • Direct support channel
Join the waitlist
Network
+ Pro fees
Add a vetted independent compliance professional to your committee or program. You contract with them directly.
  • Pairs with Starter or Operating
  • Access to curated network of professionals
  • Healthcare attorneys and former regulators
  • Matching based on provider type
  • Quality-controlled introductions
  • Independent contracts (not through part521)
Talk to us
FAQ

Common questions, answered straight.

Does Subpart 521-1 actually apply to my company?

If your organization claims, orders, refers, attests, or receives $1,000,000 or more from the New York Medicaid program in any 12-month period — directly or indirectly through MCOs or other Medicaid-funded entities — yes. The 60-second eligibility check at the top of this page will give you a clearer answer in under a minute.

What counts as "Medicaid revenue"?

Direct fee-for-service Medicaid payments, payments from Medicaid Managed Care Organizations (MCOs), payments routed through Medicaid-funded brokers (such as MAS or ModivCare for NEMT), and payments for services attested or referred under Medicaid all count toward the threshold. The rule defines this broadly on purpose.

What happens if we don't have a compliance program?

OMIG can impose a sanction of up to $5,000 per month for the first violation, with higher sanctions for repeat violations. Beyond direct sanctions, providers face recoupment of Medicaid payments, enrollment risk, and in serious cases, termination from the Medicaid program.

How is part521 different from a generic compliance SaaS?

Generic compliance platforms cover broad regulatory frameworks. part521 is purpose-built around 18 NYCRR Subpart 521-1 — the specific elements OMIG looks for, the specific records they expect, and the operational rhythm New York Medicaid providers need. We help operate the program, not just store policies in a folder.

What does the hotline include?

An independent anonymous reporting channel — toll-free phone and web, 24/7 availability, multi-language operators, and full case documentation. The hotline is operated by a vetted third-party partner (not by part521 and not by you), so reporters trust the channel and anonymity is preserved by an outside party. Reports are routed to your designated compliance contact through the partner's case-management portal. part521 may receive a referral fee from the hotline partner — see disclosures for details.

Who handles the monthly exclusion screening?

part521 runs the screening on your behalf against the federal LEIE, SAM, and the New York State exclusion lists for every employee, contractor, and vendor on your roster. Results and timestamps are saved to your records automatically.

Does part521 replace our healthcare attorney?

No. part521 is a compliance operating system, not a law firm. We help you run the program day-to-day. For legal advice, OMIG matters, contracts, and litigation, you still need counsel. If you don't have a healthcare attorney, our network includes attorneys who work with NY Medicaid providers.

How fast can we be up and running?

Most providers go from intake to an adopted, running program in under two weeks. The program-generation step is days, not months — adoption and rollout are the parts that depend on your team.

Disclosures

How we make money, and how we handle conflicts.

part521 charges customers directly for software and workflow access. In addition, we may receive a referral fee from third-party service providers we recommend — including the anonymous reporting hotline partner described above. The hotline service is provided by an independent third party, and the customer contracts with that provider directly. part521 is not a party to the customer's hotline contract.

We make recommendations based on fit for the customer's risk areas and operating size — not on referral economics. Customers are free to use any qualifying hotline vendor. If we receive a referral fee, the existence of that fee does not affect the customer's price for the hotline service or for part521.

If you have questions about a specific recommendation, write to info@part521.com and we'll explain the relationship before you sign anything.

Get early access

Get on the list. Get ahead of the audit.

Waitlist members are the first conversations we have. You'll get a direct email from us, early access when we open the door, and founding-customer pricing locked in through year one.

We respond to every signup. If you're in an active OMIG matter or facing a specific compliance question right now, tell us in the notes — we'll make sure the right person reaches out.

  • First access when we open to paying customers
  • Founding-customer pricing held through year one
  • Direct conversation with the founder, not a sales rep
  • No obligation — it's a list, not a contract

Join the waitlist

Takes about a minute. We read every one.