OGC Opinion No. 10-11-13

The Office of General Counsel issued the following opinion on November 29, 2010 representing the position of the New York State Insurance Department.

Re: Insurer Audits of Non-Participating Providers

Question Presented:

Do the Insurance Law or the regulations promulgated thereunder provide specific authorization for an insurer to conduct a retrospective audit of claims paid by the insurer for services provided by a health care provider who does not participate in the insurer’s provider network?

Conclusion:

No. The Insurance Law and the regulations promulgated thereunder do not provide specific authorization for an insurer to conduct a retrospective audit of claims paid for services provided by a health care provider who does not participate in the insurer’s provider network. However, the Insurance Law and the regulations promulgated thereunder also do not prohibit an insurer from seeking information from a health care provider who provided the services for which the insurer paid a claim. Further, N.Y. Comp. Codes R. & Regs. tit. 11, Part 86 obligates insurers to conduct fraud audits.

Facts:

The inquiry is of a general nature.

Analysis:

The inquirer asks “whether the [Insurance Department] is aware of any statute, regulation or rule that would give a health insurer (including health maintenance organizations regulated under Article 44 of the Public Health Law) the authority to conduct a retrospective audit of a non-participating health care provider.” By “retrospective audit” the inquirer refers to “a request by a health insurer to a health care provider to supply the insurer with medical records to substantiate past payment of the provider’s claims for health care services, where any alleged overpayment identified by the insurer would result in a demand by the insurer for repayment of the overpayment.”

The Insurance Law and the regulations promulgated thereunder neither specifically authorize nor prohibit an insurer or HMO from asking a health care provider to cooperate with a retrospective audit. Rather, the Insurance Law and the regulations promulgated thereunder evidence that an insurer or HMO may make such requests. For instance, an insurer and an HMO have a weighty obligation under 11 NYCRR Part 86, under which it is not material whether a health care provider is a participating provider or not, to discover and report to the Department evidence of insurance fraud, including a duty to conduct fraud audits. N.Y. Ins. Law § 3224-b(b) (McKinney Supp. 2010), which by its terms does not distinguish between a participating health care provider and a non-participating health care provider, also contemplates retrospective audits by an insurer. Insurance Law § 3224-b(b) limits the time frame within which an insurer or HMO may seek recovery of an overpayment of a claim to two years after the health care provider received payment from the insurer or HMO, except that there is no such time limit if the insurer or HMO has a reasonable belief of fraud or other intentional misconduct, or of abusive billing practices. Further, Insurance Law Article 49, which sets forth a legal framework for a health insurer’s utilization review process, also contemplates retrospective review by an insurer. Insurance Law § 4900(h) defines utilization review to mean “review to determine health care services that have been provided, are being provided or are proposed to be provided to a patient, whether undertaken prior to, concurrent with or subsequent to the delivery of such services are medically necessary.” Public Health Law § 4900(8) sets forth a similar provision for health maintenance organizations. The insurer, or HMO, however, must make a utilization review determination involving health care services that have been delivered within thirty days of receiving the necessary information. Ins. Law § 4903(d) and Pub. Health Law § 4903(4).

However, if an insurer or an HMO were to conduct such retrospective audits as a general practice (1) to avoid either paying claims or providing services covered under the contract or (2) in retaliation for a health care provider leaving a network, the Department would investigate and take the necessary action against the insurer or HMO.

This opinion is limited to an interpretation of the Insurance Law. It does not address the extent to which a provider may disclose health information to the insurer pursuant to any state or federal law, such as the Health Insurance Portability and Accountability Act (HIPAA), enacted as Pub. L. No. 104-191 (1996) and the New York Public Health Law, inasmuch as the Insurance Department does not regulate the provider’s disclosure of health information. Further, please note that the Department’s regulation on privacy of health information applies only to licensees of the Department – it does not apply to health care providers (unless they are licensees of the Department). Questions concerning the HIPAA privacy rule, including whether the requested disclosure is permitted without an authorization or whether the insurer’s authorization is defective, should be addressed to:

Office for Civil Rights
United States Department of Health and Human Services
Suite 3312
26 Federal Plaza
New York, NY 10278

Questions concerning the Public Health Law should be addressed to:

General Counsel
New York State Health Department
Corning Tower
Empire State Plaza
Albany, NY 12237

For further information you may contact Senior Attorney Brenda M. Gibbs at the Albany Office.