OGC Op. No. 10-11-13
The Office of General Counsel issued the following opinion on November 29, 2010 representing the position of the New York State Insurance Department.
Re: Insurer Audits of Non-Participating Providers
Do the Insurance Law or the regulations promulgated thereunder provide specific authorization for an insurer to conduct a retrospective audit of claims paid by the insurer for services provided by a health care provider who does not participate in the insurer’s provider network?
No. The Insurance Law and the regulations promulgated thereunder do not provide specific authorization for an insurer to conduct a retrospective audit of claims paid for services provided by a health care provider who does not participate in the insurer’s provider network. However, the Insurance Law and the regulations promulgated thereunder also do not prohibit an insurer from seeking information from a health care provider who provided the services for which the insurer paid a claim. Further, N.Y. Comp. Codes R. & Regs. tit. 11, Part 86 obligates insurers to conduct fraud audits.
The inquiry is of a general nature.
The inquirer asks “whether the [Insurance Department] is aware of any statute, regulation or rule that would give a health insurer (including health maintenance organizations regulated under Article 44 of the Public Health Law) the authority to conduct a retrospective audit of a non-participating health care provider.” By “retrospective audit” the inquirer refers to “a request by a health insurer to a health care provider to supply the insurer with medical records to substantiate past payment of the provider’s claims for health care services, where any alleged overpayment identified by the insurer would result in a demand by the insurer for repayment of the overpayment.”
The Insurance Law and the regulations promulgated thereunder neither specifically authorize nor prohibit an insurer or HMO from asking a health care provider to cooperate with a retrospective audit. Rather, the Insurance Law and the regulations promulgated thereunder evidence that an insurer or HMO may make such requests. For instance, an insurer and an HMO have a weighty obligation under 11 NYCRR Part 86, under which it is not material whether a health care provider is a participating provider or not, to discover and report to the Department evidence of insurance fraud, including a duty to conduct fraud audits. N.Y. Ins. Law
However, if an insurer or an HMO were to conduct such retrospective audits as a general practice (1) to avoid either paying claims or providing services covered under the contract or (2) in retaliation for a health care provider leaving a network, the Department would investigate and take the necessary action against the insurer or HMO.
This opinion is limited to an interpretation of the Insurance Law. It does not address the extent to which a provider may disclose health information to the insurer pursuant to any state or federal law, such as the Health Insurance Portability and Accountability Act (HIPAA), enacted as Pub. L. No. 104-191 (1996) and the New York Public Health Law, inasmuch as the Insurance Department does not regulate the provider’s disclosure of health information. Further, please note that the Department’s regulation on privacy of health information applies only to licensees of the Department – it does not apply to health care providers (unless they are licensees of the Department). Questions concerning the HIPAA privacy rule, including whether the requested disclosure is permitted without an authorization or whether the insurer’s authorization is defective, should be addressed to:
Office for Civil Rights
United States Department of Health and Human Services
26 Federal Plaza
New York, NY 10278
Questions concerning the Public Health Law should be addressed to:
New York State Health Department
Empire State Plaza
Albany, NY 12237
For further information you may contact Senior Attorney Brenda M. Gibbs at the Albany Office.