Find taxpayer tools, guidelines for procurement professionals, and resources for those who work with Medicaid.
What is an OSC audit?
Pursuant to our statutory authority, OSC’s Audit Division conducts audits of the executive branch of state government, including all entities exercising executive branch authority, public institutions of higher education, independent state authorities, units of local government, and boards of education. OSC also has the governance to audit the records of private vendors and other persons contracting with or receiving funds from these government entities. Furthermore, OSC has the authority to enforce remediation plans to address recommendations resulting from audits of any of these entities.
Audits conducted by the Audit Division comply with Generally Accepted Government Auditing Standards issued by the U.S. Government Accountability Office and are commonly known as the Yellow Book.
First of all, what is an audit?
A typical audit engagement is an operational review of an agency or a specific program to assess its efficiency or effectiveness and to identify areas for improvement. A performance audit looks to identify areas for improvement and offer recommendations for strengthening operations and identifying areas for efficiencies.
How does OSC select its auditees?
OSC’s enabling legislation requires us to “establish objective criteria for undertaking performance and other reviews authorized by this act.” To that end, OSC developed a risk/priority evaluation matrix that considers a number of risk factors, including the entity’s past performance, size of entity’s budget, the frequency, scope, and quality of prior audits, and other credible information to determine the necessity of a review. OSC then conducts research along these parameters and assesses the risks associated with each applicable factor to determine its priority level.
What happens during an OSC audit?
The audit begins with an opening conference between the auditee’s management and the audit team. The auditee is informed about the audit process and offered an opportunity for input. Our auditors maintain communication with the auditee’s management during all phases of the audit.
In the audit survey phase, the audit team conducts a survey of organizational and programmatic information to develop a more complete understanding of the organization. This phase also determines the areas that will be audited. Our auditors review the auditee’s policies and procedures, their finances including budget and audit reports, any contracts, collective bargaining agreements, board meeting minutes, and other related documents to understand their operations. We also interview personnel to obtain an understanding of their job responsibilities, overall operations, and the auditee’s internal controls.
Field work is comprised of planning the audit and obtaining sufficient and appropriate audit evidence to document our audit conclusions. Upon completing the field work phase for each audit area, audit staff will discuss the preliminary findings and conclusions with the appropriate agency officials. Responses to these preliminary findings should be provided and any factual differences resolved.
At the completion of the audit field work, the audit team will meet with agency officials to discuss the audit results. Prior to the meeting, we provide a discussion copy of the audit report to the auditee and request a formal response.
At the conclusion of an audit, OSC issues a report with our findings which is published on our website. It’s our way of reporting back to the taxpayers what we our audit found and advancing transparency with how state entities operate. After the release of an audit, OSC will follow up with the auditee to determine if management has taken corrective action to address our findings.
Does OSC's work overlap with other offices?
OSC is required to coordinate with other state agencies responsible for conducting audits, investigations, and similar reviews, such as the New Jersey State Commission of Investigation, the Office of the State Auditor, and the Attorney General’s Office. This coordination serves to avoid duplication of efforts while optimizing the use of resources, as well as, promoting effective working relationships and avoiding the unnecessary expenditure of public funds. We continue to work closely with both state and federal audit and law enforcement officials in this regard.
Who audits the auditors?
The New Jersey Office of the State Comptroller’s Audit Division is audited by the National State Auditors Association (NSAA), a part of the National Association of State Auditors, Comptrollers and Treasurers (NASACT). NASACT is an organization for state officials tasked with the financial management of state government.
NSAA’s external peer reviews are conducted once every three years and are designed to provide an independent assessment of state audit organizations. The external peer reviews are specifically designed to determine whether the audited organization has an adequately designed internal quality control system and are in compliance with that system.
The Audit Division’s most recent peer review was completed in 2020. We received the highest possible rating, concluding that OSC’s system for quality control had been “suitably designed” and complied with government auditing standards.
To read our most recent external peer review, click here.
For more information about NASACT, go to http://www.nasact.org/.
What are internal controls and why are they necessary?
What is an Internal Control?
Most audit findings stem from a lack of, or inadequate, internal controls in place to prevent waste, fraud, and abuse. Here’s what internal controls look like in practice and why they’re so essential in preventing waste, fraud, and abuse.
An internal control is essentially a process or procedure that helps an organization meet the following goals:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws, regulations, and policies
Components of Internal Controls
Internal controls consist of five interrelated components that work together to achieve the entity’s goals:
1. Control environment. Effective internal controls need positive and strong “tone from the top.” That includes management’s philosophy and operating style towards controls, human resources policies and practices, and organizational structure.
2. Risk assessment. A risk assessment is the evaluation to determine those areas and functions that have a risk of errors, noncompliance, and fraud. Controls can then be put in place to mitigate risk.
3. Control activities. Control activities are policies and procedures put into place to mitigate risk. They are designed to help ensure management directives are carried out and occur throughout the organization at all levels.
4. Information and communication. An organization needs systems that identify, capture, and distribute information on the entity’s financial and program operations. Information should be communicated to management and other employees who require it in a form and within a time frame that helps them carry out their responsibilities.
5. Monitoring. Monitoring is management’s review of controls to verify they’re in place and achieving the organization’s objectives. Management must continually review performance and take corrective action to fix any identified internal control weaknesses.
Robust internal controls start with the organizations’ management and its “tone at the top”. The tone is set by management and includes ethics and code of conduct. The tone establishes the organization’s guiding values. All staff have a role in effective internal controls.
Examples of Internal Controls:
Segregation of duties. Making sure different employees are involved in completing a process helps prevent fraud and increases the chance of catching errors or potential violations. In its 2020 audit of three state agencies and credit card purchases, OSC found that two of the three agencies did not have adequate internal controls in place to ensure the segregation of duties. Allowing employees to approve their own transactions increases the risk of fraud and misuse of state funds.
Policies and procedures. It’s important for organizations to have written policies and procedures in place to prevent people from gaining special advantages and to ensure consistency. For example, OSC audited three New Jersey public colleges and universities and found that none of the three had official policies or procedures for calculating their mandatory fees, which constituted about one-third of the cost of attending college and ran between $3,600 and $4,600 per student. Only one school was able to provide documentation justifying their mandatory fee increases.
Documentation and reconciliations. Maintaining proper and accurate documentation, especially when it involves public funds, is extremely important in preventing waste. Comparisons between similar records maintained by different people is one way to catch errors, duplications, and waste. A 2010 OSC audit found that state government was spending millions annually on unused phone lines. Many state departments were not maintaining documentation to justify their assignment of wireless devices to employees. At the time of the audit, approximately 19,000 such devices were assigned to executive branch employees.
Understanding fraud, waste and abuse
The Office of the State Comptroller is charged with examining state entities to make sure they're serving taxpayers effectively and efficiently. That means making sure that controls are in place to prevent waste, fraud and abuse -- the main three ways that taxpayer dollars are misspent, often for personal gain and against the interest of all residents.
Here we'll break down what is considered waste, fraud or abuse -- and the most common warning signs they might be occurring.
What is fraud?
Fraud is the intentional or deliberate act to deprive another of property or money by deception or other unfair means. Fraud involves obtaining something of value through willful misrepresentation. Whether an act is, in fact, fraud is determined through the judicial or other adjudicative system and is beyond the auditors’ professional responsibility. Source.
Exaples of fraud indicators include:
- Unsupported or unauthorized transactions
- Missing or altered documents
- Unusual delays in providing requested information
- Inadequate or absent internal controls
- Employees living beyond their means
The Fraud Triangle:
Fraud occurs when someone’s motive, their rationalization, and the opportunity to commit fraud all align.
Donald Cressey developed the Fraud Triangle to explain how these three factors intersect. His hypothesis was that when somebody has a financial need – and when they believe that they can address that need by violating someone’s financial trust – they are then able to rationalize that violation. This is when fraud occurs.
New Jersey example of potential fraud
In a 2014 report, OSC found that the now-defunct Newark Watershed Conservation and Development Corporation operated free from any meaningful oversight, fostering an environment that allowed the agency’s executive director to write unauthorized payroll checks to herself, hand out no-bid contracts to close personal associates, and surreptitiously authorize risky investment activity in an account that lost more than $500,000 in public funds.
In a report issued in 2019, OSC uncovered an improper waste disposal arrangement entered into by Thomas Harper, the Mayor of Wrightstown and the Chairman of the Wrightstown Municipal Utilities Authority (WMUA), and Rodman Lucas, the Operations Manager of the WMUA. Without the knowledge of, or consent from, the WMUA Board Members, Lucas’ private septage company dumped over 565,000 gallons of private septage at the WMUA for free, bypassing $21,000 in disposal fees. For more than three years, Lucas’ company dumped waste collected from residences and businesses unfiltered and directly into a manhole. During this period, no other private companies were afforded this benefit.
What is waste?
Waste is defined as the act of using or expending resources carelessly, extravagantly, or to no purpose. It doesn’t always involve a violation of the law, but usually is a result of mismanagement and taxpayers not getting a good deal for their money. Waste can include activities that do not include abuse and does not necessarily involve a violation of law.
Examples of waste include:
- Using funds for unnecessary reasons
- Travel costs that are contrary to existing policies
- Programmatic or operational mismanagement
- Incurring unnecessary costs resulting from inefficient or ineffective practices, systems, or controls
- Improper practices that don’t rise to the level of outright fraud
New Jersey example of waste
In 2011, the OSC released a report that found New Jersey spent millions on unnecessary clothing allowances for white-collar state workers – in other words, state workers who did not have to wear uniforms. OSC’s survey found that 48 percent of white-collar employees who received the $700 annual payment did not wear uniforms or other specialized work clothing. “The state spends millions of dollars every year to cover the cost of uniforms for state employees who don’t actually wear uniforms,” former State Comptroller Matthew Boxer said at the time. “It’s absurd.” While not a violation of the law, OSC concluded that New Jersey’s clothing allowance policies were far more generous than those of other states and did not require proof of purchase to receive the allowance.
In a more recent report, OSC found that internal control deficiencies in the Borough of Roselle resulted in improper and wasteful spending. Roselle paid $800,000 in health insurance coverage or opt-out waiver payments to 12 employees who were ineligible for benefits and to 10 retired employees or their spouses who were deceased. In addition, the Borough continues to pay for health care coverage for dependents even after the retired employees are deceased which is more generous than New Jersey’s state health care plan. OSC also found that the municipal clerk was suspended with pay pending an investigation concerning the clerk’s office in May 2012. The disciplinary action went unresolved for six years and Roselle paid $611,000 in payroll and $48,000 in health benefit opt-out payments to the clerk during this period.
What is abuse?
Abuse is behavior that is deficient or improper when compared with behavior that a prudent person would consider reasonable and necessary business practice given the facts and circumstances. Abuse can manifest as somebody misusing their authority or position for personal gain or participating in self-dealing. Like waste, abuse doesn’t necessarily involve violating the law, but still results in a loss to taxpayers.
Examples of abuse
- Creating unncessary overtime
- Requesting staff to perform personal errands
- Performing tasks related to a personal business during work hours
- Misusing an official position for personal gain
- Procuring goods or services that are extravagant or unnecessarily expensive
New Jersey example of abuse
In 2021, OSC investigated the Borough of Palisades Park and found widespread financial mismanagement and abuse. Specifically, the Borough’s Business Administrator submitted a $68,000 reimbursement request for personal expenses which Borough officials approved. The reimbursement included:
- $16,000 in accounting services for his private business
- $10,500 in legal fees for his wife
- $5,200 for a cancelled pre-paid vacation
The reimbursement request was rescinded, but using taxpayer money to cover personal expenses constitutes an abuse of public funds.
In a report issued in February 2018, OSC found that the former Executive Director of the Jersey City Municipal Utilities Authority (JCMUA) authorized and approved more than $26,000 in salary increases and other benefits for himself without Board knowledge or approval. In 2013 and 2014, the former Executive Director granted administrative employees, including himself, a yearly cost-of-living adjustment that increased his annual salary by $7,625. He also authorized JCMUA’s vacation and sick leave buy back policy for administrative 22 employees, including himself. The former Executive Director was reimbursed more than $18,000 as a result of this policy.
Local Public Contracts Law Required Forms and When They're Due
WHEN FORMS ARE DUE
TYPE OF PROCUREMENT
Ownership Disclosure Form
With Bid Submission
Acknowledgement of Addenda
N.J.S.A. 40A:11-23.1(a); N.J.S.A. 40A:11-23.2(e)
With Bid Submission
With Bid Submission
With Bid Submission
Construction and Goods or services (if required by contracting unit)
Consent of Surety
With Bid Submission
Named Subcontractors in Bid for Listed Specialty Trades
With Bid Submission
Construction (Does Not Apply to Road Work)
Federal Debarment Certification
Prior to Contract Award
Business Registration Certificate1
Prior to Contract Award
Public Works Contractor Registration Certificate2
N.J.S.A. 34:11-56.48 et seq.
Prior to Contract Award
Disclosure of Investment Activities in Iran Certification3
N.J.S.A. 40A:11-2.1; N.J.S.A. 52:32-58
Prior to Contract Award
N.J.S.A. 10:5-32; N.J.A.C. 17:27-3.1
After Notice of Award, Prior to Signing Contract
AA-302 or Letter of Federal Approval or Certificate of Employee Information Report
N.J.S.A. 10:5-32; N.J.A.C. 17:27-3.1
After Notice of Award, Prior to Signing Contract
Goods & Services
Common Mistakes and Explanations:
- Requiring the Business Registration Certification (BRC) with the bid: A 2009 amendment to N.J.S.A. 52:32-44 extended the time for BRC submission until prior to contract award. The BRC was also removed from the list of mandatory bid items in N.J.S.A. 40A:11-23.2. Don’t reject a bid for failure to submit the BRC with the bid.
- Requiring the Public Works Contractor Registration with the bid: The Public Works Contractor Registration Act provides that the bidder and any named subcontractors must be registered before submitting the bid, but does not specifically require submission of proof of registration with the bid. The winning bidder must submit copies of its subs’ registrations prior to the award of the contract (see N.J.S.A. 34:11-56.55).
Amendment to certification and disclosure regarding investment activities in Iran:
On January 29, 2021, Public Law 2021, chapter 4 became effective, making the investment activities in Iran disclosure now due prior to the time a contract is awarded and at the time the contract is renewed.
Previously, N.J.S.A. 52:32-57 required bidders to certify at the time of bid submission or contract renewal, that the person or entity submitting the bid or proposal is not identified on a list created pursuant to the statute as a person or entity engaging in investment activities in Iran.
As a result of the amendment, a bid or proposal no longer has to be rejected if the certification is not included; rather, the certification can be submitted prior to contract award. Contracting units should immediately update their bid checklists and templates to reflect this change in the law. See P.L. 2014, c. 4
Awarding Tie Bids under the Local Public Contracts Law
When faced with a tie bid where two or more responses offer equal prices and are the lowest responsible bids, what standard should be used to award the contract? Below are two scenarios often found in Instructions to Bidders that are not compliant with the Local Public Contracts Law:
- Draw lots by placing the name of each tie bidder in a suitable receptacle or closed container and then vigorously shake it while a representative of the municipality draws the name of the successful bidder from the receptacle; or
- Award the contract by a coin toss. The tie bidders choose “heads” or “tails” while a representative of the municipality proceeds to toss a coin. The bidder that chooses the side of the coin facing upwards is the successful bidder.
Why It Is Wrong
The Local Public Contracts Law addresses tie bids by authorizing the contracting unit to award the contract to the vendor whose response, in the discretion of the contract unit is the most advantageous, price and other factors considered. N.J.S.A. 40A:11-6.1(d)
Update your bid template to state that whenever two or more responses to a request of a contracting agent offer equal prices and are the lowest responsible bids or proposals, the contracting unit may award the contract to the vendor whose response, in the discretion of the contracting unit, is the most advantageous, price and other factors considered.
In addition, include in the award resolution or purchase order documentation an explanation as to why the vendor selected is the most advantageous.
Proper Notice of Addenda under the Local Public Contracts Law
1. Not issuing addenda directly to bidders.
2. Issuing addenda to bidders by email or other electronic means.
3. Issuing addenda less than seven days prior to bid opening.
4. Failing to publish notice of addenda in the newspaper (for goods, services and municipal solid waste collection and disposal contracts).
Why It Is Wrong
N.J.S.A. 40A:11-23(c) outlines the manner in which addenda must be issued. For all contracts except for construction work and municipal solid waste collection and disposal service, notice shall be published no later than seven days, Saturdays, Sundays, and holidays excepted, prior to the date for acceptance of bids:
- In an official newspaper of the contracting unit, AND
- Be provided to any person who has submitted a bid or who has received a bid package, in one of the following ways:
- in writing by certified mail, or
- by certified facsimile transmission, meaning that the sender’s facsimile machine produces a receipt showing date and time of transmission and that the transmission was successful, or
- by a delivery service that provides certification of delivery to the sender.
For contracts for construction work, notice shall be provided no later than seven days, Saturdays, Sundays, or holidays excepted, prior to the date for acceptance of bids:
- To any person who has submitted a bid or who has received a bid package in any of the following ways:
- in writing by certified mail, or
- by certified facsimile transmission, meaning that the sender’s facsimile machine produces a receipt showing date and time of transmission and that the transmission was successful, or
- by a delivery service that provides certification of delivery to the sender.
For municipal solid waste collection and disposal contracts, notice shall be published in an official newspaper of the contracting unit and in at least one newspaper of general circulation published in the State no later than seven days, Saturdays, Sundays, and holidays excepted, prior to the date for acceptance of bids.
- For goods, services, and construction contracts, provide addenda to any bidder who has received a bid package in a certified manner (mail, fax, other delivery service). Unless the procurement qualifies as an “electronic procurement” using an electronic procurement platform under J.A.C. 5:35-5.2 and 5.3, addenda cannot be transmitted electronically. (See N.J.A.C. 5:34-5.3(e).)
- Publish notice of addenda in an official newspaper for all goods, services, and municipal solid waste collection and disposal contracts.
- Publish and provide notice of addenda in a timely fashion, no later than seven days, weekends and holidays excepted, prior to bid opening. If addenda are issued after this time, extend the bid opening date accordingly.
Best Practices Checklist for Engaging and Managing Legal Counsel
The following checklist provides guidance to local government units (LGUs) for engaging and managing legal counsel. These best practices are divided into four categories: (1) developing policies and procedures, (2) conducting a competitive procurement, (3) drafting written contracts with legal counsel, and (4) managing legal counsel contracts.
1. Developing Policies and Procedures
Developing policies and procedures regarding the procurement, use and management of legal counsel can help reduce legal costs, ensure transparency and promote accountability. Specifically, we highlight the following best practices:
- Establish policies and procedures for procuring legal counsel. Determine who is responsible for developing the Request for Qualifications, what evaluative criteria will be used, who will participate in the evaluation of the responses and how scoring will be documented. Ensure that the procurement process complies with state and local pay-to-play laws.
- Develop clearly defined job descriptions and job duties for in-house counsel. Ensure appropriate supervision of those attorneys.
- Determine who is responsible for delegating work to outside counsel or determining whether work should be performed in-house. Clearly distinguish between services that should be provided by in-house counsel as opposed to those to be provided by outside counsel.
- Establish processes for requesting legal advice. Determine who is authorized to contact outside counsel to request legal advice and what internal documentation should be maintained reflecting those contacts. School districts should further ensure that their internal policies and procedures comply with the requirements of N.J.A.C. 6A:23A-5.2(a)(2).
- Periodically review operating practices to ensure that those practices are in compliance with stated policies and procedures.
2. Conducting a Competitive Procurement
The following best practices for procuring legal services are designed to promote public confidence in the public contracting process and ensure that LGUs are obtaining the most cost-effective services:
- Ensure the pool of potential law firms or attorneys submitting proposals is as expansive as possible. Broadly advertise legal services contracts on websites, in newspapers and through other available media. Endeavor to secure proposals from numerous law firms for each area of expertise sought.
- Draft clear and unambiguous solicitations. Solicitations for legal services should contain a clear and unambiguous statement of the work to be performed by the attorney or the area of law in which the attorney will be delegated work. The solicitation should clearly distinguish which services, if any, will be covered under a retainer and which services the attorney may bill for at an hourly rate.
- Judge proposals based on pre-determined, merit-based criteria made known to vendors in the Request for Proposals (RFP) or Request for Qualifications (RFQ). If certain criteria are more important to the LGU than others, consider assigning different weights to each criterion based on its relative importance. If the LGU uses an RFQ process to establish a pool of pre-qualified law firms or attorneys to perform services in a particular area of law, the LGU should specify in the RFQ how work will be delegated among the attorneys in that pool. For example, the LGU may select from the pool based on price quotations, on a rotating basis or based on other evaluative criteria specified in advance by the LGU.
- Establish a qualified evaluation committee. Ensure that the members of the evaluation committee are qualified to judge the strengths and weaknesses of the proposals. Carefully screen potential committee members to ensure that they are impartial arbiters in compliance with the Local Government Ethics Law, N.J.S.A. 40A:9-22.1 et seq., and the School Ethics Act, N.J.S.A.18A:12-21.
- Use a scoring process understandable to evaluators and vendors and maintain appropriate documentation. Provide the criteria upon which proposals will be judged in writing to members of the evaluation committee prior to judging the proposals to allow for fully informed decision making. Members of the evaluation committee should provide written comments explaining the score they give to each proposal. This ensures a record of the decision-making process and a basis for review in the event of a legal challenge. Document every step of the evaluative process.
3. Using Formal Written Contracts with Legal Counsel
Contracts with outside legal counsel should address, at a minimum, the following topics related to billing and fee arrangements:
- Scope of services/retainer arrangement: The scope of work and the scope of the retainer should mirror the scope of work and scope of retainer included in the RFP or RFQ. Ensure there is no overlap between services to be covered by the retainer and those that can be billed hourly.
- Billing rate and terms: Set forth the approved billing rates for attorneys for the term of the contract.
- Administrative work and secretarial services: The contract should make clear that administrative work and secretarial services may not be billed at an hourly rate.
- Expenses and disbursements: Pay only for actual expenses incurred. The contract should set forth which expenses are reimbursable and should require itemized bills that detail disbursements.
- Billing for travel time: Set forth whether travel time is billable and at what rate.
- Staffing expectations: Designate a primary contact person at the LGU for the law firm. Address staffing expectations with regard to legal matters including conferences, court appearances and external meetings.
- Detailed billing invoices: Ensure that billing invoices include: (1) matter name, (2) date of service, (3) attorney’s name or identification number, (4) attorney’s hourly rate, (5) total charge for each task or billing entry, (6) a detailed description of the services provided or tasks performed and all individuals involved, (7) the amount of time spent on each particular service or task, and (8) an itemized list of any expenses or disbursements. Non-descriptive entries should not be accepted.
- Block billing: Require individualized, separate billing entries for each task performed. Do not allow block billing.
4. Managing Legal Counsel Contracts
With proper management of legal services contracts, LGUs can avoid excessive, unauthorized or fraudulent charges and can improve the quality of the legal services they receive. The following have been identified as best practices in this regard:
- Designate one employee who will have primary responsibility for reviewing the LGU’s legal bills. The designated employee should conduct a detailed and thorough review of all legal billing on a monthly basis to determine whether the billing complies with contractual requirements and whether all entries are appropriate. For example, the employee should confirm that all billing entries are individualized (i.e., not block billed) and sufficiently detailed, that the appropriate billing rate has been applied, that expenses have been itemized and that the monthly charges have been correctly calculated.
- Periodically review the structure of legal counsel arrangements to determine whether costs savings or other improvements can be achieved.
- If the LGU has established a cap on legal services fees, the LGU should monitor those fees and ensure compliance with the cap. If the cap must be exceeded, ensure there is appropriate written authorization to do so.
Best Practices for Awarding Service Contracts
Download OSC's resource, Best Practices for Awarding Service Contracts, which gives guidance to New Jersey government units concerning practices that will better ensure efficiency, transparency, and accountability in the award of contracts for services.
Medicaid Fraud Frequently Asked Questions
Is it wrong for my NJ Medicaid service provider to offer or give me money and/or various items such as gifts, coupons, vouchers, trips, etc.?
Yes. An offer of money or any other items or services of value by a Medicaid provider is a violation of the Federal Anti-Kickback Statute Social Security Act 42 U.S.C. § 1320(a) and 7(b).
Am I responsible to pay money to my doctor or pharmacist for the services they provide to me?
Not generally. However, certain NJ FamilyCare Plans, i.e. C & D, may require a nominal copay for some services. If prescriptions services are paid through the PAAD or Senior Gold program a nominal copay may be required.
How can I report Medicaid fraud and abuse to the Medicaid Fraud Division?
You may either call our Fraud Hotline directly at 1.888.937.2835, submit a form online or send us an email to firstname.lastname@example.org.
If I report an incident, can I remain anonymous?
What happens to my case once I file a report?
Your case will be assigned to an investigator. As long as you provide adequate contact information, the investigator may reach out to you for additional information.
Is everything I say kept confidential?
If you would prefer, we will keep your information confidential. Please note, though, that allegations of patient abuse will be referred to the proper authorities.
Will I be told of the outcome of my case?
If the result is public knowledge and not confidential, you will be notified of the outcome.
What happens if you cannot help me?
We will refer you to the proper agency, if we cannot work on your case.
How long does an investigation take?
It depends on the depth of the investigation, but some cases can be resolved within 90 days, while other, particularly more complex matters, may require additional time.
New Jersey does not require Medicaid providers to have a compliance program; however, the Medicaid Fraud Division strongly encourages providers whose payments from the Medicaid program exceed $100,000 per year to implement a compliance program.
A successful compliance program addresses the provider's need to prevent fraud, waste and abuse and carries the added benefit of improving the provision of quality health care at lower costs. A successful compliance program also openly demonstrates, to employees and the public, the provider's commitment to conducting its affairs honestly and responsibly.
Compliance programs encourage employees to report potential problems and permit the provider to conduct an internal investigation and take corrective action. Thus, the successful compliance program should increase the likelihood of preventing, identifying and correcting unlawful, abusive or wasteful conduct at an early stage, minimizing financial loss to the government, to taxpayers and to the provider.
Compliance programs need to encompass billings, payments, medical necessity, quality of care, governance, credentialing and other risk areas that a provider, with due diligence, identifies. Specifically, any compliance plan should include the following elements:
- Designation of a chief compliance officer responsible for the day-to-day operation of the compliance program; this employee should report directly to the provider's chief executive and periodically report to the governing body (if such a body exists) on the activities of the compliance program;
- Training and education of all affected employees and persons associated with the provider, including executives, vendors and governing body members, on compliance issues, expectations and the operation of the compliance program; such training should occur at least annually and should be made a part of the orientation of new employees and governing body members;
- A communication process, such as a hotline, accessible to all employees, outside vendors, governing body members, patients or other users of the provider’s services, for the reporting of compliance issues; the lines of communication should allow for anonymous and good faith reporting of potential compliance issues as they are identified;
- Disciplinary policies and standards that are distributed to all employees, which are fairly, evenly and firmly applied, and encourage good faith participation in the compliance process, including policies that articulate expectations for reporting compliance issues and assist in their resolution and outline sanctions for:
a. failing to report suspected problems;
b. engaging in non-compliant behavior;
c. encouraging, directing, facilitating or permitting either actively or passively non-compliant behavior.
- A system for routine identification of compliance risk areas specific to the particular provider, for self-evaluation of such risks areas, including but not limited to, internal audits and as appropriate, external audits, and for evaluation of potential or actual non-compliance as a result of such self-evaluations and audits, credentialing of providers and persons associated with providers, reporting, governance and quality of care to beneficiaries.
- A system for responding to compliance issues as they are raised; for investigating potential compliance problems; responding to compliance problems as identified in the course of self-evaluations, external evaluations and audits, correcting such problems promptly and thoroughly and implementing procedures, policies and systems as necessary to reduce the potential for recurrence; identifying and reporting compliance issues to the Office of the State Comptroller, Medicaid Fraud Division; and refunding overpayments.
When and How to Self-Disclose Medicaid Waste, Fraud, and Abuse
The mission of the New Jersey Office of the State Comptroller - Medicaid Fraud Division (MFD) is to mitigate fraud, waste and abuse in the Medicaid program, resulting in cost effectiveness to New Jersey's taxpayers. As part of our multi-disciplinary approach to attaining these goals, we support providers who find problems within their own organizations, reveal (self-disclose) those issues to MFD and return inappropriate payments.
The Affordable Care Act of 2010 requires Medicaid providers to have a more proficient and time-sensitive process for identifying errors and overpayments received under the Medicaid program, and disclosing and repaying the Medicaid program for amounts received in error. Under the ACA, providers are obligated to report, explain and repay overpayments within 60 calendar days of identification. See 42 U.S.C. Sec. 1320a-7k(d)(2). Those that fail to disclose, explain and repay the overpayment in a timely manner may be subject to liability under the New Jersey and Federal False Claims Acts.
MFD recognizes that many improper payments are discovered during the course of a provider's internal review processes. While providers, who identify that they have received inappropriate payments from the Medicaid program, are obligated to return the overpayments, it is essential to develop and maintain a fair, reasonable process that will be mutually beneficial for both New Jersey and the provider involved. In order to encourage self-disclosure, MFD offers incentives for providers to investigate and report matters that involve possible fraud, waste, abuse or inappropriate payment of funds-whether intentional or unintentional-under the state's Medicaid program. By forming a partnership with providers through this self-disclosure approach, MFD's overall efforts to eliminate fraud, waste and abuse will be enhanced, while simultaneously offering providers a mechanism or method to reduce their legal and financial exposure.
MFD recognizes that situations which are subject to this guidance could vary significantly; therefore, this protocol is written in general terms to allow providers the flexibility to address the unique aspects of the matters disclosed.
Advantages of Self-Disclosure
Self-disclosing overpayments, in most circumstances, will result in a better outcome than if MFD staff discovers the matter independently. While the specific resolution of self-disclosures depends upon the individual merits of each case, MFD will extend the following benefits to providers who, in good-faith, participate in a self-disclosure:
- Avoidance of False Claims penalties if reported within 60 days of identification;
- Forgiveness or reduction of interest payments (for up to two years);
- Extended repayment terms;
- Waiver of penalties and/or sanctions;
- Timely resolution of the overpayment; and
Developing such a partnership with MFD during the self-disclosure process may also lead to more thorough understanding of MFD's audit and investigatory processes, benefitting the provider in the future.
When to Disclose
Section 1128J (d)(2) of the Social Security Act requires a provider to self-disclose an overpayment within 60 days of the overpayment being identified or the date any corresponding cost report is due, if applicable. Under subsection (3) of the statute, failure to report the overpayment in a timely manner, makes the claims comprising the overpayment subject to the penalties described in the False Claims Act.
Matters related to an on-going audit/investigation of the provider are not generally eligible for resolution under the self-disclosure protocol. Unrelated matters disclosed during an on-going audit may be eligible for processing under the self-disclosure protocol assuming the matter has received timely attention. If MFD is already auditing or investigating the provider, and the provider wishes to disclose an issue, in addition to submitting a disclosure under this protocol, the provider should bring the matter to the attention of the on-site audit staff. If another outside agency is auditing or investigating the provider, and the provider seeks to disclose an issue to MFD, the provider should follow this guidance accordingly. However, because of the variance in the nature, amount and frequency of overpayments that may occur over a wide spectrum of provider types, it is difficult to present a comprehensive set of criteria by which to judge whether disclosure is appropriate. Providers must determine whether the repayment warrants a self-disclosure or whether it would be better handled through administrative billing processes. Because of the complexity of some issues surrounding self-disclosures, providers may want to consider obtaining the advice of experienced healthcare legal counsel or consultants.
Each incident must be considered on an individual basis. Factors to consider include the exact issue, the amount involved, any patterns or trends that the problem may demonstrate within the provider's system, the period of non-compliance, the circumstances that led to the non-compliance problem, the organization's history and whether or not the organization has a corporate integrity agreement (CIA) in place.
Issues appropriate for disclosure may include, but are not limited to:
- Substantial routine errors;
- Systematic errors;
- Patterns of errors; and/or
- Potential violation of fraud and abuse laws.
MFD is not interested in fundamentally altering the day-to-day business processes of organizations for minor or insignificant matters. Consequently, the repayment of simple, more routine occurrences of overpayment should continue through typical methods of resolution, which may include voiding or adjusting the amounts of claims. Providers should be aware that MFD monitors both the number of occurrences and dollar amounts of voids and/or adjustments, as well as any patterns of voids and/or adjustments. MFD highly discourages providers from attempting to avoid the self-disclosure process when circumstances in fact warrant its use.
Once a provider determines disclosure is warranted, an initial report should be prepared which includes gathering the following information:
- The basis for the initial disclosure, including how it was discovered, the approximate time period covered and an assessment of the potential financial impact;
- The Medicaid program rules potentially implicated;
- Any corrective action taken to address the problem leading to the disclosure, the date the correction occurred and the process for monitoring the issue to prevent reoccurrence; and
- The name and telephone number(s) of the individual making the report on behalf of the provider. The individual may be a senior official within the organization or an outside consultant or counsel and should be in an appropriate position to speak for the organization.
Contact MFD with the above information by telephone or via formal letter to the Chief of Investigations, Medicaid Fraud Division, P.O. Box 025, Trenton, New Jersey 08625-0025. Providers may also use the printable version of MFD's self-disclosure form.
After this initial reporting phase, MFD will consult with the provider and determine the most appropriate way to proceed. MFD staff will discuss the next steps, which may include requesting additional information. Ultimately, the provider should be prepared to present the following:
- A summary of the identified underlying cause of the issue(s) involved and any corrective action taken;
- A CD containing an Excel file including a detailed list of claims paid that comprise the overpayments. Each claim should list the provider Medicaid ID number, client name and Medicaid ID, dates of service(s), rates or procedure codes and the amount(s) paid by Medicaid;
- The names of individuals involved in any suspected improper or illegal conduct and whether they are still employed by the provider, the names of the individuals who found the problem and the names of the individuals involved in rectifying the problem;
- The nature and extent of any investigation or audit conducted to identify and determine the amount of overpayment;
- An attestation of accuracy and completeness; and
- The name, correspondence address, email address and telephone number(s) of the individual making the report on behalf of the provider. The individual may be a senior official within the organization or an outside consultant or counsel and should be in an appropriate position to speak for the organization.
Assuming a provider completely cooperates and responds promptly to information requests, MFD expects that the vast majority of self-disclosures will be completed within six months of submission of this information.
MFD will consider the provider's involvement and level of cooperation throughout the disclosure process in determining the most appropriate resolution and the best mechanism to achieve that resolution. In the event that the provider and MFD cannot reach agreement on the amount of overpayments identified, or if a provider fails to cooperate in good faith with MFD to resolve the disclosure, MFD may pursue the matter through established audit or investigation processes, and any less stringent repayment and/or sanction terms may no longer apply. Upon review of the provider's disclosure and related information, MFD may conclude that the disclosed matter warrants referral to the New Jersey Attorney General's Medicaid Fraud Control Unit (MFCU). Alternatively, the provider may request the participation of a representative of the MFCU, U.S. Department of Health and Human Services, Office of Inspector General, the Department of Justice or a local United States Attorney's Office in settlement discussions in order to resolve potential liability under the False Claims Act or other laws.
Access to Information
Providers are expected to promptly comply with MFD requests to speak with relevant individuals and provide documents and information materially related to the disclosure. MFD also expects the provider to execute and provide business record affidavits whenever requested, in a form acceptable to MFD.
MFD is committed to working with providers in a cooperative manner to obtain relevant facts and evidence without interfering with the attorney-client privilege or work-product protection. Discussions with the provider's counsel will explore ways to gain access to factual or other non-protected information pertinent to the case without the need to waive the protection provided by an appropriately asserted claim of attorney-client privilege or attorney work product. Assuming the provider acts in good-faith, the mere fact that the provider and MFD are unable to agree on an amount and resolve the disclosure will not automatically preclude favorable repayment terms, particularly related to the portion of the matter to which the provider and MFD are able to agree.
All provider self-disclosures are subject to a thorough MFD review to determine whether the amount identified is accurate. MFD will not accept any payment for self-disclosures prior to reviewing the provider's submission and confirming the accurate amount of the overpayment.
Following the review, MFD staff will establish a repayment amount and schedule and explore the need to pursue any further administrative action. MFD's determination will be based on several factors, including the nature of the problem, the effectiveness of the provider's compliance program, the dollar amounts involved, the time period, thoroughness and timing of the provider's disclosure, any potential harm to the health and safety of Medicaid recipients and the provider's efforts to prevent the problem from recurring.
Once a repayment amount has been established, assuming full repayment has not previously been made, MFD expects the provider to reimburse the State of New Jersey for the overpayment with a check for the full amount or enter into a repayment agreement. MFD will work with providers to establish repayment terms, which may include some forgiveness of interest and/or extended repayment. Providers interested in extended repayment terms will be required to submit audited financial statements, if available, and/or other documentation to assist MFD in making that determination.
MFD will assess a provider's culpability and good-faith efforts in reaching the disposition of a self-disclosure. Cooperation will be measured by the extent to which a provider discloses relevant facts and evidence, not its waiver of the attorney-client privilege or work product protection. A lack of information may make it difficult for MFD to determine the nature and extent of the conduct which caused the improper payment. The self-disclosure process will conclude with a letter indicating that the matter has been resolved or through a signed agreement memorializing the settlement terms.
A disqualified provider is a person or an organization that has been excluded from participation in Federal or State funded health care programs, including but not limited to Medicare or Medicaid. Any products or services that a disqualified provider furnishes, orders or prescribes are not eligible for payment under those programs. This payment prohibition extends to anyone who employs or contracts with the disqualified provider, as well as to any facility where the disqualified provider delivers services that might otherwise be reimbursable.
The links on this page will help providers determine whether the individuals they employ or contract with are excluded from the New Jersey Medicaid program. In addition, they provide information on individuals holding professional licenses in the State of New Jersey.
State of New Jersey Debarment List
The State of New Jersey Medicaid Fraud Division is responsible for the oversight and maintenance of the NJ Debarment List (medical code). All updates will be done at the end of each month. If you are responsible for verifying a provider, please refer to the list below. If you find a potential match, of a prospective employee, please complete the Exclusions Verification Form and return via email to: MFDVerifyMailbox@osc.nj.gov. Any additional inquiries regarding an Exclusionary Action can also be made via the verify mailbox.
View the State of New Jersey Medicaid Fraud Division Debarment List
Applying for Reinstatement to the NJ Medicaid Program
If you are on the State of New Jersey Debarment list and wish to be considered for reinstatement to the New Jersey Medicaid program, please follow the instructions below.
Please note, reinstatement to the Medicaid program is not automatic, you must make a formal application following the period of your debarment by writing to Chief, Office of Legal and Regulatory Liaison, Division of Medical Assistance and Health Services (DMAHS), P.O. Box 712, Mail Code #3, Trenton, New Jersey 08625-0712 or by fax at 609-588-2435. You will be notified in writing of DMAHS' decision regarding your application. For further questions, please contact the Office of Legal and Regulatory Affairs at 609-588-2655.
Links for OIG Verification and Neighboring States
- Federally Disqualified Providers
- State of Pennsylvania
- State of New York
Third Party Liability
Under federal law, if a Medicaid recipient has other insurance coverage, Medicaid is responsible for paying the medical benefits only in cases where the other coverage has been exhausted or does not cover the service at issue. Thus, a significant amount of the state’s Medicaid recoveries are the result of MFD’s efforts to obtain payments from third-party insurers responsible for services that were inappropriately paid with Medicaid funds. MFD’s Third Party Liability group, working with an outside vendor, seeks to determine whether Medicaid recipients have other insurance and recovers money from private or other government health insurers in cases where Medicaid has paid claims for which the private insurer was responsible. In addition, the Third Party Liability group also manages a daily hotline for the public and providers to call and update third-party commercial insurance information for Medicaid recipients.
What is TPL?
TPL stands for Third Party Liability. Federal regulations and applicable State laws require that third party resources, such as private insurance, are used before Medicaid, which reduces the program’s expenditures and saves the State money.
Why is TPL important?
The Federal and State laws, which mandate that third party insurance must pay claims before Medicaid, ensure that Medicaid is the payer of last resort and is not making payments when there may be other insurance coverage in place that should be paying such claims.
TPL ensures that per Federal and State Medicaid guidelines, Medicaid is the payer of last resort.
What happens if my private insurance terminates or changes?
By signing up for Medicaid, or NJ FamilyCare, you agreed in the application to provide updates on any changes to your private health insurance coverage. If your private health insurance coverage changes or terminates, please call the Medicaid TPL Hotline at 609-826-4702. This helps Medicaid accurately process your doctor’s claims.
My doctor or servicing provider told me that my claim was not paid because I have other health insurance. What do I do?
Make sure that your doctor’s office has your most recent up to date private or other government-provided (e.g. Medicare) health insurance information. Additionally, your doctor or other servicing provider must bill your private health insurance company or other government-provided insurance program before they bill Medicaid. They must include your other health insurance carrier’s payment on the claims that they send to Medicaid. If you no longer have private health insurance, or there was a change to the insurance, please call the Medicaid TPL Hotline at 609-826-4702.
Provider Education and Trainings
As part of its educational outreach program, MFD presented provider training for high-risk providers, including home health care providers and pharmacy owners and staff. These educational outreach efforts are generally staged in coordination with the MFCU, the Division of Medical Assistance and Health Services, and the MCOs that participate in the New Jersey Medicaid market to help attendees identify and protect against fraud, waste and abuse within the Medicaid program. Speakers emphasize the importance of properly documenting claims and explain what preventative measures these providers should implement to proactively prevent Medicaid fraud, waste and abuse.
Please email the Provider Education Committee at Provideremail@example.com
To request a speaker, please email Providerfirstname.lastname@example.org
Section 6032 Information
Section 6032 of the Federal Deficit Reduction Act of 2005 requires entities that received or made payments of $5 million or more (aggregate) in Title XIX funds during the previous federal fiscal year (October 1 – September 30) to assist in preventing, detecting and addressing fraud, waste and abuse in federal health care programs by taking certain actions, including:
- Establishing written policies for employees, contractors and agents that provide detailed information about federal and state false claims statutes and penalties, and whistleblower protections.
- Educating employees, contractors and agents on the policies and procedures for detecting and preventing fraud, waste and abuse.
- Providing information in the employee handbook, if one exists, about federal and state false claims statutes, penalties and whistleblower protections.
Although the New Jersey Medicaid Program identifies and sends notices to entities in January each year, ultimately, it is the responsibility of each entity to determine whether it meets the $5 million threshold and, thus, must submit a completed Certification, regardless of whether such entity is identified by the New Jersey Medicaid Program. Entities that received aggregated payments at or above $5 million threshold are required complete and return a Section 6032 Certification Form, annually. Selected entities will be asked to submit documentation to substantiate their responses. All entities should be prepared to send documentation upon request. Completed forms should be emailed to Section6032@osc.nj.gov.
Compliance with Section 6032 is a condition of participation in all Title XIX programs. Failure to comply could result in termination of your organization’s provider agreement with the Medicaid program and/or other sanctions.
- Current Certification Form
- Current Certification Memo (click here for general; click here for documentation required)
- Current Documentation Submission Requirements
- Frequently Asked Questions (FAQ) about the Federal Deficit Reduction Act of 2005, developed by the Federal Government
The COVID-19 Compliance and Oversight Project provides technical assistance, resources, and training to state and local government units who received federal COVID-19 funds. Those resources are available here.
To sign up for COVID-19 compliance updates, send an email to COVID.Oversight@osc.nj.gov.
Executive Order No. 125 requires that specified information concerning the allocation and expenditure of federal disaster relief funds be posted on an appropriate State website. To that end, the Sandy Transparency Portal was created to provide public access to all State contracts for the allocation and expenditure of federal disaster relief funds, including contract vendor information. In addition, the portal will list the available federal funding streams and funding criteria and will track the federal funding allotment of disaster relief funds in New Jersey.
OSC reported on New Jersey's 15 Medicaid-funded nursing homes that receive the lowest possible rating of one star. Explore the data.
OSC surveyed 60 New Jersey towns to see if they are complying with State laws on payments for unused sick and vacation days. See what we found.
Waste or Abuse
Waste or Abuse