Medicaid compliance, operated

Run your 521 program without running it yourself.

Software plus a curated network of independent compliance professionals that operates your 18 NYCRR Subpart 521-1 program end to end — for every New York Medicaid provider above $1M.
Join the waitlist See how it works
NY providers in scope 5,000+
Penalty you're avoiding $60K/yr+
Price starting at $99/mo
01 /

The rule is real. Most providers aren't ready.

18 NYCRR Subpart 521-1 requires every New York Medicaid provider meeting a size or category threshold to adopt, implement, and operate a formal compliance program. Seven elements, quarterly committee meetings, monthly exclusion screening, an anonymous hotline, annual certification, and ongoing evidence that the program is actually running.

Hospitals and health systems have in-house compliance departments to satisfy this. A $3M pharmacy or a $5M ambulette company does not. The owner becomes the de facto Compliance Officer — a structural conflict OMIG explicitly disfavors and actively enforces against.

The gap between what's required and what's in place at small-to-mid operators is the problem part521 solves.

Who the rule applies to

Required Providers · two tests

Test 1 · By category
Automatic, regardless of revenue
Hospitals, nursing homes, home care (LHCSA, CHHA), Article 16 / 31 providers, MMCOs, MLTCs, residential treatment, family care homes. In scope on day one.
Test 2 · By revenue
$1M+ from Medicaid in 12 months
Any enrolled provider claiming or receiving $1M+ directly or indirectly — pharmacies, dental, DME, PT/OT, optometry, behavioral health, NEMT, specialty clinics. Indirect MMCO receipts count.
Penalties for non-compliance: up to $5,000/month for a first violation (rising to $10,000/month on repeat), recoupment of Medicaid payments during the non-compliance period, termination of enrollment, and exclusion from Medicaid. OMIG has been actively conducting Compliance Program Reviews since March 2023.
02 /

Two integrated sides. One platform.

part521 isn't another piece of generic healthcare compliance software. It's purpose-built for New York Medicaid providers in the segment between "too small to staff in-house compliance" and "too big to ignore the rule."

01 · Platform

part521 runs your program

A complete compliance program, generated from your intake and kept running month after month without you having to chase it.

  • Tailored written program and Code of Conduct
  • Monthly exclusion screening (LEIE, SAM, NY)
  • Training library and completion tracking
  • Anonymous hotline, white-labeled to you
  • Quarterly meeting calendar, agendas, minutes
  • Annual effectiveness review and ETIN prompt
  • Audit-ready document repository
02 · Network

Independent professionals serve on your committee

A curated network of vetted New York healthcare compliance attorneys and credentialed compliance professionals. You browse, interview, and engage directly. They serve as the independent voice on your Compliance Committee.

  • Vetted for credentials, experience, and E&O coverage
  • Matched to your vertical, geography, and language
  • Engage on your terms — you contract directly
  • Satisfies OMIG's independence expectations
  • Retaliation reports route to them, not to you
  • Signs your annual effectiveness attestation
One product on the screen. Two relationships under the hood. You see profiles, message, schedule meetings, and track attestations — all inside part521.
03 /

From signup to a running program in under 30 days.

Compliance programs have a reputation for being slow and expensive to stand up. We've rebuilt the process end to end. Most customers are generating and adopting their program within their first week.

1

Intake

A 30-minute guided interview captures your entity structure, service categories, staffing, existing documents, and known risk areas.

Week 1 · Days 1–3
2

Program generated

Your complete 521-1 program — all seven elements, vertical-specific risks, Code of Conduct — is produced for review. You adopt via signed resolution.

Week 1 · Days 4–7
3

OM matched

If you want an Outside Member, you browse matched profiles, interview one, and engage directly. They join your Compliance Committee.

Weeks 2–3
4

Program runs

Monthly screening, training pushed, hotline live, first quarterly meeting scheduled. Everything tracked automatically from day one.

Month 2 onward
04 /

Priced to work for the operators who need it most.

Three simple tiers. Pay monthly, cancel anytime after year one. The Outside Member relationship is separate — you pay the professional directly on their own terms; part521 doesn't mark up their work.

Tier 1
Core
$99/mo
For providers $1M–$3M · under 50 employees · single location
  • Program generation, tailored to your vertical
  • Monthly exclusion screening
  • Anonymous hotline, white-labeled
  • Core training library
  • Cadence, reminders, audit artifact repository
  • Customer portal
One-time onboarding · $500
Tier 2
Plus
$199/mo
For providers $3M–$10M · 50–150 employees
  • Everything in Core, plus:
  • Expanded + role-specific training modules
  • Priority email support
  • Concierge matching to the OM Network
  • Quarterly Committee meeting tooling
  • Guided annual effectiveness review
One-time onboarding · $1,500
Tier 3
Premium
$399/mo
For providers $10M+ · multi-location · 150+ employees
  • Everything in Plus, plus:
  • Multi-location and multi-entity support
  • Custom content overlays for your risk profile
  • Advanced reporting and analytics
  • Named customer success contact
  • Priority OM matching and audit-response backup
One-time onboarding · $3,000
+ OM Network
Optional but recommended. Engage an independent Outside Compliance Member directly through part521. You pay the professional on their terms (typically a monthly retainer); part521 is never a party to that engagement.
Paid directly to the professional
05 /

Questions we hear all the time.

How do I know if I'm actually required to have one of these programs?

Two tests. Either one triggers the obligation. (1) You're in one of the listed service categories — hospitals, nursing homes, home care, Article 16/31, MMCOs, MLTCs, residential treatment, or family care — regardless of your revenue. (2) You're a Medicaid-enrolled provider of any kind and you claimed or received $1 million or more from Medicaid, directly or indirectly, in any consecutive 12-month period. Indirect receipts through managed care plans count toward the threshold. If you're not sure, that's the first question we help you answer during intake.

I already have a compliance program from 2015. Isn't that enough?

Probably not. The 2022 revision of Subpart 521-1 materially expanded requirements, and OMIG's enforcement guidance has tightened alongside it. An older program usually lacks the updated seven-element structure, current risk areas, the Outside Member independence requirement, and the documentation trail that survives an OMIG Compliance Program Review. We start most customers from a fresh generation based on the current rule.

Does part521 replace my lawyer?

No. We're not a law firm and we don't give legal advice. We generate your compliance program, operate the running of it, and connect you to independent professionals through our Network — but for legal matters (investigations, enforcement defense, self-disclosure filings, complex regulatory questions) you work with an attorney, often the one you meet through our Network or your existing counsel.

Do I have to use the Outside Member Network?

No. You can designate an internal Compliance Officer, bring your own Outside Member, or use ours. The platform works either way. That said, OMIG strongly prefers reporting independence — the Compliance Officer shouldn't report to the person whose conduct they might need to investigate. For most small operators, engaging a part521 Network OM is the most credible and economical way to satisfy that expectation.

When are you launching?

We're currently onboarding our design partner and finalizing the founding OM cohort. We expect to begin taking paying customers in the second half of 2026, starting with NEMT and home care verticals and expanding from there. Waitlist members get first access and founding-customer pricing.

What happens if I'm already in an OMIG audit or review?

Let us know on the waitlist form and we'll reach out directly. Active OMIG engagement changes the picture — we can't promise to fix a situation that's already in progress, but we can help you understand where you stand and put a real program in place going forward. Most importantly, a program adopted today with honest acknowledgment of prior gaps is far better than an absent program tomorrow.

06 /

Get on the list. Get ahead of the audit.

Waitlist members are the first conversations we have. You'll get direct email from Gil, early access when we open the door, and founding-customer pricing locked in through the first year.

We respond to every signup. If you're in an active OMIG matter or facing a specific compliance question right now, tell us in the notes — we'll make sure the right person reaches out.

  • First access when we open to paying customers
  • Founding-customer pricing held through year one
  • Direct conversation with the founder, not a sales rep
  • No obligation — it's a list, not a contract

Join the waitlist

Takes about a minute. We read every one.