1 / 41

Other Important Compliance Issues June 2015

This article discusses defined contribution strategies, same-sex marriage and domestic partner issues, agency plan document strategies, and HIPAA privacy and security. It also explores the concept of defined contribution, section 125 cafeteria plans, and employer payment of individual health insurance premiums. Additionally, it touches on the risks employers face and the impact of same-sex marriage on benefits.

btara
Download Presentation

Other Important Compliance Issues June 2015

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Other Important Compliance IssuesJune 2015

  2. Agenda • Defined Contribution Strategies & Individual Insurance • Same-sex Marriage and Domestic Partner Issues • Agency Plan Document Strategies • HIPAA Privacy and Security

  3. Guarantee Availability vsGuarantee Renewable Rules

  4. Defined Contribution and Individual Insurance • What is Defined Contribution Anyway? • Section 125 Cafeteria Plans first introduced in 1978 • Allowed employer to offer a menu of benefits • Employers could set up flat amount of employer credits to be used across allowable benefit choices • Multiple health plans offered with a fixed contribution • Many large employers have offered a choice of plans with the employer contribution pegged to a specific amount Q. What is different about today’s “defined contribution” arrangements? A. Not Much!

  5. Defined Contribution and Individual Insurance • “New” Models Today • Private exchanges with various health plan options • New technology • Better manage employee choices • Provide decision support • Include broader range of benefit options • Same tax rules still apply • New defined contributions strategies don’t change the Section 125 rules or what benefits can be provided tax free • New rules regarding individual health insurance

  6. Defined Contribution and Individual Insurance • Employer Payment of Individual Health Insurance • Prior to the ACA • Section 125 allowed employees to pay for individual health insurance pre-tax though a cafeteria plan • Some employers also funded the purchase of individual health insurance tax free though an HRA • Also called Premium reimbursement plans, 106 plans, and lot of other names – but to the IRS they are all the same • Employer offering of individual health insurance was always problematic • Was considered an employer sponsored plan even though it was individual health insurance polices • Difficulty complying with various rules including COBRA, HIPAA Title I, ERISA, etc.

  7. Defined Contribution and Individual Insurance • Employer Payment of Individual Health Insurance • New Rules • The DOL, IRS, & HHS have previously released guidance limiting the employer’s ability to pay for individual health insurance premiums for employees, but prior guidance was somewhat unclear and left room for some alternative interpretations. • New guidance effectively puts an end to that practice • Payment of individual health insurance premiums by an employer constitutes a group health plan and a group health plan made up of individual health insurance policies violates a number of ACA related provisions. • There is also no way for the employer to provide a method to pay for the individual health insurance polices tax free

  8. Defined Contribution and Individual Insurance • Employer Risk - The Zane Benefits Model • Zane provides a “guarantee” for any fine or penalties • Limited to what the employer paid Zane for their services over the previous 12 months and does not cover any tax liability • Excise tax for violating ACA market reform rules is up to $100 per day per participant • For an employer with 30 employees. The potential maximum excise tax for one year would be $1,095,000.00 [(30*$100)* 365] • Even though the IRS is not likely to impose the maximum penalty, the statue contains a minimum penalty of $15,000 for violations that are not de minimis. • Employer will have to pay late payroll taxes, fines and interest. • The employer would also have to give new W-2s to all their employees showing additional income, and the employee would have to file amended tax returns and pay their own back taxes, penalties and interest to the IRS.

  9. Same Sex Marriage and Domestic Partners

  10. Background • Some Terms and Definitions • Domestic Partner or Civil Union • Can refer to either same-sex or opposite sex unmarried partners • Many states have some domestic partner or civil union recognition for (both/either) same-sex and opposite sex partners • Common law marriage • 10 states and Wash. DC recognize some form of opposite sex “common law” marriages with various requirements • Alabama, Colorado, Iowa, Kansas, Montana, New Hampshire, Rhode Island, South Carolina, Texas, Utah, Wash. D.C.

  11. State Laws -are (no pun intended) all over the map • State law resource - National Conference of State Legislatures (NCSL) - http://www.ncsl.org/research/human-services/same-sex-marriage-laws.aspx

  12. Questions • Let’s Answer Some of the Big Questions… • Does Windsor require that all states recognize same-sex marriages legal in another state? • No • Does the decision require employers to provide benefits to same-sex spouses? • No (for plans subject to ERISA) • However the answer is more complicated for fully insured plans issued in states that recognize same-sex marriage, and for plans not subject to ERISA (more later) • Does Windsor create a federal “protected class” for discriminatory purposes • No

  13. Questions • Let’s Answer Some of the Big Questions… • IRS has ruled that the state or country of marriage (not current state of residence) will determine federal recognition of the marriage • Federal benefits and tax status will be determined by “state of union” but state tax and other laws will still apply based on state of residence • Large employers had argued for this approach since having status change when someone moves form state to state would create an administrative nightmare

  14. ERISA and State Laws • Bottom Line • For self-funded ERISA plans there is no change in spouse coverage requirements due to Windsor • Non-ERISA plans will need to consider applicable state laws • This was already the case before Windsor • Fully insured plans issued in states that recognize same-sex marriage may be required to offer coverage to same-sex spouses • This was already the case before Windsor

  15. Impact on Benefits • Federal Tax Treatment of Health Coverage • Employees married in state that recognizes same-sex marriage will be treated as married for federal tax purposes regardless of where they live • State Tax Treatment of Health Coverage • In general, states that recognize same-sex marriage apply same tax rules to same-sex couples as opposite sex couples • Interestingly, some states that do not recognize same-sex marriage default to federal definition of spouse for state tax purposes • Likely to see state tax law changes

  16. Impact on Benefits • Benefits • Legally married same sex couple treated as any other married couple for following Federal rules • COBRA • HIPAA Special Enrollments • Health Savings Accounts (HSA) • §125 Cafeteria Plans • ACA Subsidies

  17. Next Steps • Issues for Employers • Review plan documents and current eligibility rules • Some plans determine spouse eligibility based on federal tax status – would require employer to offer coverage to same-sex spouses recognized by federal law • Review COBRA & HIPAA special enrollment policies • Employee communications • Communicate exactly what election changes will be allowed • What kind of “proof of marriage” will be required? • What documentation is required of opposite sex couples now? • Monitor legislative and executive order developments

  18. Plan Document Issues and Strategy

  19. Plan Documents • Fundamental ERISA Rule: Plan Document Requirement • Every plan needs a document • ERISA does not dictate the specific contents of the plan document • ERISA does not require any particular format for a plan document but does for an SPD (more later!) • Employer misunderstanding #1 • The insurance contract the employer receives from the carrier is not a plan document!

  20. Plan Documents • Plan Documents (cont.) • How many plan documents are required? • Employers have tremendous flexibility in how they structure benefit plans • Bundling benefits in one or more ERISA plans • An employer may also treat each type of benefit as a separate plan (e.g., medical, dental, health FSA, DCAP). • §125 cafeteria plans have a separate plan document requirements • IRS §125 regulations require a separate Section 125 plan document. This is often confused with the SPD rules. • Document debate #2 • Q. Can one document be both ERISA and §125 plan document • A. Maybe!

  21. Plan Documents • Summary Plan Description (SPD) • The SPD • ERISA requires virtually every employee benefit plan to have a summary plan description (SPD) • The plan must furnish copies to certain individuals • DOL regulations also require SPDs to contain certain information • SPD Requirement Applies to Most Plans • No small plan exemption - Employers often confuse the 100 participant rule that applies to 5500s with SPDs. There is no “exemption” for small employers from SPD rules • Employer misunderstanding #2 • The certificate that the employee receives from the insurance company is (usually) not an SPD

  22. Agency Plan Document Strategies • Hire Out Plan Document Drafting • Costs range from $1500 - $10,000+ per employer • Use a Low Cost Template Approach

  23. HIPAA Privacy and Security

  24. HIPAA Background • HIPAA applies to all “Covered Entities” • Health Care Providers • HMOs, Insurance Companies • Employer sponsored health plans • Medical • Dental • Prescription drug plans • Vision • HFSA • EAP • HRA • Plans not subject to HIPAA • HSA, life insurance, disability & workers compensation

  25. Employers and HIPAA • Fully Insured Plans • Both the employer health plan and the insurance carrier are HIPAA Covered Entities • No BA Agreement needed between employer and carrier • Self-Funded Employer Plans • Employer sponsored self-funded health plans are always HIPAA Covered Entities • Includes Section 125 Health FSAs and HRAs • Employer cannot avoid HIPAA requirements simply by telling TPA not to share PHI with employer • TPA is a Business Associate not a Covered Entity

  26. Employers and HIPAA • Fully Insured Plans • “Level 1” Fully Insured Plans • Access only “Summary Health Information” & Enrollment Data • Summary Health Information is health plan information which contains no individually identifiable information • Limited compliance obligations • “Level 2” Fully Insured Plans • Have access to individually identifiable information • Must certify HIPAA compliance to carrier before carrier can release individually identifiable information • Subject to same requirements as self-funded plans

  27. Business Associates • Business Associates (BA) • Perform a function on behalf of the covered entity involving the use of PHI • CE must enter into a Business Associate Agreement (BAA) with all Business Associates before allowing them to have access to PHI • Examples of Business Associates • Third Party Administers (TPAs) for self-funded health plans • Insurance agents and brokers • Wellness vendor • Law firm (maybe) • IT consulting firm with access to systems containing PHI

  28. Employers & HIPAA Business Associate Agreement THE EMPLOYER/PLAN SPONSOR IS NOT A COVERED ENTITY – THE PLANS ARE FSA Administrator Business Associate Health FSA Business Associate Agreement COVERED ENTITIES Self-funded Health Plan Fully Insured Dental Plan Insurance Company Covered Entity TPA Business Associate Business Associate Agreement

  29. Enforcement • HITECH increases enforcement of HIPAA • HHS required to conduct periodic compliance audits • Penalties collected with be used to finance additional enforcement • Beginning on 2012 a % of penalty collected will be paid to harmed individuals • Significant increase in potential penalties • State Attorney General has option to pursue prosecution of HIPAA violations

  30. HIPAA PRIVACY & SECURITY PENALTIES

  31. So What Does an Employer Really Need to Do? • Establish written HIPAA policies and procedures • Privacy policies on appropriate use and disclosure, limited access, physical safeguards, etc. • Security policies on securing data, access rights, etc. • Polices on dealing with a HIPAA breach • Sanctions for employees who violate HIPAA policies • Designate privacy and security officials • Create/update plan documents, notice of privacy practices, business associate agreements, etc. • Conduct security risk assessment • Provide HIPAA training for employees who handle PHI

  32. HIPAA Privacy Policies

  33. HIPAA Security Rules • Security Standards and Implementation Specifications • The Security Rule contains 22 standards that must be addressed • Administrative Safeguards • Physical Safeguards • Technical Safeguards • Organizational, Policies and Procedures and Documentation Requirements • Security measures are appropriate and reasonable • Considerations - Size, complexity, mission, purposes of EPHI created, maintained, sent and received…..

  34. Security Compliance Road Map • Health Plan Security Compliance Steps • Perform risk analysis • Assign a security official • Amend Business Associate Agreements • Implement reasonable steps and develop policies and procedures to address HIPAA security standards • Train appropriate staff

  35. Breach Notification • HITECH Breach Notification Requirements • Effective September 23th, 2009 • If there has been a “breach of HIPAA PHI” • Notification to individuals • Without unreasonable delay and in no case later than 60 calendar days • Notification to the HHS • 500+ individuals employer to notify HHS immediately • Less than 500 individual employers maintain a log and annually submit to HHS • Notification to the media • Breach of more than 500 residents of a State

  36. Health Plan ID Number • Self-funded Employers Must Get an HPID • HIPAA requires Covered Entities (CE) to follow specific standards for certain electronic transactions • Most self-funded health plans must obtain a Health Plan ID Number (HPID) from CMS • Nov. 5th, 2014 for large health plans ($5 million in claims) • Nov. 5th, 2015 for small health plans • 2015 Certification • Self-funded health plans will then need to provide a certification to CMS that the plan is correctly processing certain electronic transactions by 12/31/2015

  37. Summary • Establish written HIPAA policies and procedures • Privacy policies on appropriate use and disclosure, limited access, physical safeguards, etc. • Security policies on securing data, access rights, etc. • Polices on dealing with a HIPAA breach • Sanctions for employees who violate HIPAA policies • Designate privacy and security officials • Create/update plan documents, notice of privacy practices, business associate agreements, etc. • Conduct security risk assessment • Provide HIPAA training for employees who handle PHI

  38. Agency HIPAA Strategies • Hire Out Policy and Procedure Development Consulting • Costs range from $5000 - $10,000+ per employer • Use a Lower Cost Template Approach

More Related