NEW VIDEO: The HITECH Act and HIPAA

With the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act, it has caused a number of issues for employers. It is crucial for employers to stay in legal compliance to avoid audits, and the substantial penalties that come with HIPAA violations.

This video discusses the HITECH Act and HIPAA, and their possible effects on employers.

Our lawyers at Fraser Trebilcock also devote substantial amounts of time to advising clients of legislative and regulatory changes in the employee benefits area, and frequently write and lecture on employee benefits topics. Click HERE to sign up to receive updates and alerts on matters related to Employee Benefits Law.


business-legal-checklist

Business Legal Compliance Checklist

A critical overview of laws and regulations governing businesses of all sizes.

Download the Checklist

President Trump Signs Executive Order on Health Care; HHS Announces CSR Payments to be Discontinued Immediately

President Donald Trump
Photo of President Trump’s news conference, courtesy of the White House.

Yesterday, October 12, 2017, President Trump issued an Executive Order entitled “Promoting Healthcare Choice and Competition Across the United States” (the “Order”). Also on October 12, 2017, the Department of Health and Human Services released a statement that the cost-sharing reduction payments authorized by section 1401 of the Patient Protection and Affordable Care Act (“subsidies”) will be discontinued immediately (the “HHS Statement”).

Executive Order

The Order articles a “policy of the executive branch, to the extent consistent with law, to facilitate the purchase of insurance across State lines and the development and operation of a healthcare system that provides high-quality care at affordable prices for American people.” To meet this policy goal, President Trump announced that his administration will prioritize three areas of law in the new future: (1) Association Health Plans (“AHPs”); (2) Short-term, Limited-Duration Insurance (STLDI); and (3) Health Reimbursement Arrangements (“HRAs”).

To the extent consistent with law, the Order relevantly announces that government rules and guidelines should expand the availability of and access to PPACA insurance alternatives, including AHPs, STLDI, and HRAs. To effectuate this goal, the Order relevantly indicates:

“Sec. 2. Expanded Access to Association Health Plans. Within 60 days of the date of this order, the Secretary of Labor shall consider proposing regulations or revising guidance, consistent with law, to expand access to health coverage by allowing more employers to form AHPs. To the extent permitted by law and supported by sound policy, the Secretary should consider expanding the conditions that satisfy the commonality of-interest requirements under current Department of Labor advisory opinions interpreting the definition of an “employer” under section 3(5) of the Employee Retirement Income Security Act of 1974. The Secretary of Labor should also consider ways to promote AHP formation on the basis of common geography or industry.”

“Sec. 3. Expanded Availability of Short-Term, Limited Duration Insurance. Within 60 days of the date of this order, the Secretaries of the Treasury, Labor, and Health and Human Services shall consider proposing regulations or revising guidance, consistent with law, to expand the availability of STLDI. To the extent permitted by law and supported by sound policy, the Secretaries should consider allowing such insurance to cover longer periods and be renewed by the consumer.”

“Sec. 4. Expanded Availability and Permitted Use of Health Reimbursement Arrangements. Within 120 days of the date of this order, the Secretaries of the Treasury, Labor, and Health and Human Services shall consider proposing regulations or revising guidance, to the extent permitted by law and supported by sound policy, to increase the usability of HRAs, to expand employers’ ability to offer HRAs to their employees, and to allow HRAs to be used in conjunction with nongroup coverage.”

At this point is time, no changes to the law have occurred; this Executive Order merely indicates the President’s intent to make changes to the current regulatory structure in the near future. A copy of the Order is available at: www.whitehouse.gov/the-press-office/2017/10/12/presidential-executive-order-promoting-healthcare-choice-and-competition

HHS Statement

The HHS Statement indicates that its decision to immediately discontinue subsidies is based on a legal opinion issued by the Attorney General. A copy of the HHS Statement and the Attorney General opinion letter are available at: www.hhs.gov/about/news/2017/10/12/trump-administration-takes-action-abide-law-constitution-discontinue-csr-payments.html

We will keep you apprised of future developments in this regard.


Elizabeth H. Latchana, Attorney Fraser TrebilcockElizabeth H. Latchana specializes in employee health and welfare benefits. Recognized for her outstanding legal work, in both 2018 and 2015, Beth was selected as “Lawyer of the Year” in Lansing for Employee Benefits (ERISA) Law by Best Lawyers, and in 2017 as one of the Top 30 “Women in the Law” by Michigan Lawyers Weekly. Contact her for more information on this reminder or other matters at 517.377.0826 or elatchana@fraserlawfirm.com.

Click HERE to sign up to receive email updates and alerts on matters related to Employee Benefits.

Employer-Sponsored Plans Take Note: The Legislative Process to Amend, Repeal, and Replace Aspects of the Patient Protection and Affordable Care Act has Begun

FB - FinalTree

Employer-plan sponsors need to be ready to act as changes to the landscape of the Patient Protection and Affordable Care Act (“PPACA”) as applied to employer-sponsored group health plans are looming on the horizon.

On January 20, 2017, President Trump signed Executive Order 13765 titled “Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal” (the “Executive Order”).  The Executive Order indicates a clear intent to repeal the PPACA in the future and in the meantime urges federal government agencies to take legally permissible leniencies in enforcing certain aspects of the PPACA: “To the maximum extent permitted by law, . . . [executive departments and agencies] . . . shall exercise all authority and discretion available to them to waive, defer, grant exemptions from, or delay the implementation of any provision or requirement of the Act that would impose a fiscal burden on any State or a cost, fee, tax, penalty, or regulatory burden on individuals, families, healthcare providers, health insurers, patients, recipients of healthcare services, purchasers of health insurance, or makers of medical devices, products, or medications.”  A copy of the Executive Order is available at: https://www.gpo.gov/fdsys/pkg/FR-2017-01-24/pdf/2017-01799.pdf

While the Executive Order serves as a general mission statement for the new administration, it does not provide an instantaneous change to the PPACA (the President cannot, by unilateral action, repeal final regulations).   Furthermore, while the Executive Order provides a clear overall goal, it does not include details regarding how this goal will be achieved.  Moreover, the Executive Order does not specifically mention any relief for employers or plan sponsors, nor does it discuss if and how any PPACA provisions regulating employers and employer-sponsored plans are expected to be impacted.  Since the release of the Executive Order, all eyes in the benefits community have been on the status of the PPACA.

In the wake of the Executive Order, in February 2017, the IRS became the first agency to follow the Executive Order’s directive to start unwinding certain provisions of the PPACA.  Specifically, the IRS released a statement indicating that individual tax returns will not be automatically rejected during processing merely because the taxpayer fails to indicate his or her health coverage status.  This IRS statement appears to have loosened the IRS’ enforcement of the individual shared responsibility mandate.  The IRS’ statement related to the individual shared responsibility mandate can be found at: https://www.irs.gov/affordable-care-act/individuals-and-families/individual-shared-responsibility-provision

It is important to note that the IRS statement did not indicate that the IRS would waive penalties for individuals who fail to maintain compliant health insurance coverage: “However, legislative provisions of the ACA are still in force until changed by Congress, and taxpayers remain required to follow the law and pay what they may owe.”   And, again, the IRS statement does not address anything about its enforcement of the employer shared responsibility mandate or other PPACA provisions regulating employer-sponsored plans.  Thus, the Executive Order and IRS statement have left the employee benefits community uncertain as to how the new administration intends to address the PPACA as it relates to employer-sponsored plans.

Yesterday, however, the House Republicans addressed this looming issue.  On March 6, 2017, the House Ways and Means Committee and the House Energy and Commerce Committee each released proposed legislation to repeal and replace certain aspects of the PPACA, entitled the American Health Care Act (the “Proposed Legislation”).  The Proposed Legislation provides insight into how the landscape of the PPACA may be altered with respect to employer-sponsored plans.

If enacted as drafted, the Proposed Legislation, as summarized, would dismantle certain taxes imposed under the PPACA, eliminate both the individual and employer shared responsibility mandate penalties, while keeping other portions of the PPACA in place, such as prohibiting pre-existing condition exclusions from coverage and allowing dependents to continue coverage under their parents’ health plans until the age of 26.

Other provisions of the Proposed Legislation establish a patient and state stability fund to provide states financial assistance to design programs aimed at each state’s own population and needs for affordable health care, transition Medicaid to a “per capita allotment,” increase the contribution maximums for health savings accounts (HSAs), repeal the tax on over the counter drugs, repeal the limitations of contributions to health flexible spending accounts, and assist those in the low to middle-income brackets with monthly tax credits to assist with health care costs.

A summary of the Proposed Legislation impacting employers, as prepared by the Committee on Ways and Means Majority Staff, is as follows:

“SUBTITLE _ — REPEAL AND REPLACE OF HEALTH-RELATED TAX POLICY”

“SECTION_04: SMALL BUSINESS TAX CREDIT

“This section repeals Obamacare’s small business tax credit beginning in 2020. Between 2018 and 2020, under the proposal, the small business tax credit generally is not available with respect to a qualified health plan that provides coverage relating to elective abortions.”

“SECTION_06: EMPLOYER MANDATE

“Under current law, certain employers are required to provide health insurance or pay a penalty. This section would reduce the penalty to zero for failure to provide minimum essential coverage; effectively Prepared by the Committee on Ways and Means Majority Staff March 6, 2017 repealing the employer mandate. The effective date would apply for months beginning after December 31, 2015, providing retroactive relief to those impacted by the penalty in 2016.

“SECTION_07: REPEAL OF THE TAX ON EMPLOYEE HEALTH INSURANCE PREMIUMS AND HEALTH PLAN BENEFITS

“Obamacare imposed a 40 percent excise tax on high cost employer-sponsored health coverage, also known as Cadillac plans. Under current law, the tax will go into effect in 2020. This section changes the effective date of the tax. It will not apply for any taxable period beginning after December 31, 2019, and before January 1, 2025. Thus, the tax will apply only for taxable periods beginning after December 31, 2024.

“SECTION_08: REPEAL OF THE TAX ON OVER-THE-COUNTER MEDICATIONS

“Under current law, taxpayers may use several different types of tax-advantaged health savings accounts to help pay or be reimbursed for qualified medical expenses. Obamacare excluded over-the counter medications from the definition of qualified medical expenses. This section effectively repeals the Obamacare tax on over-the-counter medications. The effective date begins tax year 2018.

“SECTION_09: REPEAL OF INCREASE OF TAX ON HEALTH SAVINGS ACCOUNTS

“Distributions from an HSA or Archer MSA that are used for qualified medical expenses are excludible from gross income. Distributions that are not used for qualified medical expenses are includible in income and are generally subject to an additional tax. Obamacare increased the percentage of the tax on distributions that are not used for qualified medical expenses to 20 percent. This section lowers the rate to pre-Obamacare percentages. This change is effective for distributions after December 31, 2017.

“SECTION_10: REPEAL OF LIMITATIONS ON CONTRIBUTIONS TO FLEXIBLE SAVINGS ACCOUNTS

“Obamacare limits the amount an employer or individual may contribute to a health Flexible Spending Account (FSA) to $2,500, indexed for cost-of-living adjustments. This section repeals the limitation on health FSA contributions for taxable years beginning after December 31, 2017.”

“SECTION_12: REPEAL OF ELIMINATION OF DEDUCTION FOR EXPENSES ALLOCABLE TO MEDICARE PART D SUBSIDY

“Prior to Obamacare, as an incentive for employers to offer retiree drug coverage, employers who offered sufficient prescription drug coverage to their employees qualified for the Retiree Drug Subsidy to help cover actual spending for prescription drug costs. Obamacare eliminated the ability for employers to take a tax deduction on the value of this subsidy. This section repeals this Obamacare change and re-instates the business-expense deduction for retiree prescription drug costs without Prepared by the Committee on Ways and Means Majority Staff March 6, 2017 reduction by the amount of any federal subsidy. This section applies to taxable years beginning after December 31, 2017.”

“SECTION_14: REPEAL OF MEDICARE TAX INCREASE
“Obamacare imposed a Medicare Hospital Insurance (HI) surtax based on income at a rate equal to 0.9 percent of an employee’s wages or a self-employed individual’s self-employment income. This section repeals the additional 0.9 percent Medicare tax beginning in 2018.

“SECTION_15: REFUNDABLE TAX CREDIT FOR HEALTH INSURANCE

[***]

“The program also calls for simplified reporting of an offer of coverage on the W-2 by employers. Reconciliation rules limit the ability of Congress to repeal the current reporting, but, when the current reporting becomes redundant and replaced by the reporting mechanism called for in the bill, then the Secretary of the Treasury can stop enforcing reporting that is not needed for taxable purposes.

“SECTION_16: MAXIMUM CONTRIBUTION LIMIT TO HEALTH SAVINGS ACCOUNT INCREASED TO AMOUNT OF DEDUCTIBLE AND OUT-OF-POCKET LIMITATION

“This section increases the basic limit on aggregate Health Savings Account contributions for a year to equal the maximum on the sum of the annual deductible and out-of-pocket expenses permitted under a high deductible health plan. Thus, the basic limit will be at least $6,550 in the case of self-only coverage and $13,100 in the case of family coverage beginning in 2018.

“SECTION_17: ALLOW BOTH SPOUSES TO MAKE CATCH-UP CONTRIBUTIONS

“This section would effectively allow both spouses to make catch-up contributions to one HSA beginning in 2018.

“SECTION_18: SPECIAL RULE FOR CERTAIN MEDICAL EXPENSES INCURRED BEFORE ESTABLISHMENT OF HSA

“This section sets forth certain circumstances under which HSA withdrawals can be used to pay qualified medical expenses incurred before the HSA was established. Starting in 2018, if an HSA is established during the 60-day period beginning on the date that an individual’s coverage under a high deductible health plan begins, then the HSA is treated as having been established on the date coverage under the high deductible health plan begins for purposes of determining if an expense incurred is a qualified medical expense.”

“SUBTITLE _ — REPEAL AND REPLACE OF CERTAIN CONSUMER TAXES”

“SECTION_02: REPEAL OF HEALTH INSURANCE TAX

“Obamacare imposed an annual fee on certain health insurers. The proposal repeals the health insurance tax beginning after December 31, 2017.”

For the full summary of the Proposed Legislation, please see: https://waysandmeans.house.gov/wp-content/uploads/2017/03/03.06.17-Section-by-Section.pdf and http://energycommerce.house.gov/sites/republicans.energycommerce.house.gov/files/documents/Section-by-Section%20Summary_Final.pdf

Please note that the American Health Care Act is proposed legislation; the changes which may be made to the PPACA through final legislation are still uncertain.  The Committees for both the House Ways and Means and the House Energy and Commerce have scheduled a markup of this proposed legislation for tomorrow, Wednesday March 8th.  Unless and until any legislation is finalized, employers must stay their current course, including complying with ACA employer reporting requirements and the employer shared responsibility mandate.

We will keep you posted as the legislative process progresses.

This email serves solely as a general summary of complex proposed legislation and government initiatives.  It does not constitute legal guidance.  Please contact us with any questions related to the Proposed Legislation and what impact finalization might have on your employer-sponsored plans.

Questions? Contact us to learn more.


Elizabeth H. Latchana, Attorney Fraser TrebilcockElizabeth H. Latchana specializes in employee health and welfare benefits. Recognized for her outstanding legal work, in both 2018 and 2015, Beth was selected as “Lawyer of the Year” in Lansing for Employee Benefits (ERISA) Law by Best Lawyers, and in 2017 as one of the Top 30 “Women in the Law” by Michigan Lawyers Weekly. Contact her for more information on this reminder or other matters at 517.377.0826 or elatchana@fraserlawfirm.com.

Click HERE to sign up to receive email updates and alerts on matters related to Employee Benefits.

Employers Take Note – IRS Extends Deadline for 2016 ACA Information Reporting For Individuals!

 

FB - FinalTreeThe Internal Revenue Service (“IRS”) has extended the deadline for 2016 Information Reporting by employers (and other entities) to individuals under Internal Revenue Code sections 6055 and 6056 by just over one month.  However, the deadline for these entities to file with the Internal Revenue Service (IRS) remains the same.

IRS Notice 2016-70 extends the due dates for the following 2016 information reporting Forms from January 31, 2017 to March 2, 2017:

  • 2016 Form 1095-C, Employer-Provided Health Insurance Offer and Coverage
  • 2016 Form 1095-B, Health Coverage

However, the due dates for filing these Forms and their Transmittals with the IRS remains unchanged.  Specifically, the due date for filing the following documents with the IRS is February 28, 2017; however, if filing electronically, the due date is March 31, 2017 (employers who are required to file 250 or more Forms must file electronically):

  • 2016 Form 1094-B, Transmittal of Health Coverage Information Returns, and the 2016 Form 1095-B, Health Coverage
  • 2016 Form 1094-C, Transmittal of Employer-Provided Health Insurance Offer and Coverage Information Returns, and the 2016 Form 1095-C, Employer-Provided Health Insurance Offer and Coverage

As a result of these extensions, individuals might not receive a Form 1095-B or Form 1095-C by the time they file their 2016 tax returns.  In such case, IRS Notice 2016-70 explains that individual taxpayers may instead rely on other information received from their employers or other coverage providers for purposes of filing their tax returns and do not need to wait to receive Forms 1095-B and 1095-C before filing.  Once they do receive their forms, the individuals should keep it with their tax records. You can find the full Notice here.

Please note that no further extension beyond the March 2, 2017 deadline is allowed.  Therefore, this deadline for furnishing the Forms to individuals must be met.  However, additional extensions may still be available for filing these Forms with the IRS.

Background

As provided in previous Client Alerts, information reporting requirements are applicable under two Internal Revenue Code (“Code”) sections as follows:

  • Section 6055 for insurers, self-insuring employers, and certain other providers of minimum essential coverage; and
  • Section 6056 for applicable large employers.

By way of background, the IRS requires applicable large employers and sponsors of self-insured health plans to report on the health coverage offered and/or provided to individuals beginning calendar year 2015.  Although the reporting requirements extend to other entities that provide “minimum essential coverage” (such as health insurance issuers), this Client Alert focuses on the requirements imposed on employers.

Employers who are deemed applicable large employers, as well as employers of any size who offer self-funded health coverage, must carefully review and study these instructions, which set forth numerous details, definitions and indicator codes which must be used to complete the requisite forms.  The instructions address the “when, where and how” to file, extensions and waivers that may be available, how to file corrected returns, and potential relief from penalties imposed for incorrect or incomplete filing.

The IRS utilizes information from these returns to determine which individuals were offered minimum essential coverage, whether individuals were eligible for premium tax credits in the Marketplace, as well as to determine penalties to be imposed on employers under Pay or Play (Code section 4890H; Shared Responsibility for Employers Regarding Health Coverage, 26 CFR Parts 1, 54, and 301, 79 Fed. Reg. 8543 (Feb. 12, 2014)).   Due to the impact of proper reporting, a clear understanding of these forms and instructions is essential.

Code section 6056 applies to applicable large employers (generally employers with at least 50 full-time employees, including full-time equivalent employees).  Information with respect to each full-time employee (whether or not offered coverage) must be reported on Form 1095-C.  Transmittal Form 1094-C must accompany the Forms 1095-C; all the Forms 1095-C together with the Transmittal Form 1094-C constitute the Code section 6056 information return that is required to be filed with the IRS.  For applicable large employers who self-insure, there is a separate box to complete which incorporates the information required under Code section 6055.

Code section 6055 applies to employers of any size who self-insure.  Non-applicable large employers with self-funded plans must report their information on Form 1095-B, as well as on transmittal Form 1094-B.  All of the Forms 1095-B together with the Transmittal Form 1094-B constitute the Code section 6055 information return that is required to be filed with the IRS.  Again, if the employer who self-insures is also an applicable large employer, the employer will instead use Forms 1095-C and 1094-C, which include a section for self-insured plans.

Employers subject to these requirements must report in early 2017 for the entire 2016 calendar year.

Additionally, employers must provide informational statements to the individuals for whom they are reporting.  Form 1095-C or Form 1095-B (as applicable) may be used as this informational statement.

The links to the Final Forms and Instructions are below:

2016 Forms for Applicable Large Employers (Code Section 6056)

2016 Instructions for Forms 1094-C and 1095-C: click here.

Form 1095-C, Employer Provided Health Insurance Offer and Coverage: click here.

Form 1094-C, Transmittal of Employer Provided Health Insurance Offer and Coverage Information Returns: click here.

Additionally, the IRS has posted numerous Questions and Answers regarding Code section 6056 on its website, here.

2016 Forms for Employers who Self-Fund (Code Section 6055)

2016 Instructions for Forms 1094-B and 1095-B

Form 1095-B, Health Coverage

Form 1094-B, Transmittal of Health Coverage Information Returns

The IRS’ Questions and Answers regarding Code section 6055 can be found here.

Change in Forms for 2016

The changes to the 2016 forms are reflected in the above Instructions but are relatively minor in scope.  The most noteworthy changes are to Form 1094-C with the removal of the Line 22 box for “Qualifying Offer Method Transition Relief” as it was only applicable for 2015; as well as two new Line 14 codes (1J and 1K) added to Form 1095-C which are available to reflect conditional offers of coverage to an employee’s spouse. As explained in the instructions, a conditional offer of coverage to a spouse is “an offer of coverage that is subject to one or more reasonable, objective conditions (for example, an offer to cover an employee’s spouse only if the spouse is not eligible for coverage under Medicare or a group health plan sponsored by another employer).”  See 2016 Instructions for Forms 1094-C and 1095-C.

Penalties Imposed

Both sets of Instructions (for Forms 1094/1095-B and Forms 1094/1095-C) set forth the following penalty information for failure to comply with the information reporting requirements for 2016:

The penalty for failure to file a correct information return is $260 for each return for which the failure occurs, with the total penalty for a calendar year not to exceed $3,193,000.

The penalty for failure to provide a correct payee statement is $260 for each statement for which the failure occurs, with the total penalty for a calendar year not to exceed $3,193,000.

Special rules apply that increase the per-statement and total penalties if there is intentional disregard of the requirement to file the returns and furnish the required statements.

However, the IRS has continued the good faith transition relief from penalties for 2016.   Indeed, IRS Notice 2017-70 states:

Specifically, this notice extends transition relief from penalties under sections 6721 and 6722 to reporting entities that can show that they have made good-faith efforts to comply with the information-reporting requirements under sections 6055 and 6056 for 2016 (both for furnishing to individuals and for filing with the Service) for incorrect or incomplete information reported on the return or statement. This relief applies to missing and inaccurate taxpayer identification numbers and dates of birth, as well as other information required on the return or statement. No relief is provided in the case of reporting entities that do not make a good-faith effort to comply with the regulations or that fail to file an information return or furnish a statement by the due dates (as extended under the rules described above).

Thus, it is imperative to timely distribute and file the forms; otherwise penalties may ensue.

This correspondence is intended to provide general information only, does not constitute legal advice, and cannot be used or substituted for legal or tax advice.

 

Questions? Contact us to learn more.


Elizabeth H. Latchana specializes in employee health and welfare benefits. Recognized for her outstanding legal work, she was selected as the 2015 “Lawyer of the Year” in Lansing for Employee Benefits (ERISA) Law by Best Lawyers. Contact her for more information on this reminder or other matters at 517.377.0826 or elatchana@fraserlawfirm.com.
Click HERE to sign up to receive email updates and alerts on matters related to Employee Benefits.

New Rules Make Preventative Care for Alzheimer’s, Diabetes More Accessible for Medicare Patients

Employee Benefits AlertNew rules for Medicare services are about to take effect that will give people greater access to preventative care. The Centers for Medicare & Medicaid (CMS) decided that, beginning January 1, 2017, Medicare will pay more for cognitive and behavioral assessments, diabetes prevention programs, and to patient-centered care for people living with multiple chronic conditions and cognitive impairment conditions, including Alzheimer’s disease.

CMS says the new payment rules are part of a push by the Administration to create a health-care system that emphasizes prevention and results in better care, smarter spending, and healthier people. The additional funding will go toward care coordination and patient-centered care, mental and behavioral health care, and cognitive impairment care assessment and planning.

Clinicians will also have the opportunity to be paid more for spending more time with patients. That extra time with physicians could be critically important for patients who have multiple chronic conditions, as older adults sometimes do.

For more information from CMS about the new rules, visit its website here and blog here.

Questions? Contact us to learn more.

Fraser Trebilcock provides counsel on all matters relating to the legal planning for care and support of those needing Medicare and Medicaid. Attorney Melisa M. W. Mysliwiec focuses her work in the areas of Elder Law and Medicaid planning, estate planning, and trust and estate administration. She can be reached at mmysliwiec@fraserlawfirm.com or 616-301-0800. You can also click here to learn more about our Trusts & Estates practice.

Is Your Employer Group Health Plan Design Compliant with the Section 1557 Nondiscrimination Rules?

FB - FinalTreeAs an employer, you are likely subject to Title VII of the Civil Rights Act.  But did you know that your group health plan may also be subject to similar nondiscrimination rules?  Employers should carefully analyze whether and to what extent they must comply with Section 1557, which is the nondiscrimination section of the Affordable Care Act.  Similar to Title VII, it prohibits discrimination on the basis of race, color, national origin, sex, age, or disability; however, this law specifically regulates health programs and activities.

If you or your health plan are deemed a covered entity under Section 1557, you have some additional compliance measures to undertake, which include:

-Ensuring your group health plan offers compliant coverage (changes must be made by January 1, 2017)

-Posting appropriate notices within significant publications, on the premises, and on your website

-Ensuring proper grievance procedures are adopted and followed (if applicable)

Here are the questions you should be asking:

  • Does a covered entity exist?
  • If yes, will the employer be liable?
  • Does the employer’s group health plan offer compliant coverage?
  • Are the employer’s physical facilities compliant?
  • Are the proper notices included in significant publications and posted on the premises and websites?
  • Are the appropriate grievance procedures being followed?
  • If Section 1557 in not applicable, why should I care?

Covered Entities

While this is not a comprehensive review, please be aware that health programs or activities receiving federal funds must carefully scrutinize their responsibilities under Section 1557.  A “covered entity” is an entity that operates a health program or activity, any part of which receives Federal financial assistance.  The definitions of “health program or activity” and “federal financial assistance” are:

Health program or activity means the provision or administration of health related services, health-related insurance coverage, or other health related coverage, and the provision of assistance to individuals in obtaining health-related services or health-related insurance coverage. For an entity principally engaged in providing or administering health services or health insurance coverage or other health coverage, all of its operations are considered part of the health program or activity, except as specifically set forth otherwise in this part. Such entities include a hospital, health clinic, group health plan, health insurance issuer, physician’s practice, community health center, nursing facility, residential or community-based treatment facility, or other similar entity. A health program or activity also includes all of the operations of a State Medicaid program, a Children’s Health Insurance Program, and the Basic Health Program.”

Federal financial assistance. (1) Federal financial assistance means any grant, loan, credit, subsidy, contract (other than a procurement contract but including a contract of insurance), or any other arrangement by which the Federal government provides or otherwise makes available assistance in the form of: (i) Funds; (ii) Services of Federal personnel; or (iii) Real and personal property or any interest in or use of such property, including: (A) Transfers or leases of such property for less than fair market value or for reduced consideration; and (B) Proceeds from a subsequent transfer or lease of such property if the Federal share of its fair market value is not returned to the Federal government. (2) Federal financial assistance the Department provides or otherwise makes available includes Federal financial assistance that the Department plays a role in providing or administering, including all tax credits under Title I of the ACA, as well as payments, subsidies, or other funds extended by the Department to any entity providing health-related insurance coverage for payment to or on behalf of an individual obtaining health related insurance coverage from that entity or extended by the Department directly to such individual for payment to any entity providing health-related insurance coverage.”

If the employer operates a health program or activity and receives federal financial assistance, the employer must next determine if it can be held responsible for violations of Section 1557.

Employer Liability

Providing a health plan for employees and receiving federal financial assistance in some other capacity will not necessarily mean that the employer can be liable under Section 1557.  Instead, there are only three instances where employer liability is at issue for discrimination in employee health benefit programs.

A covered entity that provides an employee health benefit program to its employees and/or their dependents shall be liable for violations of this part in that employee health benefit program only when:

  • The entity is principally engaged in providing or administering health services, health insurance coverage, or other health coverage (such as hospitals, carriers, TPAs, etc);
  • The entity receives Federal financial assistance a primary objective of which is to fund the entity’s employee health benefit program (such as by receiving Retiree drug subsidies); or
  • The entity is not principally engaged in providing or administering health services, health insurance coverage, or other health coverage, but operates a health program or activity, which is not an employee health benefit program, that receives Federal financial assistance; except that the entity is liable under this part with regard to the provision or administration of employee health benefits only with respect to the employees in that health program or activity.

If the employer can be liable, it must ensure it offers compliant coverage, has disability accessible premises, posts the required notices, and follows grievance procedures (for employers with 15 or more employees).

Compliant Coverage, Notices & Grievance Procedures, and Physical Location Accessibility

If subject to Section 1557, the employer must ensure nondiscriminatory plan coverage is in effect by January 1, 2017.  Again, coverage cannot discriminate on the basis of race, color, national origin, sex, age, or disability; however, the law also specific requirements with regard to gender identity and transition exclusions and limitations.

Notices describing Section 1557 must be posted and must include taglines for at least the top 15 languages spoken in in the applicable state by individuals with limited English proficiency.

In a conspicuously-visible font size, the Notices must be posted:

  • In significant publications and significant communications targeted to beneficiaries, enrollees, applicants, and members of the public, (except for significant publications and significant communications that are small-sized, such as postcards and tri-fold brochures, which instead use a shorter notice with only 2 taglines);
  • In conspicuous physical locations where the entity interacts with the public (i.e., where other legal notices are posted for employees); and
  • In a conspicuous location on the covered entity’s Web site accessible from the home page of the covered entity’s Web site.

With respect to the Web site requirement, the Preamble provides the following additional information:

We stated that covered entities may satisfy the requirement to post the notice on the covered entity’s home page by including a link in a conspicuous location on the covered entity’s home page that immediately directs the individual to the content of the notice elsewhere on the Web site. Similarly, we stated with regard to the requirement to post taglines that covered entities can comply by posting ‘‘in language’’ Web links, which are links written in each of the 15 non-English languages posted conspicuously on the home page that direct the individual to the full text of the tagline indicating how the individual may obtain language assistance services. For instance, a tagline directing an individual to a Web site with the full text of a tagline written in Haitian Creole should appear as ‘‘Kreyo`l Ayisien’’ rather than ‘‘Haitian Creole.’’

Sample notices and procedures can be found within the regulations and on the government website:

For the final regulations click here: https://www.gpo.gov/fdsys/pkg/FR-2016-05-18/pdf/2016-11458.pdf

The notices and translated taglines are here: http://www.hhs.gov/civil-rights/for-individuals/section-1557/translated-resources/

FAQs can be found here: https://www.hhs.gov/sites/default/files/2016-05-13-section-1557-final-rule-external-faqs-508.pdf

The following link provides information on taglines: http://www.hhs.gov/civil-rights/for-individuals/section-1557/1557faqs/top15-languages/index.html

Finally, HHS has since listed the top 15 languages by state: https://www.hhs.gov/sites/default/files/resources-for-covered-entities-top-15-languages-list.pdf

Additionally, Section 1557 requires that physical locations be disability compliant, and the employer must adopt grievance procedures to handle Section 1557 complaints consistently.

Nondiscrimination Compliance with Health Plan Coverage Even if Section 1557 if Inapplicable

Please note that even if an employer is not subject to Section 1557, the Office for Civil Rights of the Department of Health and Human Services (OFR) may refer a discriminatory design to the EEOC for investigation.  Please see the Preamble to the regulations at https://www.gpo.gov/fdsys/pkg/FR-2016-05-18/pdf/2016-11458.pdf :

Where … the alleged discrimination relates to the benefit design of a self-insured plan—for example, where a plan excludes coverage for all health services related to gender transition—and where OCR has jurisdiction over a claim against an employer under Section 1557 because the employer falls under one of the categories in § 92.208, OCR will typically address the complaint against that employer.

As part of its enforcement authority, OCR may refer matters to other Federal agencies with jurisdiction over the entity. Where, for example, OCR lacks jurisdiction over an employer responsible for benefit design, OCR typically will refer or transfer the matter to the EEOC and allow that agency to address the matter.

Therefore, careful attention to Section 1557’s requirements is important for plan design regardless of direct employer liability under the law.

This correspondence is intended to provide general information only, does not constitute legal advice, and cannot be used or substituted for legal or tax advice.

Questions? Contact us to learn more.

The Force Awakens: Better Health, Better Care, Better Value in America

Doc HandsThe Force is with you, Jedi health care workers! This infamous Star Wars theme headlined an annual health care presentation, sponsored by the McLaren Greater Lansing Healthcare Foundation’s Business Partners in Health Committee. Continue reading The Force Awakens: Better Health, Better Care, Better Value in America

Recent OIG Settlements Highlight the Need for HIPAA Business Associate Agreements

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) recently entered into resolution agreements with the Raleigh Orthopaedic Clinic, P.A. of North Carolina and North Memorial Health Care, a not-for-profit health care system in Minnesota, to settle charges the entities released protected health information (“PHI”) without first obtaining written business agreements.

These recent settlements by the OCR should serve as a reminder to covered entities of the importance of having proper policies and procedures in place to identify and evaluate potential business associates before disclosing PHI—and the potentially high cost for failing to do so.

The Raleigh Orthopaedic Clinic agrees to pay $750,000 to settle charges

The Raleigh Orthopaedic Clinic (“the Clinic”) is a provider group practice that operates clinics and an orthopedic surgery center in the Raleigh, N.C. area. The OCR began its investigation of the Clinic in April 2013 after the OCR received a breach notification from the Clinic indicating an impermissible disclosure of PHI to a third party vendor.

The disclosure stemmed from an oral agreement between the Clinic and a vendor. As part of the agreement, the Clinic released the x-ray films and related PHI of 17,300 patients to a vendor that was supposed to convert the images to electronic records in exchange for harvesting the silver from the x-rays.

The Clinic agreed to pay $750,000 to settle charges that it potentially violated the HIPAA Privacy Rule by providing the PHI of nearly 17,300 patients to a potential business partner without first executing a business associate agreement. In an April 19th press release announcing the OCR’s settlement agreement with the Clinic, OCR Director Jocelyn Samuels stated “HIPAA’s obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise.” The OCR Director went on to emphasize that “[i]t is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected.”

In addition to the $750,000 payment, the settlement agreement with the OCR requires the Clinic to: 1) implement procedures for determining whether entities are business associates; 2) select a responsible individual who will ensure business associate agreements are in place before disclosing PHI to a business associate; 3) create a standard template for business associate agreements; 4) develop procedures for maintaining documentation of business associate agreements for at least six (6) years beyond the date a business associate relationship terminates; and 5) limit disclosures of PHI to the minimum necessary to accomplish the purpose for which the business associate was hired.

North Memorial Health Care agrees to pay $1,550,000 to settle charges

North Memorial Health Care (“North Memorial”) is a not-for-profit health care system in Minnesota that operates in the Twin Cities and surrounding areas. The OCR began investigating North Memorial following the report of a data breach in September 2011. The data breach stemmed the theft of an unencrypted, password-protected laptop that was stolen from the locked vehicle belonging to an Accretive Health employee. Accretive Health was North Memorial’s business associate. The laptop contained electronic PHI of 9,497 individuals.

The OCR’s investigation revealed that North Memorial impermissibly disclosed the PHI of at least 289,904 individuals to its business associate, Accretive, without obtaining a written business associate agreement from Accretive. The OCR also found that North Memorial did not establish an enterprise-wide risk analysis to address patient information risks and vulnerabilities, as required by 45 C.F.R. § 164.308(a)(1)(ii)(A).

In addition to the $1.55 million payment to settle the charges, North Memorial must abide by the terms of a corrective action plan, which includes developing an enterprise-wide risk analysis and management plan. North Memorial is also required to provide training for workforce members affected by the corrective action plan.

In the March 16, 2016, press release announcing the settlement, OCR Director Samuels stressed that “[o]rganizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure.”

These recent settlements announced by the OCR show the high cost a covered entity could face for not having an appropriate business associate agreement in place. The settlement should remind covered entities to have the proper policies, procedures, and personnel, in place to identify and evaluate potential business associates before releasing PHI.

To find out more about the business associate agreements or other HIPAA requirements, contact Fraser Trebilcock at 517.482.5800.

New OIG Guidance for Health Care Governing Boards

Earlier this month, the U.S. Department of Health and Human Services, Office of Inspector General (OIG) released an educational resource for governing boards entitled Practical Guidance for Health Care Governing Boards on Compliance Oversight (Practical Guidance). The Practical Guidance was developed in collaboration with the Association of Healthcare Internal Auditors (AHIA), the American Health Lawyers Association (AHLA), and the Health Care Compliance Association (HCCA). Guidance documents previously issued by the OIG emphasized the need for governing boards (Boards) to be fully engaged in their oversight responsibility. A fundamental element of any oversight plan involves asking the right questions of management to determine the effectiveness of an organization’s compliance plan and to gauge the performance of those carrying out the compliance plan.

The Practical Guidance just released by the OIG seeks to provide guidance to Boards as they oversee their organizations’ compliance with state and federal health care regulations. In particular, the Practical Guidance addresses issues relating to a Board’s oversight of compliance programs, including:

  1. Expectations for Board oversight of compliance programs;
  2. The roles of an organization’s audit, compliance, and legal departments, and the relationships between them;
  3. Mechanisms and processes for issue-reporting within an organization;
  4. Approaches to identify regulatory risks;
  5. Methods to ensure accountability for achievement of compliance goals.

Many of the guidance issues addressed in the Practical Guidance are best practice recommendations rather than strict legal requirements. Since many of the practices addressed in the current Practical Guidance have been discussed in voluntary compliance program documents previously released by the OIG, this post will just highlight some of the newest recommendations addressed by the current Practical Guidance.

Expectations for Board Oversight of Compliance Programs

The Practical Guidance encourages Boards to use publicly available compliance resources as benchmarks for their organizations. Specifically, the Practical Guidance recommends using the Federal Sentencing Guidelines (Guidelines), the OIG’s voluntary compliance program documents, and OIG Corporate Integrity Agreements (CIAs), as baseline tools for Boards and management to determine what functions may be necessary for an effective compliance program.

The OIG recognizes that a one size fits all approach does not work when designing a compliance program and that a board may choose to review the adequacy of an existing compliance program in its own organization-specific way. In the most recent Practical Guidance, the OIG simply recommends that a Board make management aware of the Federal Sentencing Guidelines, voluntary compliance program guidance, and relevant CIAs, as a good first step in ensuring the adequacy of an existing compliance program.

The Practical Guidance also suggests that a Board may raise its level of substantive expertise by adding, or periodically consulting, an experienced regulatory, compliance or legal professional. Adding such a professional to a Board provides a valuable resource to other Board members, and sends a strong message about an organization’s commitment to compliance.

Roles and Relationships

The Practical Guidance recommends that Boards define the interrelationships of the audit, compliance, and legal departments in an organization. A Board should evaluate the adequacy and performance of these departments on a periodic basis. The structure, reporting relationships, and interaction of these and other functions (e.g., quality, risk management, and human resources) should be included as departmental roles and responsibilities are defined.

The Practical Guidance emphasizes the need for an organization’s audit, compliance, and legal departments to speak with a common language to the Board and management with regard to governance concepts, such as accountability, risk, auditing, monitoring, and compliance. Agreeing on the adoption of departmental definitions and relationships can facilitate the development of such a  common language.

Reporting to the Board

The Practical Guidance recommends that a Board set and enforce expectations for receiving regular compliance-related information from management. Regular internal reviews by a Board will not only give the Board a snapshot of where its compliance program is, but regular internal reviews should also lead to better compliance program results and higher quality services.

The Practical Guidance also recommends a Board consider conducting “executive sessions” on a regular basis. These executive sessions would include leadership from the compliance, legal, quality, and audit departments, but would exclude senior management in an attempt to encourage more open communication between departments. Regular executive sessions could also create a continuous expectation of open communication rather than initiating communication only when a problem arises.

Identifying and Auditing Potential Risk Areas

The Practical Guidance recognizes that some regulatory risk is common to all health care providers. The Practical Guidance also recognizes that certain types of activities are more high risk because they are more vulnerable to fraud. Those high risk activities include referral relationships, billing issues, privacy breaches, and quality-related events.

The Board should ensure that strong processes for identifying risk areas are in place, including identifying risk areas from internal or external information sources. The Board should ensure that risk areas are routinely audited and reviewed and should also ensure that management develops, implements, and monitors corrective action plans.

Encouraging Accountability and Compliance

The Practical Guidance recognizes that compliance is an enterprise-wide responsibility. Therefore, while the audit, compliance, and legal functions of an organization serve as advisors, evaluators, identifiers, and monitors of risk and compliance, the actual responsibility of executing the compliance program rests with the entire organization.

A Board may assess execution of a compliance program at the individual, department, or facility-level, and may choose to link incentives to compliance and quality outcomes. The Practical Guidance suggests that, as an extension of its oversight of an organization’s reporting structures, a Board should evaluate whether compliance systems encourage communication across the organization and whether employees feel comfortable raising compliance concerns without retaliation or retribution.

Conclusion

The OIG’s most recent Practical Guidance adds to previously issued compliance documents and provides a good starting point for Boards carrying out oversight of an organization’s compliance with state and federal regulations. A Board should still consult with counsel or other compliance professionals to ensure its compliance program complies with relevant federal, state, and local laws.

To find out more about the effect of governance issues related to health care or your business, contact Fraser Trebilcock at 517.482.5800.

DHS Issues Alert Warning of New Cybersecurity Threats

On March 31, the Department of Homeland Security (DHS) issued Alert TA16-091A warning of new ransomware variants—such as Locky and Samas—responsible for infecting computers at several health care facilities in the first quarter of 2016.

Ransomware is a type of malware—malicious software—that is often spread through infected websites or phishing emails.  The ransomware works by locking or encrypting a target’s files. Users are then told that unless a ransom is paid they will be unable to regains access to their files.

In the first few months of 2016, ransomware attacks have infected computer systems at Methodist Hospital in Henderson, KY, several Washington, D.C.-area hospitals run by Medstar, and at the Hollywood Presbyterian Medical Center in California. The attack on the Hollywood Presbyterian Medical Center locked physicians out of electronic health records (EHRs) and disrupted email communications for staff.  Hollywood Presbyterian paid the hackers $17,000 in bitcoin, believing it was the fastest and quickest ways to restore normal operations.

The DHS discourage organizations from paying ransom, because paying the ransom may lead to similar attacks, may provide the hackers with the victim’s banking information, and the decrypted files could still contain a malware infection. But deciding whether or not to pay a ransom is a difficult decision for an organization faced with disruption of its operations, financial losses, loss of proprietary information, and perhaps most importantly, the potential harm to its reputation.

In its Alert, the DHS provides a list recommendations that, at a minimum, all businesses should take to prepare for a ransomware attack:

  • Implement a data backup and recovery plan for all critical information, and regularly test the data backups.
  • Use application whitelisting, which allows only specific programs to run, to prevent malicious software.
  • Make sure operating system and anti-virus software is up-to-date with the latest updates and patches.
  • Restrict the ability of users within your organization to install and run unwanted software.
  • Block emails messages with attachments from suspicious sources, do not enable macros from email attachment, and do not follow unsolicited internet links in emails.

Many of the recommendation in the DHS alert may already be a part of your company’s cybersecurity practices.

To find out more about the effect of cybersecurity on your business, contact Fraser Trebilcock at 517.482.5800.