|
 | |
|
Welfare and Health Plan Administrators' Legal Checklist
|
|
September 3, 2007
|
|
|
|
|
|
By Tonie Bitseff
Thelen LLP
There have been many changes in legal requirements affecting health and welfare plan administration since 2005. Following is a list of changes, their effective dates, summaries of their requirements and additional details.
January 1, 2008
General Effective Date for IRC §409A Regulations
|  | Imposes detailed requirements on "nonqualified deferred compensation plans."
|
| | Exempts tax-exempt health benefits and bonafide vacation leave, sick leave, compensatory time, disability pay and death benefit plans.
|
| | Severance plans are subject to the rules, but certain window plans and separation pay plans qualify for exemptions.
|
Click here for details.
Insurance Contract Renewal or Renegotiation Complete
| | Review California health insurance contract changes to understand domestic partner coverage changes.
|
| | Review health contracts to ensure that insurance carrier is assuming creditable coverage and pre-existing condition exclusion notification obligations.
|
| | Review contract for any premium rebates or refunds that might generate plan assets and amend plan to specify appropriate treatment.
|
| | Verify that insurer will pay CMS (Centers for Medicare and Medicaid Services) claims brought under medical secondary payer statute after normal claims deadline has passed.
|
TRICARE Rule Included in John Warner National Defense Authorization Act
| | Effective January 1, 2008, group health plan sponsors cannot offer employees a financial incentive to not enroll in a plan that would be primary to TRICARE.
|
| | TRICARE-eligible employees cannot be discriminated against in terms of primary coverage or eligibility to enroll.
|
| | Administrators should review provisions that provide military-based exclusions or limitations.
|
| | Administrators should review any credits or cash back offered to employees that do not elect health plan coverage.
|
| | Look for guidance similar to MAP guidance exempting broad-based practices.
|
December 31, 2007
Debit Card Use Restricted Upon Expiration of Notice 2007-2 Transitional Relief
| | Identify local merchants who meet the 90 percent gross receipt test outlined in Notice 2007-2 or who participate in an inventory information approval system described in Notice 2006-69 and communicate to HRA (health reimbursement account) and FSA (flexible spending account) participants that debit card use will be restricted to those merchants.
|
| | Review transactions with "Other Medical Care Providers" during 2007 and ensure that substantiation and correction requirements of Revenue Ruling 2003-43 are met.
|
| | If a third-party administrator is used, obtain contractual assurances that Revenue Ruling 2003-43, Notice 2006-69 and Notice 2007-2 will be followed.
|
Click here for details.
November 1, 2007
Comments to Proposed Cafeteria Plan Regulations Due
| | The IRS issued new proposed cafeteria plan regulations on August 3, 2007.
|
| | The new proposed regulations withdrew previous cafeteria plan guidance.
|
| | New rules feature nondiscrimination rules, election restrictions and clarifications, and rules for providing adoption assistance FSAs and HAS-compatible FSAs.
|
August 14, 2007
Effective Date for New Dependent Care Assistance Regulations
| | Defines status as "qualified individual" on daily basis.
|
| | Kindergarten and summer school are not considered employment-related, but day camps are.
|
| | Short, temporary absence exception with two-week safe-harbor.
|
August 1, 2007
Start Preparations for 2008 Open Enrollment
| | Develop appropriate Working Family Tax Relief Act descriptions for dependent coverage.
|
| | Review domestic partner enrollment procedures.
|
| | Update HIPAA portability disclosures and add to open enrollment material.
|
| | Update Part D analysis for creditable coverage disclosures.
|
| | Follow-up with insurance companies regarding renewal, making sure to extend claims filing deadlines for Medicare secondary payer claims.
|
July 1, 2007
First Effective Date for Final HIPAA Nondiscrimination and Wellness Program Regulations
| | Effective for plan years beginning on or after July 1, 2007.
|
| | Review medical benefits to ensure that benefits, charges, eligibility and termination are not based on a health-status related factor.
|
| | Review any group disparate treatment to ensure it is based on a "bona fide employment based classification."
|
| | Review insurance coverage for non-confinement clauses and instead insist on removal and application of state coordination of benefits.
|
| | Review coverage for "actively at work" requirements.
|
| | Review coverage for "source of injury" exclusions.
|
| | Review pre-existing condition exclusions to ensure that they are not based on a health-status related factor.
|
| | Review wellness programs to determine if HIPAA (Health Insurance Portability and Accountability Act of 1996) applies and if it does, determine if the HIPAA requirements are satisfied.
|
Click here for details.
June 4, 2007
3rd Circuit Approves Coordination with Medicare
| | Erie County decision no longer prohibits retiree health plans from coordinating with Medicare.
|
| | Injunction against EEOC regulation lifted.
|
Click here for details.
May 23, 2007
HIPAA National Provider Identifier Takes Effect
| | Health care providers must use a single 10-digit National Provider Identifier (NPI) for all standard transactions.
|
| | Health plans must be able to electronically recognize the NPI.
|
| | Health plans will need to cross-reference the NPI with the former provider identifier.
|
| | Self-funded employer-administered plans require systems modification and testing.
|
| | Business associate agreements may need to be amended to include compliance with the national provider system.
|
| | Small plan compliance deadline is May 23, 2008, and for other plans, "good faith" compliance will satisfy requirements until May 23, 2008.
|
April 14, 2007
3-Year Notice of Availability of HIPAA Privacy Notice Due for Small Plans
| | Distribute notice that the HIPAA privacy notice is available every three years.
|
| | Small plans that first distributed the HIPAA privacy notice on April 14, 2004, must send the availability notice by April 14, 2007.
|
| | Review notice for any changes and update to reflect the new effective date.
|
Click here for details.
February, 2007
New Jersey Recognizes Civil Unions
| | Contact all New Jersey insurance carriers to determine how they will extend spousal coverage to civil union partners.
|
| | Amend plan documents and SPDs (summary plan descriptions) as necessary to reflect new coverage.
|
| | Review New Jersey Family Leave Act and non-ERISA benefits to determine if compliance changes are needed.
|
| | Address differences in New Jersey taxation and federal imputed income for health coverage and any other tax-advantaged benefits.
|
| | Anticipate addition of civil union partner's children.
|
January 1, 2007
FSA Reimbursements During 2½-Month Grace Period Disregarded for HSA Eligibility
| | Review FSA SPD to ensure interaction between FSA and HSA (health savings account) eligibility is accurate under the new rule.
|
| | Review HSA communications to ensure interaction between FSA and HSA eligibility is accurate under the new rule.
|
Click here for details.
Increases in HSA Contributions
| | If HSA contributions are made by the employer, consider whether to limit contributions to the HDHP (high deductible health plan) deductible or allow increased amounts.
|
| | If HSA contributions are made by the employer, consider whether to provide increased contributions to non-highly paid employees.
|
| | If HSA contributions are made by the employer, consider contribution amounts for new employees who will qualify for full contributions for part-year participation.
|
Click here for details.
Final Regulations on Use of Electronic Media to Provide Employee Benefit Notices
| | Apply rules to benefit elections and consents through electronic medium made on or after January 1, 2007.
|
| | Consider using rules as a safe harbor for notices and elections that may be unwritten.
|
Click here for details.
December 28, 2006
Department of Health and Human Services Publishes HIPAA Security Guidance for Portable Electronic Devices
| | Review HIPAA security policies to ensure that remote access and portable device use has been adequately addressed.
|
| | Review procedures to ensure two-factor authentication and session termination are used for remote access.
|
| | Review procedures to ensure that passwords, encryption, firewalls and virus protection are installed on laptops containing e-PHI (electronic protected health information).
|
| | Review procedures to ensure smart phones and PDAs receive regular security updates.
|
| | Review procedures to ensure that portable devises are tracked and that e-PHI is properly deleted at disposal.
|
| | Implement encryption for transmission over an electronic communications network (SSL or stronger).
|
| | Ensure proper training.
|
Click here for details.
December 1, 2006
Federal Rules of Civil Procedure Address Electronically Stored Information
| | Review rules to understand how electronic information related to claims processing will be treated in litigation.
|
| | Adopt good-faith measures to protect electronically stored information to avoid sanctions.
|
November 20, 2006
Rules for Using Debit Cards for IRC §132(f) Benefits
| | Revenue Ruling 2006-57 provides guidelines for employers on the use of smart cards or debit cards to provide qualified transportation fringe benefits.
|
| | Employers may rely on the guidance now.
|
| | The requirements become effective January 1, 2008.
|
Click here for details.
October 27, 2006
Department of Labor Guidance on HSAs as ERISA Plans
| | If HSA contributions are made by the employer, consider automatic deposits to HSA.
|
| | If HSAs are offered by the employer, determine whether the offering is an ERISA plan, a group-type insurance safe harbor or a FAB 2004-1 plan, and review structure to ensure compliance with applicable approach.
|
| | If HSAs are offered, review relationship with HSA vendor to ensure no discounts are provided on other products.
|
| | If HSAs are offered, ensure that relationships do not violate the prohibited transaction rules.
|
Click here for details.
September 21, 2006
One-Time Transfer of FSA and HRA Balances to HSA
| | Record FSA and HRA account balances.
|
| | Transfer will be limited to the lesser of the balance on September 21, 2006, and the balance on the date of the transfer.
|
Click here for details.
September 5, 2006
Value-Driven Health Care Web Site Launched by HHS
| | HHS (Department of Health and Human Services) transparency Web site complies with August 22, 2006, Executive Orders.
|
| | Contains information about steering committee chartering "quality and price information collaboratives" to find best ways to report health care price and quality information to consumers.
|
August 17, 2006
Pension Plan Protection Act of 2006 Signed Into Law
| | Extends qualified tuition program.
|
| | Enhances some health plan funding alternatives.
|
| | Enhances long-term care options.
|
| | Taxes certain corporate-owned life insurance policies.
|
Click here for details.
August 14, 2006
Revenue Ruling 2006-36
| | A health-care reimbursement arrangement that allows a person other than a spouse or tax dependent to receive benefits results in taxation of benefits under the plan.
|
| | Contains a delayed effective date of plan years beginning on or after December 31, 2008, for certain plans with beneficiary designation upon an employee's death.
|
July 31, 2006
Notice 2006-69 Provides Guidance on Substantiation and Inventory Information Approval Systems
| | Transitional relief in Notice 2007-2 extends deadline for full compliance to 2008.
|
| | Review debit card substantiation procedures.
|
| | Contact any third party administrators to discuss future compliance.
|
| | Consider automatic substantiation of co-payments and recurring expenses.
|
| | Consider debit cards for dependent care FSA programs.
|
Click here for details.
July 19, 2006
Maryland's Fair Share Health Care Act Overturned
| | Law enacted on January 12, 2006, required large employers to pay penalty if they failed to provide basic health benefit.
|
| | Pre-emption ruling should be watched because if it survives appeal, it will have an impact on similar laws in other states and localities (specifically Massachusetts, Vermont and San Francisco).
|
Click here for details.
May 24, 2006
Proposed Dependent Care Expense Regulation
| | The proposed regulations may be relied on but will not apply until they are finalized.
|
| | Clarifications on nursery school, kindergarten, food, lodging, clothing, housekeeping, specialty day camps, transportation, employment taxes, room and board, application fees and agency fees may be helpful in dependent care assistance plan administration.
|
| | The proposed regulations address temporary absence and part-time employment, which could provide clarification to dependent care assistance program eligibility.
|
May 15, 2006
Medicare Part D Disclosure
Sereboff v. Mid Atlantic Medical Services, Inc.
| | Supreme Court held that administrator could sue beneficiary for "equitable" relief under ERISA §502(a)(3).
|
| | Limited to identifiable funds of participant.
|
| | Review subrogation provisions and modify if necessary to take advantage of this ruling.
|
April 21, 2006
HIPAA Security Compliance Deadline for Small Plans
| | Amend business associate agreements to include e-PHI provisions.
|
| | Amend plan document to include e-PHI provisions.
|
| | Finalize policies and procedures for e-PHI.
|
| | Train workforce.
|
Click here for details.
April 14, 2006
3-Year Notice of Availability of HIPAA Privacy Notice Due for Large Plans
| | Distribute notice that the HIPAA privacy notice is available every three years.
|
| | Large plans that first distributed the HIPAA privacy notice on April 14, 2003, must send the availability notice by April 12, 2006.
|
| | Review notice for any changes and update to reflect the new effective date.
|
Click here for details.
March 31, 2006
Medicare Part D Creditable Coverage Notice to CMS
| | Determine whether plan benefits will be "deemed" to be creditable.
|
| | If not, make actuarial determination.
|
| | Provide notice to CMS using form at:
www.cms.hhs.gov/CreditableCoverage
(Scroll down to "Related Links Inside CMS" and click on "Disclosure to CMS Form.")
|
Click here for details.
March 16, 2006
Final Rule on Civil Penalties Under HIPAA
| | Consolidated enforcement rule provides penalties of $100 per day per violation with a $25,000 cap.
|
| | Update HIPAA privacy and security policies and procedures.
|
| | Ensure operational compliance.
|
| | Update training.
|
| | Complete all necessary remediation.
|
Click here for details.
January 18, 2006
New USERRA Posting
January 1, 2006
(Plans must comply by the start of plan years beginning on or after July 1, 2005)
New HIPAA Portability Rules
| | Update certificates of creditable coverage.
|
| | Update general notice of pre-existing condition exclusion.
|
| | Update individual notice of pre-existing condition exclusion.
|
| | Update notice of special enrollment rights.
|
| | Review health flexible spending accounts to make sure exemption applies.
|
| | Review any retiree plans or "partnership plans" claiming exemption.
|
| | Review plan document and SPD and revise as necessary.
|
On December 30, 2004, the Internal Revenue Service, Department of Labor, and Department of Health and Human Services jointly issued final and proposed regulations governing the group health plan portability provisions of HIPAA.
Although the final rules do not significantly change the interim rules, the rules contain new model language for most types of disclosure and expand the definition of creditable coverage. The new rules also provide additional examples of special enrollment events and provide clarification regarding exemptions for health flexible spending accounts, "partnership plans" and "retiree plans." The changes take effect for plan years beginning on or after July 1, 2005.
More information is available at: www.hhs.gov/ocr/hipaa.
December 31, 2005
New 2½-Month FSA "Grace Period"
| | Determine whether to adopt "grace period" for health FSA.
|
| | Determine whether to adopt "grace period" for dependent care FSA.
|
| | Develop strategy to handle administration.
|
Click here for details.
November 15, 2005
Medicare Part D Creditable Coverage Notice to Participants
| | Determine whether plan benefits will be "deemed" to be creditable.
|
| | If not, make actuarial determination.
|
| | Provide notice to Medicare-eligible persons before Medicare Part D annual coordination election period.
|
| | Establish procedures to provide notice to Medicare-eligible persons before the initial enrollment period for Part D, before enrollment in the plan, when coverage ends or changes, and upon request.
|
Click here for details.
April 21, 2005
HIPAA Security Compliance Deadline for Large Plans
| | Amend business associate agreements to include "e-PHI" provisions.
|
| | Amend plan document to include e-PHI provisions.
|
| | Finalize policies and procedures for e-PHI.
|
| | Train workforce.
|
Click here for details.
January 1, 2005
(Delayed Effective Date for Health Plans)
Domestic Partner Coverage Added to All California Insurance Contracts
| | Review California contracts to understand coverage.
|
| | Update SPD, plan and open enrollment materials to resolve inconsistencies with policies.
|
| | Review any certification of domestic partnerships to ensure registered domestic partner's coverage is like a spouse's coverage.
|
| | Review general treatment of domestic partners.
|
| | Review tax treatment and change tax administrator as necessary.
|
The California Insurance Equality Act requires equal coverage for registered domestic partners (as defined by Family Code §297) of all forms of insurance regulated by the California Department of Insurance and by all California health maintenance organizations. The law is generally effective for policies issued, amended, delivered or renewed on or after January 1, 2005, but health plans have a delayed effective date.
January 1, 2005
Working Family Tax Relief Act of 2004
| | Amend plan documents and update SPD(s).
|
| | Review any tax representations and attestations and revise as necessary.
|
| | Review open enrollment material and revise as necessary.
|
| | If dependents who are not Internal Revenue Code §152 dependents will receive benefits, review administration to ensure that taxable income is properly imputed.
|
The Working Family Tax Relief Act of 2004 changed the definition of "dependent" under §152 and related provisions of the Internal Revenue Code. These Internal Revenue Code provisions describe to which "dependents" a participant can provide health and dependent care assistance on a pre-tax basis.
The groups that are most likely to be impacted by these changes are children of domestic partners and children who are supported by but do not live with their parents. These children may not qualify as "dependents" under the Working Family Tax Relief Act.
Originally, for purposes of dependent care assistance programs, the new rules did not treat an expense as a "qualifying expense" if the care was provided to a disabled adult who has income in excess of the exemption amount for the year. Fortunately, the Gulf Opportunity Zone Act removed the income limitation retroactively to January 1, 2005.
Revised COBRA Notice Requirements
| | Revise general COBRA notice (aka initial COBRA notice).
|
| | Revise COBRA election notice.
|
| | New notice if COBRA coverage is unavailable.
|
| | New notice of early termination.
|
| | Amend plan for USERRA 24-month period and review USERRA-COBRA coordination.
|
| | Review plan and SPD and revise as necessary.
|
These new regulations apply to COBRA notice obligations that arise on or after the first day of the first plan year beginning on or after November 26, 2004.
The new regulations provide specific guidance on the general notice provisions; notices provided by an employer upon the occurrence of a qualifying event; notices provided by qualified beneficiaries upon the occurrence of certain events; and the COBRA election notice and other notices required to be provided by an employer.
Compliance with the new regulations protects plans because under the new regulations, plans can require qualified beneficiaries to follow reasonable notice procedures and hold qualified beneficiaries to that obligation.
Compliance also is required by law. An amendment to USERRA provides 24 months (instead of 18 months) of coverage for USERRA continuation for elections made on or after December 10, 2004. All coordination provisions and continuation notices and disclosures should take this new period into account.
More information is available at:
www.dol.gov/ebsa/compliance_assistance.html.
Debit Card Use
Debit card use as part of health benefit plans (including HSA and HRA) must meet strict claims substantiation requirements, which vary depending on the amount debited and the type of merchant at which the card is used.
Starting in 2008, debit cards may be used only at merchants that have health-care related merchant codes. Until then, cards may be used at stores that have a wider variety of merchant codes, but all charges must be substantiated by a third party. Certain claims are deemed to be substantiated based on the amount and location of the debit - for example, claims made at a pharmacy in the amount of the co-payment (or certain multiples thereof) for the participant's prescription coverage generally will be deemed substantiated.
Regarding dependent care, debit cards can be used only for expenses at the time they are provided rather than charged. This means that even if a participant pre-pays for a month of daycare, reimbursement cannot occur until the end of the month. In addition, the participant's account must be funded before reimbursements can be made.
Debit cards for qualified transportation expenses may be used to purchase transit passes under certain limited conditions and must be used to reimburse rather than advance qualified transportation expenses.
IRS guidance is available at:
www.irs.gov/irb/2006-31_IRB/ar10.html
HIPAA Nondiscrimination and Wellness Program Regulations
On December 13, 2006, the Department of Labor issued final regulations entitled "Nondiscrimination and Wellness Programs in Health Coverage in the Group Market." Plans must comply with these rules during plan years beginning on or after July 1, 2007 (January 1, 2008 for calendar year plans). The regulations set out eight health factors that may not be used to discriminate:
| | Health status.
|
| | Medical condition (including both physical and mental illnesses) as defined in the regulations.
|
| | Claims experience.
|
| | Receipt of health care.
|
| | Medical history.
|
| | Genetic information as defined in the regulations.
|
| | Evidence of insurability.
|
| | Disability.
|
Disparate treatment of similarly situated groups of participants is allowed only when based on a "bona fide employment-based classification consistent with the employer's usual business practice," such as geography, part-time vs. full-time status, or length of service, to name a few.
Disparate treatment of beneficiaries is allowed when the difference is not based on a health factor. Persons who do not enroll at initial eligibility may be treated differently than those who enroll when first eligible unless they enroll under certain circumstances outlined in the HIPAA Portability Rule, which may allow them to avoid such disparate treatment.
Although eligibility may not be affected by a participant's (or beneficiary's) participation in certain activities, a plan may choose not to cover injuries caused as a result of such activities. In doing so, the plan must verify that an underlying medical condition was not the source of the injury.
Pre-existing condition exclusions may only be applied to the extent that they are not based on a health factor, take into account prior creditable coverage and apply uniformly to similarly-situated individuals. Actively-at-work provisions may only be applied with respect to the first day of employment and not after a waiting period. Non-confinement clauses are prohibited and, if there is a state law requiring insurers to continue insurance that would otherwise end during the term of an individual's confinement to a hospital, the state's coordination of benefits provisions will apply.
Plans may allow favorable treatment for adverse health factors, such as allowing a dependent who is over the limiting age but who is disabled to remain covered by the plan.
Although some wellness programs are not subject to the nondiscrimination provisions because they are independent of any health plan, if a wellness program would otherwise violate HIPAA's nondiscrimination rules, it may be excepted from such rules by satisfying five restrictions outlined in the regulations:
| | The reward for participation may not exceed 20 percent of the cost of employee-only coverage under the plan (or for programs that may be extended to family members, to 20 percent of the coverage in which the employee and participating dependents are enrolled).
|
| | The program must be reasonably designed to promote health or prevent disease and must have a reasonable chance of improving health or preventing disease. It should not be overly burdensome or be a subterfuge for discriminating based on a health factor.
|
| | The program must give eligible individuals the opportunity to qualify for the reward at least once per year.
|
| | The reward must be available to all similarly situated persons (including a reasonable alternative standard or waiver for those who cannot qualify due to a medical condition or who should not attempt to qualify on medical advice).
|
| | The plan language must include information about the alternative standard or waiver.
|
For example, a plan may charge a 20 percent premium surcharge to those who have smoked in the previous 12 months but must allow smokers who cannot quit because of a medical condition (nicotine addiction) to avoid the surcharge by participating in a smoking cessation program, which it publicizes in its plan material.
The Department of Labor provided administrative assistance before the release of the final regulations. This information, based on the interim final regulations, still is applicable and can be viewed at:
www.dol.gov/ebsa/pdf/CAGTableOfContents.pdf
HIPAA Privacy
As required by Title II of HIPAA, HHS issued rules that restrict the use and disclosure of Protected Health Information (PHI) by covered entities (the Privacy Rule), standardize electronic health care transactions (the Standardization Rule) and safeguard PHI (the Security Rule).
These rules apply to "covered entities," which include health plans, health care providers that conduct standard transactions electronically and health care clearinghouses. Plans that provide medical benefits are covered entities unless they are employer-administered and have fewer than 50 participants or their primary benefits are not health benefits.
HIPAA does not apply to worker's compensation insurance, disability wage replacement, accidental death and dismemberment insurance, liability insurance such as auto insurance and other insurance benefits for which medical benefits are incidental to the primary benefit.
Although an employer is not a covered entity, an employer must agree to comply with the rules if it helps administer a health plan and must ensure that its health plans comply with the rules. Title II impacts all employers that provide health benefits, but an employer's HIPAA obligations extend only to its plan and not to its role as employer.
The HIPAA Privacy Rule had an April 14, 2003 deadline, but small plans (under $5 million annually) had an extra year to comply.
The rules limit the use and disclosure of PHI. PHI is information that identifies a person and relates to a health condition or health care. Different rules apply to a fully insured health plan that does not create or receive PHI than to a self-funded health plan.
If a health plan is fully insured and the employer does not create or receive PHI, the employer will need a standard authorization form for all use except enrollment and use of summary health information to shop for insurance and amend the plan. A "wrapped" plan in which health benefits are combined with other benefits must make a hybrid entity designation so that the other benefits are not subject to HIPAA. The plan also must avoid intimidating or retaliating against individuals who exercise their privacy rights and may not require participants to waive their right to complain to HHS.
Self-funded plans and plans that receive PHI (other than summary health information and enrollment information) have a number of requirements that must be met for HIPAA privacy compliance. The plan must enter into a "Business Associate Agreement" with each service provider. This is a contract between the plan and service provider that limits the service provider's use and disclosure of PHI. The plan also must develop procedures for administration of individual rights, which include the right to access, correct and restrict PHI, receive an accounting (non-routine disclosures) and complain.
These plans will need to be amended to allow the employer to use PHI, and the employer must agree to the restrictions unless involvement is limited to summary health information and enrollment information. Formal privacy policies and procedures must provide detailed information about the minimum necessary use and disclosure, verification, documentation, training, safeguards, correction and sanctions.
Self-funded plans also must distribute a privacy notice to covered persons by April 21, 2003 (or April 21, 2004 for small plans), to new enrollees at enrollment, to any person who asks for it, on its benefit Web site (if any) and to persons then covered by plan within 60 days of material revision. A reminder indicating how to obtain the notice must be sent to covered persons at least once every three years.
Tax Relief and Health Care Act (P.L. 109-432)
On December 20, 2006, President Bush signed the Tax Relief and Health Care Act. The law extended mental health parity and the availability of Archer Medical Savings Accounts through the end of 2007. In addition, it allowed greater savings through Health Savings Accounts ("HSAs"). The law allows employees to:
| | Transfer amounts in flexible spending arrangements or health reimbursement arrangements into an HSA if the transfer is made before January 1, 2011.
|
| | Make a one-time transfer of amounts from an individual retirement account into an HSA up to the statutory limit for the year.
|
| | Contribute the maximum amount to an HSA ($2,850 single; $5,650 family for 2007) without regard to the deductible in the associated high-deductible health plan.
|
| | Enroll in an HSA if it has an overlapping FSA grace period in the same year if the FSA participant exhausts the account balance before the end of the year.
|
| | Make a full-year contribution to an HSA after enrolling in the HSA mid-year.
|
An employee may make only one transfer from each flexible spending arrangement, health reimbursement arrangement or individual retirement account. The transfer from a flexible spending arrangement or health reimbursement arrangement is limited to the lesser of the amount in the account on September 21, 2006, or the amount in the account on the date of transfer. The employee must remain eligible for the HSA for 12 months following the transfer or the transferred amount will be subject to tax.
Electronic Disclosure Rules
In 2002, the Department of Labor issued regulatory guidelines that expanded the parties who may receive notices via electronic delivery and the methods available for such delivery.
These rules apply to notice and disclosure requirements governed by the Department of Labor such as COBRA notices, summary plan description and notices regarding a suspension of benefits. In November 2006 the Internal Revenue Service issued final regulations implementing the Electronic Signatures in Global and National Commerce Act. These regulations apply to notices and participant elections made on or after January 1, 2007, which comply with Internal Revenue Code requirements (such as Internal Revenue Code §§125, 104(a)(3), 105, 127, 132, 220 and 223).
These rules apply to non-paper communications such as e-mail and e-mail attachments, postings on the company Web site, and documents provided on a CD-ROM or DVD. The Department of Labor and IRS rules are similar. Under the Department of Labor rules, all electronic deliveries must:
| | Provide notice of undelivered mail or provide an e-mail confirming receipt of transmitted information.
|
| | Protect individual account and benefit confidentiality.
|
| | Provide notice electronically or non-electronically, notifying the recipient of the document's significance.
|
| | Provide an opportunity for a free paper copy on request.
|
The IRS rules state that all electronic deliveries must meet the content and timing requirements applicable to the notice or election, must be reasonably designed to be as understandable as a paper notice, must identify the subject matter and significance of the disclosure, and must instruct the recipient on how to access the notice.
If general disclosure requirements are met, no consent is required for employees with work-related computer access if employees have access to documents at any location they could perform work duties and access to the electronic information system is an integral part of their duties. Computer kiosks made available for participant use do not satisfy Department of Labor requirements.
These rules are similar to the IRS "Alternative Method," which allows electronic disclosure to participants who are effectively able to access the electronic medium. This method requires notice that paper copies may be requested at no charge, which is part of the general Department of Labor requirements. It also requires that the disclosure is reasonably designed to be as understandable as a paper disclosure.
For elections, the electronic process must include a method to verify that the election actually is made by the participant; must give the participant a reasonable opportunity to review, confirm, modify or rescind the terms of the election before it becomes effective; and must provide electronic or written confirmation of the final election. One particularly challenging requirements in the IRS rules is that any election that must be witnessed by a notary or plan representative must be made in the physical presence of the notary or plan representative unless the IRS specifically allows a relaxed standard.
If the person does not have work-related computer access, the Department of Labor rules require the person to affirmatively consent (electronically or through hard-copy signature) and provide an electronic delivery address. Obtaining "consent" can be difficult. The following Department of Labor requirements apply to the consent:
| | For electronic disclosures (other than CD or DVD), the person's consent must demonstrate the ability to access information electronically.
|
| | Before obtaining consent, administrator must provide a statement stating the document type to which consent applies; that consent can be withdrawn any time without charge; the procedures for withdrawing consent or updating contact information for document receipt; the right to request and obtain a free paper version of electronically furnished document; and necessary electronic devices, software and hardware needed to access information.
|
| | If software or hardware changes materially risk a person's ability to access or retain electronic documents, several steps are required: Before the system change, the person must receive change notification; upon notification, the person may withdraw consent; if the person does not withdraw consent, he or she must again consent to electronic document receipt.
|
These rules are similar to the IRS "Consumer Consent Method," which allows electronic disclosures and elections if the recipient consents in advance to electronic delivery. Under these rules a person's consent must made and confirmed in a manner that demonstrates the ability to access information electronically. The recipient must be provided a notice before consent that identifies the type of communications that the consent applies to; describes the right to and procedures for withdrawing consent; describes the right to paper notice and any applicable fees; describes procedures for updating contact information; and describes the hardware and software required to access the electronic disclosure.
When using either the IRS or Department of Labor rules, certain types of disclosures may have specific requirements that are more onerous than the standard rules. Fortunately, the Department of Labor rules are becoming a standard recognized by other agencies. For example, Medicare Part D disclosures now may be made electronically if the recipient has work-related computer access.
HIPAA Security Compliance Deadline
Health plans that maintain or receive electronic Protected Health Information must maintain reasonable and appropriate safeguards to:
| | Ensure the integrity and confidentiality of health information.
|
| | Protect against threats to security and unauthorized uses and disclosures of health information.
|
| | Otherwise ensure their officers' and employees' compliance with the security standards.
|
Of specific concern is how to handle security issues related to portable electronic devices and communications on open networks. More information is available at:
www.cms.hhs.gov/SecurityStandard/
Downloads/SecurityGuidanceforRemoteUseFinal122806.pdf
For more information on penalties related to HIPAA security violations, click here.
Specific administrative, physical and technical safeguards are required by regulation. Compliance requires technical review of computer networks, workspaces and electronic media. More information is available at:
www.hhs.gov/ocr/hipaa.
Department of Labor Guidance on HSAs as ERISA Plans
In Field Assistance Bulletin (FAB) 2006-2, the Department of Labor provided welcome guidance to employers who want to fund or offer HSAs to their employees.
FAB 2006-2 clarified Department of Labor's earlier guidance in FAB 2004-1, which outlined when an HSA program will not be considered an ERISA plan. Before the 2006 guidance, an employer's funding or "sponsoring" an HSA potentially subjected the HSA to the Employee Retirement Income Security Act of 1974, which includes HIPAA, COBRA and other related health plan regulations. To avoid creating an ERISA plan, an employer offering an HSA had to comply with fairly strict rules under the "group insurance safe-harbor," which prevented employer endorsement of the HSA.
FAB 2006-2 clarified that FAB 2004-1 creates an independent and separate ERISA exemption with much more liberal rules for employer involvement. According to Department of Labor, "HSAs are personal health care savings vehicles rather than a form of group health insurance." Therefore, an employer may pay HSA fees, may unilaterally open and contribute to an HSA, may impose terms and conditions on contributions to the HSA that are necessary to satisfy Tax Code requirements, and may limit the providers that may market their HSAs to its employees and the investments offered within those HSAs.
The employer also may limit the forwarding of employer or employee contributions through its payroll system to a single HSA provider, but the employer (and provider) may not restrict the utilization of the HSA funds or the ability of employees to move funds to another HSA beyond any restrictions imposed by the Tax Code.
The employer also must avoid receiving any payment or compensation in connection with an HSA or influencing the investment decisions with respect to funds contributed to an HSA and may not represent that the HSAs are an employee welfare benefit plan established or maintained by the employer.
Even though ERISA may not apply, the bulletin did point out that IRS-prohibited transaction rules do apply to HSAs. Therefore, employers must promptly transmit salary-reduction amounts and/or employer contributions to participants' HSAs, and after selecting an HSA vendor, the employer may not receive a discount on another product from the same vendor.
"Wal-Mart" Health Care Law Pre-Empted by ERISA, 4th Circuit Holds
A Maryland law aimed at forcing Wal-Mart to boost the amount it spends for employees' health care insurance impermissibly interferes with federal employee benefit law, according to a divided panel of the U.S. Court of Appeals for the 4th Circuit. Retail Industry Leaders Assn. v. Fielder, 475 F.3d 180 (4th Cir. 2007).
Upholding an earlier decision by a U.S. District Court, the 4th Circuit held that the Maryland "Fair Share Health Care Fund Act" is pre-empted by ERISA because it would have required large employers to restructure their employee benefit plans and frustrated "ERISA's goal of permitting uniform nationwide administration" of those plans. The court's ruling invalidates the Fair Share Act unless Maryland successfully appeals the decision.
The Maryland General Assembly enacted the Fair Share Act in 2006. It requires all employers with 10,000 or more Maryland employees to annually spend at least 8 percent of Maryland payroll on "health insurance costs." If the employer spent less than this in a year, it would either have to increase its expenditures to reach the 8 percent threshold or pay that same amount to a special state trust fund established to offset the rising cost of Medicare and state health insurance programs for children.
After reviewing several U.S. Supreme Court cases on ERISA pre-emption (which prohibit a state law from containing a "connection with" or "reference to" an ERISA-covered plan), the 4th Circuit emphasized that one of ERISA's primary purposes is to create uniform, nationwide regulation of benefit plans. By enacting ERISA with a strong pre-emption provision, Congress signaled its intention to strike down state laws that interfere with an employer's ability to maintain a uniform nationwide plan. Adding its own gloss to the those rules, the 4th Circuit wrote that an impermissible connection with an ERISA plan will occur if the state law "directly regulates or effectively mandates some element of the structure or administration" of the plan. According to the court, the Fair Share Act was just such a law because it leaves employers covered by it "no reasonable choices except to change how they structure their employee benefit plans."
In a dissenting opinion, Judge M. Blane Michael disputed the majority's characterization of the Fair Share Act as a Hobson's choice. According to Judge Michael's reading of the Fair Share Act, employers would have the option of either paying an assessment to the state or spending at least 8 percent of payroll to provide ERISA-covered health plans to their employees. "This choice is real," Judge Michael wrote. "The assessment does not amount to an exorbitant fee that leaves a large employer with no choice but to alter its ERISA plan offerings."
Although the decision applies to states within the 4th Circuit (Maryland, Virginia, West Virginia, North Carolina and South Carolina), the court's analysis could be persuasive in other states that have or are considering similar benefit plan regulations.
Medicare Part D Creditable Coverage Notice
The Medicare Prescription Drug, Improvement, and Modernization Act of 2003 requires any health plan that provides coverage to Medicare-eligible individuals to attest to whether it is a "qualified retiree prescription drug plan" for purposes of establishing "creditable coverage" for Medicare Part D.
This requirement applies even if the health plan will not apply for a subsidy. In addition, the requirement applies to active plans if workers over age 65 or Medicare-eligible dependents might receive plan benefits.
Because the Medicare secondary payer rules prohibit discrimination against Medicare-eligible employees and their dependents, almost all plans will be impacted. This certification is important because a person who does not enroll when first eligible for Medicare Part D will have to pay a higher premium unless the person has "creditable coverage." To provide the required attestations, the plan must determine whether its prescription drug coverage is actuarially equivalent to Part D coverage. A plan is deemed to be "creditable" if it provides coverage for both brand and generic prescriptions, provides reasonable access to retail providers and mail order coverage, is designed to pay on average at least 60 percent of participants' prescription drug expenses and is either a non-integrated plan (where prescription coverage is separate from other benefits) that has a benefit maximum of $25,000 or more or has an actuarial expectation that payments per Medicare-eligible individual in 2006 will be $2,000 or more or an integrated plan with a deductible of $250 or less that has an annual maximum benefit of $25,000 or more and a lifetime maximum of $1 million or more.
A plan that does not meet this requirement will need to use generally accepted actuarial principles in accordance with CMS rules to show that the actuarial value of the coverage equals or exceeds the actuarial value of standard Medicare prescription drug coverage, but this determination does not need an attestation by a qualified actuary. More information from CMS is available at www.cms.hhs.gov/CreditableCoverage/
Developments in HIPAA Enforcement
Q: Although HIPAA requires health plans and health care providers to implement privacy and security policies and procedures, this is expensive, and I have heard that there is little actual enforcement of the HIPAA rules. What are the risks of noncompliance?
A: The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established national privacy and security standards for covered entities such as health care providers and health plans. Although the health industry has devoted substantial resources toward achieving compliance over the last few years, enforcement has been largely limited. This trend is changing as new developments suggest increased enforcement and liability risks.
On February 16, 2006, the Department of Health and Human Services adopted a final rule on monetary penalties under HIPAA. This consolidated enforcement rule became effective March 12, 2006, giving real "bite" to enforcement efforts and a real incentive to correct lingering noncompliance issues.
In December 2006, a North Carolina case highlighted another strong incentive for HIPAA compliance. Although a private litigant has no private right of action under HIPAA, the court found that a violation of duties owed under HIPAA constituted a negligent act. Acosta v. Byrum, 638 S.E.2d 246 (N.C.App. 2006). This means that private litigants can bring negligence actions based on a HIPAA violation even though they cannot directly recover for the HIPAA violation itself.
On January 24, 2007, the first HIPAA case to go to trial ended in a conviction of a former Cleveland Clinic employee. One of the eight counts was wrongful disclosure of individually identifiable health information.
Criminal penalties, civil penalties and private lawsuits are three compelling reasons for tightening HIPAA privacy and security compliance.
New 2½-Month FSA "Grace Period" Adopted
On May 18, 2005, in Notice 2005-42, the IRS modified its interpretation of the statutory prohibition of deferral of compensation under a cafeteria plan. The IRS notice allows reimbursement for benefits during a 2½-month grace period following the cafeteria plan year when salary reductions were made.
This applies to all cafeteria plan benefits, so it might allow payment of medical premiums in one year for coverage during the first 2½ months of the next year. It also might allow vacation purchased through a cafeteria plan "vacation buy" program to be used during the first 2½ months of the next year.
Finally, and most importantly, it allows what is being called a "relaxation of the use-it-or-lose it rule" for flexible spending accounts. Until now, if a participant did not use the entire elected amount in a flexible spending account on claims incurred before the end of the year, the participant would forfeit the remaining account balance. Now, the participant has an additional 2½ months to use the benefit, so claims incurred during the 2½ months following the end of the plan year may be reimbursed from prior-year funds.
This is an optional extension and requires a plan amendment before the end of the year in which it applies. Before adopting this change, sponsors of flexible spending account plans should consider the following issues:
| | Will the period for submitting claims also be extended?
|
| | How will the plan determine whether a claim incurred during the grace period will be applied to the prior year or the current year? Although a "first in, first out" rule might be used, this could disadvantage some participants if claims for expenses incurred during the year are submitted after claims incurred during the grace period.
|
| | How will the plan ensure that the combined "grace period" coverage and the new plan year election does not exceed the statutory limits that apply to dependent care assistance plans?
|
| | Will the "grace period" result in loss of forfeitures that the plan depends on to pay administrative costs?
|
If you would like to receive legal reports and updates more quickly, by e-mail, click here and fill out the mailing list form.
For more information about the issues covered in this report, please contact Tonie Bitseff in our San Francisco office at 415-369-7036 or at tbitseff@thelen.com or contact your Thelen attorney. For more information about Thelen's Construction and Government Contracts Department, click here.
©2007 Thelen LLP
|
|
| |
