Review & Update HR & Benefit Practices For DOL Proposed Change In FMLA Regs, Other Rules Treating Some Same-Sex Couples As Spouses

July 8, 2014

August 11, 2014 is the deadline for employers and other interested individuals to comment on the  U.S. Department of Labor’s Wage and Hour Division (DOL) June 27, 2014 Notice of Proposed Rulemaking (NPRM), which would amend the definition of spouse under the current Family and Medical Leave Act of 1993 (FMLA) regulations in light of the United States Supreme Court’s decision in United States v. Windsor, which ruled unconstitutional section 3 of the Defense of Marriage Act (DOMA).  The proposed change is one of a series of regulatory changes that the Obama Administration has proposed or adopted since the Windsor decision.

DOL intends that the NPRM will replace the current definition of “spouse” its current FMLA regulations so that eligible employees in legal same-sex marriages will be able to take FMLA leave to care for their spouse or family member, regardless of where they live.

To accomplish this, the NPRM proposes to revise the current definition of spouse in the current FMLA regulations to define spouse as follows: Spouse, as defined in the statute, means a husband or wife. For purposes of this definition, husband or wife refers to the other person with whom an individual entered into marriage as defined or recognized under State law for purposes of marriage in the State in which the marriage was entered into or, in the case of a marriage entered into outside of any State, if the marriage is valid in the place where entered into and could have been entered into in at least one State. This definition includes an individual in a same-sex or common law marriage that either (1) was entered into in a State that recognizes such marriages or, (2) if entered into outside of any State, is valid in the place where entered into and could have been entered into in at least one State.

Among other things, this change will:

  • Replace the current “state of residence” rule with a rule that determines spousal status based on where the marriage was entered into (sometimes referred to as “place of celebration”) rule for determining marital status;
  • Revise the definition of spouse expressly to reference same-sex marriages in addition to common law marriages, and to encompass same-sex marriages entered into abroad that could have been entered into in at least one State.

The expanded definition of spouse will broaden the range of couples that employers and plans may be required to treat as spouses for purposes of the FMLA.  This expansion also may result in the extension of rights with respect to parents or children of a same-sex partner for certain employment or employee benefit purposes.  While the historical determination of parental relationships under the FMLA regulations based on a functional, rather than legalistic, test means that the proposed change will likely have less significance in this regard, employers and plans still should evaluate the potential implications of the expanded definition of spouse on its responsibilities with respect to the employees, their same-sex partners and the parents and children of the same-sex partners.

Also, many employers and employee benefit plans may be concerned about proposed language in the NPRM and other regulations requiring employers to decide if a marriage not valid in the United States could have been valid if performed within the United States.  Likewise, as the number of states where same-sex partners can qualify as spouses continues to evolve as courts and legislatures act to require recognition of these relationships, many employers and plans may feel legitimate concerns about the operational demands of administering their human resources and employee benefit plans and policies with respect to individuals involved in same-sex relationships where the legal status of the relationship may evolve due to changes of law, creating responsibilities for the employer or plan with respect to relationships that it may not know exist or the status of which may change subsequent to a determination of marital status or other relevant decision.  Employers and employee benefit plans should consider adopting practices to address these challenges to minimize the risk of incurring liability as a result of an oversight resulting from evolving status.

 For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising employers, health plan and other employee benefit, insurance, financial services, health and other business clients about these and other matters.   As a part of this involvement, Ms. Stamer has extensive experience advising employers, employee benefit plans, insurers, health care providers and others about the implications of DOMA and other rules impacting the identification of spouses and other family status protections under the FMLA and other Federal and state employment, tax, health care and other laws.  She publishes and speaks extensively on these and other staffing and human resources, compensation and benefits, technology, health care, privacy, public policy, and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.


Employee & Other Whistleblower Complaints Common Source of HIPAA Privacy & Other Complaints

July 7, 2014

Employer and other health plan sponsors, administrators, insurers and their business associates should heed both the lesson about properly protecting health plan documents with protected health information and the more subtle lesson about the role of employees and other whistleblowers in bringing these violations to the attention of regulators contained in the latest Health Insurance Portability & Accountability Act (HIPAA) resolution agreement as well as act to manage their potential employment related liability to workforce members reporting these violations

HIPAA’s Privacy, Security and Breach Notification Rules generally prohibit  health plans, health care providers, health plans (Covered Entities) and their business associates from creating, using, accessing or disclosing protected health information except as allowed by HIPAA.  In addition, HIPAA requires covered entities both to meet detailed criteria for protecting electronic protected health information and also to take reasonable steps to protect all protected health information, as well as meet other business associate, breach notification, and individual rights requirements.

Parkview Resolution Agreement

Late last month, the Department of Health & Human Services Office of Civil Rights (HHS) announced that complaints of a retiring physician over the mishandling of her patient records by Parkview Health System, Inc. (Parkview) prompted the investigation that lead Parkview to agree to pay $800,000 to settle charges that it violated HIPAA’s Privacy Rule.

The resolution agreement settles charges lodged by HHS based on an OCR investigation into the retiring physician’s allegations that Parkview violated the HIPAA Privacy Rule by failing to properly safeguard the records when it returned them to the physician following her retirement.

As a covered entity under the HIPAA Privacy Rule, HIPAA requires that Parkview appropriately and reasonably safeguard all protected health information in its possession, from  acquisition to disposition.

In an investigation prompted by the physician’s complaint, OCR found that Parkview breached this responsibility in its handling of certain physician patient records in helping the physician to transition to retirement.

According to OCR, in September 2008, Parkview took custody of medical records of approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice.

Subsequently on June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue. OCR concluded this conduct violated the Privacy Rule.

To settle OCR’s charges that these actions violated HIPAA, OCR has agreed to pay the $800,000 resolution amount and to adopt and implement a corrective action plan requiring Parkview to revise their policies and procedures, train staff, and provide an implementation report to OCR.

HIPAA Violations Carry Significant Liability

As demonstrated by the Parkview resolution agreement, violation of HIPAA  can carry significant civil and potentially even criminal liability.  The criminal provisions of HIPAA as well as the express terms of the Privacy Rules require that covered entities and their business associates adopt and administer specific compliance programs and practices to provide to compliance with HIPAA and HIPAA’s breach notification rules and the Privacy Regulations may require self-reporting of violations when and if violations occur.  Since HIPAA includes potential criminal liability, violations of its provisions can trigger organizational liability for covered entities and their business associates.  Consequently, HIPAA compliance also generally should be part of the Federal Sentencing Guideline Compliance Program of every covered entity and business associate.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates.  In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.  Furthermore, enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

A series of supplemental guidance issued by the Department of Health & Human Services Office of Civil Rights (OCR) in recent weeks is giving health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates even more to do in reviewing and updating their policies, practices and training for handing protected health information (PHI) beyond bringing their policies and practices into line with OCR’s restatement and update to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act since the Omnibus Final Rule took effect on March 26, 2013 and to have updated business associate agreements in place since September 23, 2013.  Meanwhile, the Omnibus Final Rule generally has required business associates have updated business associate agreements in place and otherwise to have come into compliance with all of the applicable requirements of the Omnibus Final Rule since September 23, 2013.  Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in  the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

Watch & Manage Whistleblower Liability From HIPAA Violations & Compliance

Beyond illustrating the potential HIPAA-associated penalties that can result from failing to comply with HIPAA, the Parkview resolution agreement also illustrates the risks that current or former workforce members and others acting as whistleblowers play in helping OCR to identify HIPAA violations.  HIPAA and most other laws prohibited covered entities from forbidding or retaliating against a person for objecting to or reporting the concern and offer whistleblowers potential participation in the reporting and prosecution of violations.  Beyond these specific federal HIPAA protections, state courts often recognize firing or otherwise retaliating against workforce members or others for exercising rights protected by HIPAA or other federal anti-retaliation statutes as a basis for a state whistleblower or other retaliatory discharge claim.  See, e.g. Faulkner v. Department of State Health Servs., 2009 U.S. Dist. LEXIS 22419 (N.D. Tex. Mar. 19, 2009).  See also Court Recognizes Retaliation For Filing HIPAA Privacy Complaint As Basis For Texas Whistleblower Claim.    With retaliation and other whistleblower complaints becoming increasingly common and judgments from these claims rising, covered entities and their business associates need to include appropriate employment liability risk management processes and procedures in their HIPAA compliance processes and coordinate carefully with their human resources team and qualified employment counsel to manage the employment liability related risks associated with investigations and discipline activities under HIPAA.  Concurrently, Privacy Officers also should ensure that their organization’s human resources team understands the HIPAA rules and spot and properly refers to the privacy officer for investigation statements or other activities that may indicate that a HIPAA compliance or retaliation concern needs investigation or redress to avoid missing potential exposures hidden in the human resources processes that could reflect a practice of tolerance or retaliation unacceptable to OCR.

 For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.


Consider Fiduciary & Other Risk Management When Planning For ACA Transitional Reinsurance Costs, Other Plan Design Changes

July 7, 2014

Employer and other plan sponsors should start working now with their insurers, administrators and advisors to understand the implications of and their options for addressing the “Transitional Reinsurance Program” and other new Patient Protection & Affordable Care Act (ACA)-associated cost and plan design changes  so that they are prepared to finalize and implement their health plan design, contracts and arrangements in time to meet the accelerated deadlines for notifying participants of plan changes and otherwise implement their plan changes for the upcoming plan year.

The impending imposition of  Transitional Reinsurance Program assessments are only one of a myriad of new and pre-existing federal health plan rules and associated market changes impacting the design of employer and union-sponsored health plans.  Since ACA now also requires 60 days advance written notice of material health plan changes, .  When making these decisions, employer and other health plan sponsors and their advisors, administrators and insurers  should not only focus on the technically new mandates but also the allocation of fiduciary and other responsibilities, liabilities and other plan and services agreements terms.  Plan sponsors and their fiduciaries historically have underappreciated the significance of these allocations or presumed that their vendor contracts allocate responsibility to the service providers and vendors to match the sales pitch.  Always rarely the case, the changes in the marketplace and the law make it even more likely that sponsoring employers and their leaders of even plans that carefully reviewed and negotiated these responsibilities in their past contracts need to carefully look at these plan and contractual terms carefully.

The Transitional Reinsurance Program is one of a series of new ACA-imposed assessments that can impact the plan design and costs.    Proper understanding of these rules is critical for plan sponsors and their fiduciaries to ensure that they don’t unintentionally assume significantly greater liability for their self-insured health plans in an attempt to design around a relatively small by comparison ACA assessment.

Section 1341 of the Patient Protection & Affordable Care Act (ACA) requires the establishment of the reinsurance program to provide for stabilization of funding for exchanges.  Funding for the costs of the program is accomplished through amounts assessed upon insurers and self-insured plan third party administrators.  ACA § 1341 accomplishes this by providing for:

  • The establishment for each State of a transitional reinsurance program stabilize premiums for coverage in the individual market from 2014 through 2016;
  • Requiring all health insurance issuers and third party administrators on behalf of self-insured group health plans, to pay contributions to support reinsurance payments that cover high-cost individuals in non-grandfathered plans in the individual market.

Registration is now open for a series of webinars that the Department of Health & Human Services will host on “The Transitional Reinsurance Program: Contributing Entities and Counting Methods” on July 14, July 18 and July 23, 2014 from 2:00 p.m. – 3:30 p.m. EST.  The upcoming HHS webinars will cover the same information.  They will focus on reinsurance contributions including who is a contributing entity and how a contributing entity can calculate its annual enrollment count to determine reinsurance contribution amounts. The intended audience for this webinar is health insurance issuers, self-insured group health plans, third party administrators (TPAs) and administrative services-only (ASO) contractors.  To register for the HHS webinar and to obtain additional information see here.

Understanding how the Transitional Reinsurance Program assessments will be calculated is one of many critical steps in making plan design changes.  When considering whether to take advantage of options for minimizing these assessments, however, employer, union and other plan sponsors need to consider whether the liability and other consequences of meeting requirements for avoidance of the assessments is warranted by the anticipated savings.  With superficially it might seem desirable to avoid the payment of a few dollars per covered lives associated with the assessment, employers and other sponsoring organizations and the officers or other leadership employees involved in plan design or administration should critically review the effect of meeting these requirements specifically, as well as their proposed vendor contracts and associated plan documents and communications on their personal and organizations’ fiduciary and other liabilities.  To the extent that existing or expanded fiduciary liability cannot be avoided, it will be critical that the sponsor and its leadership ensure that proper steps are taken to select, credential, bond, and appoint the persons who will be or help carry out fiduciary or other plan-related responsibilities.  Additionally, most plan sponsors will want to consider exploring the availability of fiduciary liability insurance coverage to help mitigate the potential liability risks associated with plan sponsorship.

For Advice, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The author of the “Managed Care Contracting Guide” and a multitude of other highly-regarded publications on health plan and other fiduciary liability risk management, Ms. Stamer has advised plan sponsors, administrators, insurers and others about these and other health plan liabilities and their risk management throughout her more than 25 year career. You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


HHS Claims Average $69/Month Cost for Subsidized Coverage Shows ACA Success Challenged

June 18, 2014

The Department of Health & Human Services (HHS) is touting a new report available here released today that it says people who qualified for tax credits to buy health insurance coverage through the health insurance exchange who selected silver plans, the most popular plan type in the federal Marketplace, paid an average premium of $69 per month. In the federal Marketplace, 69 percent of enrollees who selected Marketplace plans with tax credits had premiums of $100 a month or less, and 46 percent of $50 a month or less after tax credits.   The balance of the cost of the coverage is covered via subsidies.  Other sources, however, say the data in the report raises concerns about the overall cost of the health care reform law and its impact on the total cost of coverage.

HHS says the report also looks at competition and choice nationwide among health insurance plans in 2013-2014.  HHS claims that the report shows most individuals shopping in the Marketplace had a wide range of health plans from which to choose. On average, consumers could choose from five health insurers and 47 Marketplace plans. An increase of one issuer in a rating area is associated with 4 percent decline in the second-lowest cost silver plan premium, on average.

While the HHS report by focusing on what subsidized individuals pay out of pocket spins the data to give the impression that the health care reform law is bringing down health care costs as promised, other sources say the data in the Report raises serious concerns about the overall cost of the health care reform law and the total cost of coverage.  While acknowledging that “the generous subsidies” helped consumers receiving subsidies, the Los Angeles Times reports these subsidies coupled with the massive enrollment by individuals qualifying for subsidies raise budgetary concerns.  According to the Los Angeles Times article, the reports shows the federal government is on track to spend at least $11 billion on subsidies for consumers who bought health plans on marketplaces run by the federal government, even accounting for the fact that many consumers signed up for coverage in late March and will only receive subsidies for part of the year.  However, this total does not count the additional cost of providing coverage to the 1/3 of the 8 million new people who signed up for coverage who bought coverage in states that ran their own marketplaces, including California, Connecticut, Maryland and New York.   While Federal officials said subsidy data for these consumers were not available, the Los Angeles Times estimated that if these state consumers received roughly comparable government assistance for their insurance premiums, the total cost of subsidies could top $16.5 billion this year, resulting in budgetary costs “far higher”  than the $10 million budgetary cost that the Congressional Budget Office projected subsidies would cost U.S. taxpayers in 2014. See  Obamacare subsidies push cost of health law above projections.

 For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update distributions here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.


HIPAA Compliance & Breach Data Shares Helpful Lessons For Health Plans, Providers and Business Associates

June 11, 2014

Health care providers, health plans and insurers, health care clearinghouses (collectively “Covered Entities”), their business associates, and others concerned about medical privacy regulations or protections should check out two new reports to Congress about breach notifications reported and other compliance data under the Health Insurance Portability & Accountability Act (HIPAA) by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR).   Reviewing this data can help Covered Entities and their business associates identify potential areas of exposures and enforcement that can be helpful to minimize their HIPAA liability as well as to expect OCR enforcement and audit inquiries.  Smart covered entities and business associates will include review of these and other reports about compliance and enforcement by OCR and assessment of their processes against this information as a part of their HIPAA compliance and risk management practices.

Required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the two new reports discuss various details about HIPAA compliance for calendar years 2011 and 2012.  They include the following:

  • Report to Congress on Breach Notifications, discussing the breach notification requirements and reports OCR received as a result of these breach notification requirements; and
  • Report to Congress on Compliance with the HIPAA Privacy and Security Rules, summarizing complaints received by OCR of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164 .
  • Covered entities and their business associates should review the finding reported as part of their compliance practices. Others concerned about medical or other privacy or data security regulations or events also may find the information in the reports of interest.

Under HIPAA, covered entities generally are prohibited from using, accessing or disclosing protected health information about individuals except as specifically allowed by HIPAA,  In addition, HIPAA also requires Covered Entities to establish safeguards to protect protected health information against improper access, use or destruction, to afford certain rights to individuals who are the subjects of protected information, to obtain certain written assurances from service providers who are business associates before allowing those service providers to use, access or disclose protected health information when carrying out covered functions for the Covered Entity, and meet other requirements.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates.  In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes.

Enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the HITECH Act since March 26, 2013 and to have updated business associate agreements in place since September 23, 2013.  Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in  the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

 For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update distributions here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.


Review & Update Health Plan Notices, Language & Process For New Guidance On COBRA, Other Key Health Plan Rules

June 2, 2014

Add reviewing and updating your plan language, notices and processes for administering the coverage continuation requirements to the ever-growing list of items that employers and other group health plan sponsors, insurers, administrators and fiduciaries need to handle this year.

The most recently emerging guidance published by federal regulators to implement the Patient Protection & Affordability Act (ACA) and other health care reforms is a package of new guidance on COBRA and its interface with COBRA published in early May.  This guidance includes a new HHS Bulletin Allowing COBRA Qualified Beneficiaries to Enroll in the Health Insurance Marketplace,  as well as a series of updated model COBRA and CHIP Notices and related documents.

The HHS Bulletin on COBRA allows individuals who previously elected COBRA rather than enrolling in coverage through one of the new health insurance exchanges created under ACA a special extended enrollment opportunity to enroll in coverage under these exchanges.  Many employers and health plans may want to communicate this new option to help minimize their COBRA exposures.

Beyond  the extended exchange enrollment period for COBRA enrolled or eligible persons, the new guidance also may merit updates and changes to group health plan’s existing COBRA plan language, notices and election forms and procedures.  Labor Department guidance several years ago significantly expanded the number of notifications required under COBRA as well as the required content.  In connection with that guidance, the Labor Department published various model notices and other materials.  As part of new guidance published in May, 2014, the Labor Department has revised and published updated versions of many of these model documents.  The updated materials include:

In addition to the updated COBRA guidance, employers, health plans and their insurers, administrators and fiduciaries also will want to review and update their plan language, processes, budgets, notices and other materials in response to updated guidance in Affordable Care Act Implementation FAQs Part XIX on Department of Labor model notices, limitations on cost-sharing, coverage of preventive services, health flexible spending account (FSA) carryover and excepted benefits, and the Summary of Benefits and Coverage requirements of PHS Act §2715.  Employers and others involved in the design or administration of group health plans  also will want to review this new guidance as part of their continuing health plan compliance, cost forecasting and planning efforts.

Catch Up On Latest, Get Practical Health Plan Insights At June 17  Texas CEO Briefing

Texas CEO Magazine invites Solutions Law Press Readers to catch up on new developments and strategies to help employers prepare for and cope with the ever-evolving stream of health plan developments enacted under the Patient Protection & Affordable Care Act by participating in a practical briefing on:

Tuesday, June 17

7:30 – 9:00 a.m.

Park City Club

5956 Sherry Lane, Dallas

Register: https://texasceomagazine.com/events

Two of Texas CEO’s  “Top 10 Most Read” articles in 2013 were authored by Dallas attorney and benefit specialist Cynthia Stamer who will anchor a panel of benefit experts that will explore new developments and their practical implications on:

  • Benefit Plan Design
  • Workforce Classification
  • Data Collection
  • Cost Projections
  • Private Exchanges
  • New Reporting Requirements (IRC 6055 & 6056)
  • Noncompliance Penalties
  • Avoiding the Tax
  • The New Care Delivery Dynamic

Featured Speakers include Cynthia Stamer, Managing Partner, Solutions Lawyer Publisher and Author, Eric Bassett, Senior Partner & Central Market Leader, Mercer Health & Benefits Consulting, Scott Gibbs, Senior Vice President, McGriff, Seibels & Williams, Inc., and Becky Parker, Health Reform Director, MHBT Inc.

Cynthia is a Dallas-based attorney who has spent more than 25 years helping private and public employers and health and employee benefit planners develop, implement, administer and defend creative, legally compliant and operationally effective health plans and policies.

Cynthia’s Texas CEO Magazine article, “Benefit Plan Triage: 12 STEPS EVERY EMPLOYER WITH A HEALTH PLAN SHOULD DO NOW,” was one of the Top 10 most-read articles of 2012. And in 2013, “Getting Ready for ACA Reform: 13 Steps to Take Now,” and “Affordable Care Act Update,” were both Top 10 most read articles.

Cynthia, among other things,  is:

  • Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group
  • Immediate Past Chair of the ABA’s RPTE Employee Benefit & Compensation Committee
  • Marketing Committee Chair of the ABA Joint Committee on Employee Benefits
  • Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee
  • Current Vice-Chair of the Gulf States TEGE Council – Exempt Organizations Group

Eric works with clients in all areas of health care and group benefits with particular emphasis on health care strategies, delivery system capabilities, defined contribution, and consumerism. Eric began his 28-year health care career working for health care vendors. He has led cross-functional teams involved in the development of rural managed care strategies, integration of legacy networks and systems, physician profiling and implementation of open access networks and systems. Eric’s consulting experience includes:

  • Developing and managing health improvement, disease and demand management programs.
  • Chronic PCMH program design and development.
  • Working with management and labor during collective bargaining.
  • Integrating and consolidating benefit plans for mergers and acquisitions.
  • Working closely with corporate committees to facilitate decision-making.
  • Active and retiree exchange strategy and design.

Scott Gibbs works with large employers on long term strategies to make corporate benefit plans consistent with the company’s goals and budgets, working with both fully-insured and self-funded plans.

Scott is a member of:

  • Society for Human Resource Management (SHRM)
  • Texas Public Risk Management Association
  • International Foundation of Employee Benefit Plans
  • State and Local Government Benefit Association
  • Scott has an undergraduate degree from Baylor University and a Master’s in Health Care Administration from Trinity University.

Becky directs all corporate strategy and communication on the Affordable Care Act for MHBT and its clients. She has worked as an employee benefits advisor since 1992 and was one of the first employee benefits professionals to have earned a Certification in Health Care Reform Studies from The American College.

Becky is an active member of the Austin Association of Health Underwriters where she was president in 2003 and also served on the Texas Association of Health Underwriters board as their liaison to the Texas Department of Insurance and was honored nationally for her work.

Becky is an advocate for employee benefits in the legislative arena regularly testifying at the Texas State Capitol and engaging our federal elected officials on insurance related matters. Becky has even advised Texas Congressmen on the employer aspects of the Affordable Care Act.

Becky holds a Bachelor of Arts degree from The University of Texas at Austin.

For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

For the past two years, Ms. Stamer has served as the  scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR.   Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


6/17 Workshop Helps Businesses Get Ready for Latest Affordable Care Act Rollout

May 31, 2014

Texas CEO Magazine invites Solutions Law Press Readers to catch up on new developments and strategies to help employers prepare for and cope with the ever-evolving stream of health plan developments enacted under the Patient Protection & Affordable Care Act by participating in a practical workshop

Tuesday, June 17

7:30 – 9:00 a.m.

Park City Club

5956 Sherry Lane, Dallas

Register: https://texasceomagazine.com/events

The Affordable Care Act continues to hit the business world with successive waves of reform. To make sure your company is ready, we’ve assembled a panel of experts to update you about the current and impending legal terrain and share their benefit plan design and compliance tips to help your business cope with these changes.

Two of Texas CEO’s  “Top 10 Most Read” articles in 2013 were authored by Dallas attorney and benefit specialist Cynthia Stamer who will anchor our panel of benefit experts as we take you through:

  • Benefit Plan Design
  • Workforce Classification
  • Data Collection
  • Cost Projections
  • Private Exchanges
  • New Reporting Requirements (IRC 6055 & 6056)
  • Noncompliance Penalties
  • Avoiding the Tax
  • The New Care Delivery Dynamic

Featured Speakers Include:

Cynthia Stamer, Managing Partner, Solutions Lawyer

Cynthia is a Dallas-based attorney who has spent more than 25 years helping private and public employers and health and employee benefit planners develop, implement, administer and defend creative, legally compliant and operationally effective health plans and policies.

Cynthia’s Texas CEO Magazine article, “Benefit Plan Triage: 12 STEPS EVERY EMPLOYER WITH A HEALTH PLAN SHOULD DO NOW,” was one of the Top 10 most-read articles of 2012. And in 2013, “Getting Ready for ACA Reform: 13 Steps to Take Now,” and “Affordable Care Act Update,” were both Top 10 most read articles.

Ms. Stamer is:

  • Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group
  • Immediate Past Chair of the ABA’s RPTE Employee Benefit & Compensation Committee
  • Marketing Committee Chair of the ABA Joint Committee on Employee Benefits
  • Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee
  • Current Vice-Chair of the Gulf States TEGE Council – Exempt Organizations Group

Eric Bassett, Senior Partner & Central Market Leader, Mercer Health & Benefits Consulting

Eric works with clients in all areas of health care and group benefits with particular emphasis on health care strategies, delivery system capabilities, defined contribution, and consumerism. Eric began his 28-year health care career working for health care vendors. He has led cross-functional teams involved in the development of rural managed care strategies, integration of legacy networks and systems, physician profiling and implementation of open access networks and systems. Eric’s consulting experience includes:

  • Developing and managing health improvement, disease and demand management programs.
  • Chronic PCMH program design and development.
  • Working with management and labor during collective bargaining.
  • Integrating and consolidating benefit plans for mergers and acquisitions.
  • Working closely with corporate committees to facilitate decision-making.
  • Active and retiree exchange strategy and design.

Scott Gibbs, Senior Vice President, McGriff, Seibels & Williams, Inc.

Scott Gibbs works with large employers on long term strategies to make corporate benefit plans consistent with the company’s goals and budgets, working with both fully-insured and self-funded plans.

Scott is a member of:

  • Society for Human Resource Management (SHRM)
  • Texas Public Risk Management Association
  • International Foundation of Employee Benefit Plans
  • State and Local Government Benefit Association
  • Scott has an undergraduate degree from Baylor University and a Master’s in Health Care Administration from Trinity University.

Becky Parker, Health Reform Director, MHBT Inc.

Becky directs all corporate strategy and communication pertaining to the Affordable Care Act for MHBT and its clients. She has worked as an employee benefits advisor since 1992 and was one of the first employee benefits professionals to have earned a Certification in Health Care Reform Studies from The American College.

Becky is an active member of the Austin Association of Health Underwriters where she was president in 2003 and also served on the Texas Association of Health Underwriters board as their liaison to the Texas Department of Insurance and was honored nationally for her work.

Becky is an advocate for employee benefits in the legislative arena regularly testifying at the Texas State Capitol and engaging our federal elected officials on insurance related matters. Becky has even advised Texas Congressmen on the employer aspects of the Affordable Care Act.

Becky holds a Bachelor of Arts degree from The University of Texas at Austin.

For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

For the past two years, Ms. Stamer has served as the  scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR.   Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


Post-Windsor Same-Sex Participant Guidance May Require Mid-Year Plan Amendments

May 15, 2014

Employers and fiduciaries of 401(k) plans should take note of the potential need to adopt a mid-year amendment to their plans to comply with new guidance of the Internal Revenue Service (IRS) on the need to timely amend their plans to comply with IRS recent guidance on when their plans must afford same-sex partners treatment equivalent to opposite-sex married couples issued in response to the Supreme Court’s decision striking down the Defense of Marriage Act (DOMA) in United States v. Windsor, 570 U.S. ___, 133 S.Ct. 2675 2013).  At the same time, they also should review other recent guidance to determine if changes are required or otherwise desirable to their cafeteria, health and other welfare, and other employee benefit plans, family leave, and other human resources and employee benefit policies.

The IRS previously announced that a mid-year amendment to 401(k) plans to recognize same-sex partners as married couples for certain plan purposes might be required in Notice 2014-19.  This announcement has presented some confusion for some sponsors of safe harbor 401(k) plans as Treasury Regulation § 1.401(k)-3(e)(1)  generally requires that a Section 401(k) safe harbor plan be adopted before the beginning of the plan year and maintained throughout a full 12-month plan year, however, except as otherwise provided in § 1.401(k)-3(g) (on the reduction or suspension of safe harbor contributions) or in guidance of general applicability published in the Internal Revenue Bulletin.  To resolve these questions, the IRS announced today (May 15, 2014) released an advance copy of Notice 2014-37, which is scheduled for official publication in Internal Revenue Bulletin 2014-23 on June 2, 2014.  Notice 2014-37 will provide that the adoption of a mid-year amendment to a 401(k) safe harbor plan that will take effect during the plan year  (“mid-year amendment”) will not disqualify the plan.

In light of this guidance, 401(k) sponsors, including those sponsoring 401(k) safe harbor plans, should ensure that their plans are timely amended to comply with the post-Windsor rules.

In addition to amending their 401(k) plans, employers also should review other emerging post-Windsor guidance impacting other employment and employee benefit practices and update their policies and practices as needed to comply with emerging guidance.  For instance, the IRS also recently has published guidance s rules about health savings accounts (HSAs) after the Windsor decision.

Before the Windsor decision declared DOMA unconstitutional, Internal Revenue Service (IRS) guidance prohibited cafeteria plans, including HSAs and FSAs from treating same-sex partners as married based on DOMA’s restriction of the definition for federal tax and other federal law purposes to only a legal union between one man and one woman and the definition of “spouse” only to a person of the opposite sex who is a husband or wife.  As a result, IRS pre-Winsor guidance prohibited HSAs, FSAs and other cafeteria plans from allowing employees to choose coverage of same-sex spouses on a pre-tax basis under a cafeteria plan unless the spouse otherwise qualified as a tax dependent of the employee.

In Windsor, the Supreme Court struck down DOMA’s prohibition of the recognition of same-sex couples as married or spouses as an unconstitutional violation of the Fifth Amendment to the United States Constitution.

In response to the Windsor ruling of DOMA unconstitutional, the IRS initially updated its guidance to reflect the Windsor ruling in Rev. Rul. 2013-17, which held:

  • For Federal tax purposes, the terms “spouse,” “husband and wife,” “husband,” and “wife” include an individual married to a person of the same sex if the individuals are lawfully married under state law, and the term “marriage” includes such a marriage between individuals of the same sex;
  • For Federal tax purposes, the IRS adopts a general rule recognizing a marriage of same-sex individuals that was validly entered into in a state whose laws authorize the marriage of two  individuals of the same sex even if the married couple is domiciled in a state that does not recognize the validity of same-sex marriages;
  • For Federal tax purposes, the terms “spouse,” “husband and wife,” “husband,” and “wife” do not include individuals (whether of  the opposite sex or the same sex) who have entered into a registered  domestic partnership, civil union, or other similar formal relationship      recognized under state law that is not denominated as a marriage under the      laws of that state, and the term “marriage” does not include such formal relationships;
  • Rev. Rul. 2013-17 also stated that taxpayers could rely on this holding retroactively for purposes of filing original returns,   amended returns, adjusted returns, or claims for credit or refund  employment tax and income tax with respectto employer-provided health coverage benefits or fringe benefits that  the employer provided and are excludable from income under sections 106, 117(d), 119, 129, or 132 based on an individual’s marital status; and
  • For purposes of the preceding sentence, if an employee made a pre-tax salary-reduction election for health coverage under a section 125 cafeteria plan sponsored by an employer and also elected to provide health coverage for a same-sex spouse on an after-tax  basis under a group health plan sponsored by that employer, an affected  taxpayer may treat the amounts that were paid by the employee for the coverage of the same-sex spouse on an after-tax basis as pre-tax salary  reduction amounts.

Subsequently, the IRS also published special administrative procedures for employers to use to make adjustments or claims for refund or credit of employment taxes paid with respect to the value of same-sex spousal benefits that are excludable from the income and wages of an employee under the Windsor decision, as interpreted by Rev. Rul. 2013-17.

Most recently regarding cafeteria plans, Notice 2014-01 discusses when plan sponsors may need to amend their cafeteria plan documents to allow mid-year election changes by same-sex spouses.  It states that a cafeteria plan that does not contain written terms that allow changes of election upon change in legal marital status generally would need to be amended before a same-sex couple could be allowed to make an election change.  However, where the cafeteria plan already contains written terms permitting a change in election upon a change in legal marital status, Notice 2014-01 states a plan amendment generally is not required to allow an employee who acquires a same-sex spouse to make a mid-year election change in response to the acquisition of a same-sex spouse.

Beyond this plan amendment guidance, Notice 2014-01 also further clarifies the IRS’ previous post-Windsor guidance by  answering various questions about the treatment of same-sex couples following Windsor for purposes of  administering FSA-reimbursements, HSA limits and mid-year election changes.

For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

For the past two years, Ms. Stamer has served as the  scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR.   Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here.

©2013 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements

April 27, 2014

Encrypt your laptops and other mobile devices” is only one of the key lessons leaders of health plans, health care providers, health care clearinghouses (“Covered Entities”) and their business associates should take away from  the Department of Health and Human Services Office for Civil Rights (OCR)’s April 22 announcement that Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas (QCA) collectively are paying $1,975,220 under separate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule resolution agreements resulting from thefts of unencrypted laptops. Along with the importance of encryption, however, these Resolution Agreements also contain equally significant, more broadly applicable lessons to Covered Entities, business associates and their leaders about some of the specific processes, actions and documentation that OCR them to implement and be prepared to defend the adequacy of their HIPAA “culture of compliance” if they file a breach report or otherwise face a HIPAA audit or investigation from OCR.

Consequently, while confirming the adequacy of their organization’s existing encryption of laptops and mobile devices, Covered Entities and their leaders should also consider using these and other Resolution Agreements as a road map for reviewing and tightening their management oversight and other HIPAA compliance documentation and practices generally.

Concentra Resolution Agreement

Under the Concentra Resolution Agreement, Concentra agrees to pay OCR a monetary settlement of $1,725,220 and adopt a corrective action plan to settle potential violations of the HIPAA Privacy and Security Rules and evidence their remediation of OCR’s findings.

OCR opened a compliance review of Concentra after receiving a breach report that an unencrypted laptop was stolen from its the Springfield Missouri Physical Therapy Center on November 30, 2011.  OCR’s investigation concluded that Concentra previously had recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk.  While steps were taken to begin encryption, Concentra’s efforts were incomplete and inconsistent over time leaving patient PHI vulnerable throughout the organization. OCR’s investigation further found Concentra had insufficient security management processes in place to safeguard patient information.

In particular, the Resolution Agreement states that HHS’ investigation found that the following conduct occurred (Covered Conduct):

Concentra failed to adequately remediate and manage its identified lack of encryption or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent alternative measure to encryption, if reasonable and appropriate, from October 27, 2008, until June 22, 2012 (date on which a complete inventory assessment was completed and Concentra immediately took action to begin encrypting all unencrypted devices) (see 45 C.F.R. § 164.312(a)(2)(iv))

Concentra did not sufficiently implement policies and procedures to prevent, detect, contain, and correct security violations under the security management process standard when it failed to adequately execute risk management measures to reduce its identified lack of encryption to a reasonable and appropriate level from October 27, 2008, (date of Concentra’s last project report indicating that 434 out of 597 laptops were encrypted) until June 22, 2012 (date on which a complete inventory assessment was completed and Concentra immediately took action to begin encrypting all unencrypted devices) (see 45 C.F.R. § 164.308(a)(1)(i)). 3.

In the Resolution Agreement, Concentra has agreed to pay OCR $1,725,220 to settle potential violations and will adopt a corrective action plan to evidence their remediation of these findings.

QCA Resolution Agreement

QCA’s much smaller $250,000 monetary penalty under the QCA Resolution Agreement also resulted from a breach notification of the theft of an unencrypted laptop and also requires corrective actions in addition to a monetary settlement. OCR opened its investigation after QCA reported in February 2012 that an unencrypted laptop computer containing the ePHI of 148 individuals was stolen from a workforce member’s car.  OCR’s investigation revealed that while QCA encrypted their devices following discovery of the breach, QCA failed to comply with multiple requirements of the HIPAA Privacy and Security Rules, beginning from the compliance date of the Security Rule in April 2005 and ending in June 2012.

To resolve OCR’s charges it violated HIPAA, QCA agreed to a $250,000 monetary settlement and is required to provide HHS with an updated risk analysis and corresponding risk management plan that includes specific security measures substantially similar to those imposed on the Concentra Resolution Agreement to reduce the risks to and vulnerabilities of its ePHI.  QCA is also required to retrain its workforce and document its ongoing compliance efforts.

Corrective Action Plan Lessons For Other Covered Entities & Business Associates

Unquestionably, laptop and other mobile device encryption is a key take away of the two separate resolution agreements against Concentra and QCA.  OCR Deputy Director of Health Information Privacy Susan McAndrew made this point clear in the announcement of the Concentra and QCA Resolution Agreements, stating “Covered entities and business associates must understand that mobile device security is their obligation,” and “Our message to these organizations is simple: encryption is your best defense against these incidents.”

As important as this encryption warning is, however, leaders of Covered Entities and business associates must not overlook the more subtle but equally important messages in these Resolution Agreements share about the management oversight and other specific actions, documentation and other evidence that OCR may expect their organizations and its leadership to produce if OCR investigates or audits its HIPAA compliance.

OCR officials have stated that Covered Entities and their business associates should use the corrective action plans in resolution agreements to help guide their own compliance efforts.  While the message to encrypt mobile device is important, it is not the only lesson that leaders should learn.  The Concentra and QCA Resolution Agreements, as well as their predecessors also contain detailed information about various other processes and procedures that OCR views as necessary or helpful to the compliance efforts of Covered Entities and their business associates. Privacy officers and other leaders of Covered Entities and business associates should avoid the mistake of allowing the Resolution Agreement’s clear messaging about mobile device encryption to lure them or their organization into overlooking broader and more generalized messages the corrective action plans included in the Concentra, QCA and other Resolution Agreements share about the compliance processes and analysis, management review and oversight, training and other compliance practices and documentation that OCR may expect their organizations to create and produce.

The requirement of officer attestation that his organization completed the detailed corrective actions required by OCR and that the reports submitted to OCR are accuratein the Concentra and QCA Resolution Agreements Corrective Action Plans, for instance, reflects OCR’s expectation that senior management take ownership of ensuring the adequacy of their organization’s HIPAA compliance. In this respect, leaders of Covered Entities and business associates particularly should note that both the Concentra and QCA Resolution Agreements, as well as the Skagit County Resolution Agreement announced in March, 2014 require specific attestations from an “officer” of the entity that the officer reviewed the reports, made reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful. These attestation requirements, like those required by OCR in the Skagit County Resolution Agreement OCR announced in March send a clear message that OCR views leaders as responsible for taking appropriate steps to require and confirm adequate HIPAA compliance in the same manner as typically applies to other Federal Sentencing Guideline compliance efforts. See HIPAA Covered Entities Should Review & Correct HIPAA Policies In Response To New County Hospital Resolution Agreement, Other Developments. These attestation requirements send a strong message that OCR expects the leadership of Covered Entities, business associates to take ownership of and keep tabs on their organization’s HIPAA compliance. In light of this, leadership of all Covered Entities and their business associates should evaluate the adequacy of their current HIPAA management oversight and documentation in proving the “culture of compliance” expected by HIPAA.

Viewed from this perspective, the corrective action steps and reporting requirements imposed by the Concentra, QCA and other Resolution Agreements are valuable road maps to both privacy officers and other management of Covered Entities and business associates about the processes, steps and documentation that management should consider requiring as part of its direction and oversight of their organizations’ Privacy, Security and Breach Notification compliance.

In this respect, management should note that both Resolution Agreements require that Concentra and QCA conduct, document, and report to OCR on a series of specific steps toward compliance.  In both cases, for instance, OCR requires Concentra and QCA among other things, to conduct a ‘thorough risk assessment’ of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all ePHI, then develop and implement a ‘detailed risk management plan’ that addresses the identified compliance concerns, the plan and timeline for their redress and steps for monitoring and verifying those actions are taken.

From the Resolution Agreements’ discussion, leaders should expect that the documentation and evidence that OCR may require their organizations to produce will include:

  • A detailed risk management plan that documents and explains its strategy for implementing security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level based on the organization’s circumstances;
  • With the risk management plan, include material evidence of all implemented and all planned remediation actions associated with the risk management plan along with specific timelines for their expected completion and identify the compensating controls that will be in place in the interim to safeguard Concentra ePHI;
  • Requires for any changes to its information technology (IT) infrastructure, software or other components, an updated risk analysis in association with any changes or updates to its organizational IT infrastructure (security environment) that affect the risks and vulnerabilities to ePHI received or maintained by Concentra containing all of these elements;
  • Require that their team track and document the encryption status of mobile and other devices and PHI that both shows that the organization both requires and tracks compliance with requirements to encrypt devices containing ePHI and that the organization requires specific review and documentation that ePHI will not be used on computer or other devices that are unencrypted.
  • Not only that required workforce training is completed but also whether existing and future documentation requires and retains the documentation that would enable the organization to demonstrate to OCR that the leadership of the organization requires monitoring and documentation that all workforce members have completed the required training, the training materials used for the training, the topics covered, the length of the session(s), when training session(s) were held, and the attestations or other documentation from individual workforce members that the organization requires to verify participation, understanding and affirmation of the individual of the need to comply with HIPAA.

Accordingly, management of Covered Entities and business associates should consider verifying that these organizations have, or take the steps necessary, to be able to provide this documentation and other evidence.

The reporting requirements that OCR imposes under the Resolution Agreements also may be helpful to leaders of Covered Entities or their business associates about the importance of requiring periodic detailed and documented reporting from the Privacy Officer on their organization’s compliance with HIPAA, and some of the types of information that they should expect to receive in these reports.  In this regard, leaders may wish to take note that the Resolution Agreements in Concentra, QCA, and Skagit each required that their organizations prepare and provide reports, accompanied by the required officer attestations containing among other things:

  • A summary of the organization’s security management process and the security measures taken during the Reporting Period, including, if applicable, any documentation of training related to those measures;
  • A summary of the organization’s encryption efforts taken during the Reporting Period; and
  • A summary of the organization’s security awareness training efforts taken during the Reporting Period.

In light of these requirements, leaders of Covered Entities or business associates also should consider establishing policies that both require periodic reporting to management and management review of reports on their organization’s ePHI and other Privacy and Security compliance that will produce documentation of similar periodic management oversight as an ongoing process within their organizations.

Since the Concentra and QCA Resolutions are only two of several existing Resolution Agreements, and likely will be supplemented by others in the future, management also should ensure that past and future Resolution Agreements as well as other guidance and developments under HIPAA are systematically reviewed and responded to in a similar, well documented manner.

Learn More At Upcoming Workshops and Teleconferences

Leaders, privacy officers, internet security officers, technology professionals and others concerned about HIPAA and other privacy and security management for Covered Entities, business associates and others can learn more about HIPAA Privacy, Security and Data Breach compliance and risk management by participating in one of the following upcoming HIPAA educational events that the author of this update, Cynthia Marcotte Stamer, will be a featured presenter:

For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update distributions here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.


Stamer Talks About “Handling Health Plan Spouse, Dependent & Other “Family” Matters in Post-DOMA World” at SPBA 2014 Spring Meeting

April 8, 2014

Health plans, their sponsoring employers and administrators face new challenges and responsibilities under a slew of regulations on the treatment of same-sex domestic partners issued by the Internal Revenue Service, Department of Labor and other federal government agencies since the Supreme Court ruled unconstitutional the Defense Against Marriage Act’s prohibition against the recognition of same-sex partnerships as marriage for purposes of federal law.

Attorney and industry thought leader Cynthia Marcotte Stamer will join officials from the Internal Revenue Service National Office in discussing “Handling Health Plan Spouse, Dependent & Other ‘Family’ Matters in Post-DOMA World” on Thursday, April 17, 2014 at the Society of Professional Benefits Administrators (SPBA) Spring 2014 Meeting at the Capital Hilton in Washington, DC.

The SPBA Spring Meeting scheduled to take place May 16-18 will cover a broad range of timely topics on health care reform and other issues and concerns for self-insured health plan administrators and their clients.

In addition to her April 17 DOMA presentation, Ms. Stamer also is scheduled to share her insights and experiences financial, ethical and legal concerns that third party administrators of self-insured employee benefit plans should consider when their client stops funding the plan due to illiquidity, bankruptcy or otherwise as a panelist on the April 18, 2014 panel on “Action Steps When a Client Stops Funding Claims.”

For additional details about the SPBA or its Spring Meeting, see www.spbatpa.org.

For More Information Or Assistance

If you need help labor and employment, health and other employee benefit, compensation, privacy and data  other internal controls and management concerns, please contact the author of this update, attorney Cynthia Marcotte Stamer.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health matters,  Ms. Stamer works extensively with employers, employee benefit plan sponsors, insurers, administrators, and fiduciaries, payroll and staffing companies, technology and other service providers and others to develop and run legally defensible programs, practices and policies that promote the client’s human resources, employee benefits or other management goals.  Ms. Stamer has more than 25 years experience advising these and other clients about these matters  and representing employer, employee benefit and other clients before the Internal Revenue Service, the Department of Labor, Immigration & Customs, Justice, and Health & Human Services, the Securities and Exchange Commission, Federal Trade Commission, state labor, insurance, tax and attorneys’ general, and other agencies, private plaintiffs and others on health and other employee benefit, labor, employment and other human resources, worker classification, tax, internal controls, risk management and other legal and operational management concerns.

A Fellow in the American College of Employee Benefits Council, the immediate past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, the Vice Chair of the ABA TIPS Employee Benefits Committee, the Gulf States Area TEGE Council Exempt Organizations Coordinator, past-Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, and the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, Ms. Stamer also is a widely published author and highly regarded speaker on these and other employee benefit and human resources matters who is active in many other employee benefits, human resources and other management focused organizations who is published and speaks extensively on worker classification and related matters.   She is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications.

You can learn more about Ms. Stamer and her experience, find out about upcoming training or other events, review some of her past training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer at www.CynthiaStamer.com.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.   ©2014 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Follow

Get every new post delivered to your Inbox.

Join 517 other followers