Employer Faces $2M FLSA Lawsuit For Alleged Worker Misclassification

December 26, 2013

Health Care Reform Adds Fuel To Enforcement Fire

Employers must ensure they can defend their treatment of workers as as independent contractors or otherwise exempt from wage and hour and overtime requirements and take other steps to manage wage and hour risks that can arise under the Fair Labor Standards Act (FLSA) and other laws to when caught misclassifying workers.  That’s the clear message the U.S. Department of Labor (Labor Department) is sending to employers by filing lawsuits against employers like the one it recently announced against Wang’s Partner Inc., doing business as Hibachi Grill and Supreme Buffet in Jonesboro, and its owner, Shu Wang, to recover $1,997,726 in back wages and liquidated damages for 84 employees.

The FLSA requires that covered employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. The requirements generally apply to any workers that the employer who receives its services cannot prove is not its common law employee or an exempt employee within the meaning of the FLSA.  In general, “hours worked” includes all time an employee must be on duty, or on the employer’s premises or at any other prescribed place of work, from the beginning of the first principal work activity to the end of the last principal activity of the workday. Additionally, the law requires that accurate records of employees’ wages, hours and other conditions of employment be maintained. These requirements generally apply for all workers who the facts and circumstances reflect are common law employees and otherwise do not qualify as exempt employees under the FLSA.  Violations of these requirements can result significant backpay and other damage awards to private plaintiffs, backpay and penalties assessments or settlements from Labor Department suits, and, if the violation is found willful, criminal liability.

Wang’s Partner Inc. Suit

The lawsuit against Want’s Partner Inc. shows employers the importance of avoiding improperly classifying workers as independent contractors for purposes of the FLSA. Employers that inappropriately classify workers as independent contractors often fail to maintain appropriate time and other records, pay minimum wage and overtime and violate other FLSA requirements.  In general, a business receiving services of a worker generally bears the burden of providing that the worker is not its common law employee under the applicable facts and circumstances test applicable under the FLSA.

As in many other enforcement areas, the Labor Department Wage and Hour Division in recent years has stepped up its scrutiny of employer relationships with workers treated as independent contractors.  The Labor Department and many other agencies increasingly view the misclassification of workers as something other than employees, such as independent contractors, as a serious problem for affected employees, employers and to the entire economy.  According to the Labor Department, misclassified employees are often denied access to critical benefits and protections, such as family and medical leave, overtime, minimum wage and unemployment insurance and other rights.  The Labor Department also says employee misclassification also generates substantial losses to state and federal treasuries, and to the Social Security and Medicare funds, as well as to state unemployment insurance and workers compensation funds. To address these and other concerns, the Labor Department has joined other agencies like the Internal Revenue Service increasingly is challenging employers’ treatment of workers as exempt from FLSA and other legal obligations as independent contractors or otherwise.

The lawsuit in the Northern District of Georgia against Wang’s Partner, Inc. illustrates this trend.  One of the growing number of lawsuits and other enforcement actions resulting from this trend, the suit shows the significant exposures that an employer risks by misclassifying workers as independent contractors or otherwise exempt from the FLSA. The Labor Department says an investigation revealed that Wang’s Partner Inc. misclassified workers as independent contractors and engaged in numerous violations of the FLSA.  The Labor Department seeks $1,997,726 in back wages and liquidated damages for 84 employees.

The Labor Department says investigators from the division’s Atlanta district office found that the employer misclassified servers as independent contractors, failed to pay servers and kitchen staff at least the federal minimum wage of $7.25 per hour and failed to pay overtime compensation at time and one-half employees’ regular rates for hours worked beyond 40 in a work week. Additionally, the employer did not maintain accurate records of hours worked and wages paid.

In announcing the Wang’s Partner Inc. lawsuit, the Labor Department warned employers against similar misclassification of workers.  “The U.S. Department of Labor is committed to ensuring that all workers receive the wages to which they are legally entitled,” said Secretary of Labor Thomas E. Perez. “We will not stand by while employers use business models that hurt workers, their families and law-abiding employers. This lawsuit illustrates that the department will use every enforcement tool necessary to resolve cases where employees are unlawfully treated as independent contractors, and vulnerable workers are not paid the minimum wage.”

 FLSA Violations Generally Costly;  Enforcement Rising

The Labor Department’s prosecutions against employers arising from misclassification of workers document the Labor Department is acting in accordance with this warning.  In recent years, misclassification of workers increasingly has become an element in its FLSA and other enforcement actions.  According to the Labor Department, misclassified employees are often denied access to critical benefits and protections, such as family and medical leave, overtime, minimum wage and unemployment insurance and other rights.  The Labor Department also says employee misclassification also generates substantial losses to state and federal treasuries, and to the Social Security and Medicare funds, as well as to state unemployment insurance and workers compensation funds. To address these and other concerns, the Labor Department has joined other agencies like the Internal Revenue Service increasingly is challenging employers’ treatment of workers as exempt from FLSA and other legal obligations as independent contractors or otherwise.Whether due to mischaracterization of workers as independent contractors or as common law employees that qualify as exempt under the FLSA rules, the Labor Department increasingly is acting on its promise to go after employers that violate the FLSA based on worker misclassifications.

In 2012, for instance, First Republic Bank paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions.  The Labor Department announced the settlement resulting in the payment on November 27, 2012.

The settlement came after an investigation by the Labor Department’s Wage and Hour Division found that the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.

In announcing the settlement with First Republic Bank, the Labor Department warned employers to confirm the appropriateness of their classification of workers.  “It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”

The Wang’s Partner Inc and First Republic Bank enforcement actions are not unique.  The Labor Department and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers.  Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements.  See e.g.,  Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For EmployersQuest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay

In an effort to further promote compliance and enforcement of these rules,  the Labor Department is using  smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers.    As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the  Labor Department and private litigation.

Health Care Reform Adds Risks, Fuels More Enforcement

The rollout of new health benefit mandates as part of the sweeping reforms enacted under the Patient Protection and Affordable Care Act (ACA) is further expanding the liability of misclassification and the risk of enforcement against employers.

Among other things, the employer mandates of ACA, now delayed until 2015, generally will require employers of 50 or more full-time employees either to provide health coverage meeting the requirements of ACA or pay the “employer penalty” established under Internal Revenue Code Section 4980H.  While the rule now is delayed until 2015, the employment data for 2014 will be used to determine what employees that an employer must take into account for purposes of this rule.  ACA generally relies on the common law employment tests used under the FLSA to make this determination.  It also requires employers provide other rights to workers who are considered common law employees under these rules.

Employers Should Strengthen Practices For Defensibility

 To minimize exposure under the FLSA, employers should review and document the defensibility of their existing practices for classifying and compensating workers under existing Federal and state wage and hour laws and take other actions to minimize their potential liability under applicable wages and hour laws.  Steps advisable as part of this process include, but are not necessarily limited to:

  • Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
  • Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
  • Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
  • Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
  • If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
  • Review of existing documentation and record keeping practices for hourly employees;
  • Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
  • Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

Because of the potentially significant liability exposure, employers generally will want to consult with qualified legal counsel before starting their risk assessment and assess risks and claims within the scope of attorney-client privilege to help protect the ability to claim attorney-client privilege or other evidentiary protections to help shelter conversations or certain other sensitive risk activities from discovery under the rules of evidence.

For Help With Investigations, Policy Updates Or Other Needs

If you need help in conducting a risk assessment of or responding to an IRS, DOL, Justice Department, or other federal or state agencies or other private plaintiff or other legal challenges to your organization’s existing workforce classification or other labor and employment, compliance,  employee benefit or compensation practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469) 767-8872 .

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters.   She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.™  All other rights reserved.


New Final FLSA Rule Gives Home Workers Minimum Wage, Overtime, Other FLSA Protections

September 18, 2013

Health care and other parties employing or otherwise engaging the services of home care workers should review and update their policies and  practices for scheduling, tracking hours worked and paying these workers to ensure that they comply by January 1, 2015 with a new final rule announced by the U.S. Department of Labor’s Wage and Hour Division today (September 18, 2013). Today’s announcement of the regulatory changes means employers of home care workers can expect to see costs rise and also will join most other U.S. businesses that must worry about getting caught in minimum wage and overtime enforcement traps.

New Home Care Worker Rules Effective January 2015

Under the new final rule, the Labor Department extends the Fair Labor Standards Act’s minimum wage and overtime protections to most of the nation’s direct care workers who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities beginning January 1, 2015.

The new final rule generally will require that the approximately two million home care workers such as home health aides, personal care aides, and certified nursing assistants will qualify for minimum wage and overtime.  Employers engaging these services also generally will need to keep records and comply with other FLSA requirements with respect to these workers as well.

In anticipation of the rollout of these new protections, the Labor Department is kicking off a public outreach campaign to educate home care workers and their employers about the rule change. The Department will be hosting five public webinars during the month of October and has created a new, dedicated web portal here with fact sheets, FAQs, interactive web tools, and other materials.

The Labor Department’s focus on home workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks.

The impending change in the treatment of home care workers is part of a larger commitment by the Obama Administration to both expansion and enforcement of the FLSA’s minimum wage and overtime provisions, and a specific program targeting employers in health care and related services industries.

The Obama Administration since taking office has conducted an aggressive campaign seeking to significantly increase the minimum wage under the FLSA and expand other protections.  Along with this proactive regulatory agenda, the Obama Administration also specifically is aggressively targeting health care and other caregiver businesses in its enforcement and audit activities. See, e.g. Home health care company in Dallas agrees to pay 80 nurses more than $92,000 in back wages following US Labor Department investigation; US Department of Labor secures nearly $62,000 in back overtime wages for 21 health care employees in Pine Bluff, Ark.; US Department of Labor initiative targeted toward increasing FLSA compliance in New York’s health care industry; US Department of Labor initiative targeted toward residential health care industry in Connecticut and Rhode Island to increase FLSA compliance; Partners HealthCare Systems agrees to pay 700 employees more than $2.7 million in overtime back wages to resolve U.S. Labor Department lawsuit; US Labor Dnda epartment sues Kentucky home health care provider to obtain more than $512,000 in back wages and damages for 22 employees; and Buffalo, Minn.-based home health care provider agrees to pay more than $150,000 in back wages following US Labor Department investigation.

Violation of wage and hour laws exposes health care and other employers to significant back pay awards, substantial civil penalties and, if the violation is found to be willful, even potential criminal liability.   Because states all have their own wage and hour laws, employers may face liability under either or both laws.   Coupled with these and other enforcement efforts against health and other caregiver businesses, today’s announcement reflects enforcement risks will continue to rise for employers of home care workers.

In light of the proposed regulatory changes and demonstrated willingness of the Labor Department and private plaintiffs to bring actions against employers violating these rules, health care and others employing home care workers should take well-documented steps to manage their risks.  These employers should both confirm the adequacy of their practices under existing rules, as well as evaluate and begin preparing to respond to the proposed modifications to these rules.  In both cases, employers of home care or other health care workers are encouraged to critically evaluate their classification or workers, both with respect to their status as employees versus contractor or leased employees, as well as their characterization as exempt versus non-exempt for wage and hour law purposes.  In addition, given the nature of the scheduled frequently worked by home care givers, their employers also generally should pay particular attention to the adequacy of practices for recordkeeping.

Of course, the home care and health care industry are not the only industries that need to worry about FLSA enforcement.   The Obama Administration is very aggressive in its enforcement of wage and hour and overtime laws generally.  For instance, First Republic Bank recently paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions.  The Labor Department announced the settlement resulting in the payment on November 27, 2012.  The  settlement resulted from an investigation by the Labor Department that found the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.

The FLSA requires that covered, nonexempt employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.

While the FLSA provides an exemption from both minimum wage and overtime pay requirements for individuals employed in bona fide executive, administrative, professional and outside sales positions, as well as certain computer employees, job titles do not determine the applicability of this or other FLSA exemptions. In order for an exemption to apply, an employee’s specific job duties and salary must meet all the requirements of the department’s regulations. To qualify for exemption, employees generally must meet certain tests regarding their job duties and be paid on a salary basis at not less than $455 per week.

Investigators found that First Republic Bank failed to consider the FLSA’s criteria that allow certain administrative and professional employees to be exempt from receiving overtime pay. In fact, the employees were entitled to overtime compensation at one and one-half times their regular rates for hours worked over 40 in a week. Additionally, the bank failed to include bonus payments in nonexempt employees’ regular rates of pay when computing overtime compensation, in violation of the act. Record-keeping violations resulted from the employer’s failure to record the number of hours worked by the misclassified employees.

“It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”

 FLSA Violations Generally Costly;  Enforcement Rising

The enforcement record of the Labor Department confirms that employers that improperly treat workers as exempt from the FLSA’s overtime, minimum wage and recordkeeping requriements run a big risk.  The Labor Deprtment and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers.  Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements.  See e.g.,  Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For EmployersQuest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay In an effort to further promote compliance and enforcement of these rules,  the Labor Department is using  smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers.    As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the  Labor Department and private litigation.

Employers Should Strengthen Practices For Defensibility

 To minimize exposure under the FLSA, employers should review and document the defensibility of their existing practices for classifying and compensating workers under existing Federal and state wage and hour laws and take other actions to minimize their potential liability under applicable wages and hour laws.  Steps advisable as part of this process include, but are not necessarily limited to:

  • Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
  • Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
  • Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
  • Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
  • If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
  • Review of existing documentation and record keeping practices for hourly employees;
  • Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
  • Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

Because of the potentially significant liability exposure, employers generally will want to consult with qualified legal counsel before starting their risk assessment and assess risks and claims within the scope of attorney-client privilege to help protect the ability to claim attorney-client privilege or other evidentiary protections to help shelter conversations or certain other sensitive risk activities from discovery under the rules of evidence.

For Help With Investigations, Policy Updates Or Other Needs

If you need help in conducting a risk assessment of or responding to an IRS, DOL, Justice Department, or other federal or state agencies or other private plaintiff or other legal challenges to your organization’s existing workforce classification or other labor and employment, compliance,  employee benefit or compensation practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469) 767-8872 .

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters.   She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.™  All other rights reserved.


IRS Releases Updated Healthcare Law Online Resources Publication

August 1, 2013

The Internal Revenue Service’s updated  IRS Healthcare Law Online Resources publication provides a helpful list of resources for employers and individuals to use to get access to laws, regulations and other information about the Patient Protection & Affordable Care Act (ACA) and its implementing rules and regulations.  The resource publication issued as Department of Treasury Publication 5093 (6-2013), Catalog Number 63920H presents as follows:

For Help or More Information

ACA and other federal group health plan rules are complex and ever-evolving.  If you need help reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices or with other employee benefits, human resources, health care or insurance matters, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Counsel, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on leading health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at ww.solutionslawpress.com.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


IRS Extends Remedial Amendment On Cycle Opinion Deadline For Some Defined Benefit Plans

August 1, 2013

The Internal Revenue Service (IRS) is extending the deadline for sponsors and practitioners of defined benefit mass submitter lead plans to submit on-cycle applications.

Announcement 2013-37 extends to January 31, 2014, the deadline to submit on-cycle applications for opinion and advisory letters for sponsors and practitioners maintaining defined benefit mass submitter lead plans for the plans’ second six-year remedial amendment cycle.

Announcement 2013-37 will be in IRB 2013-34, dated August 19, 2013.

For Help or More Information

If you need help reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices or with other employee benefits, human resources, health care or insurance matters, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Counsel, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on leading health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at ww.solutionslawpress.com.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Self-Dealing Or Other Mishandling of Employee Benefit Plan Funds Risky For Fiduciaries & Those Appointing Them

July 31, 2013

New litigation against the former trustee and former investment service provider of four pension plans reminds employer or other employee benefit plan sponsors, business owners or management, investment advisors and others serving as fiduciaries or advisors of employee benefit plans of the need to ensure that employee benefit plans are only used for the benefit of participants and beneficiaries, and prudently and properly invested and administered.  Businesses sponsoring plans and their leaders, as well as others serving as fiduciaries or investment advisors are cautioned that mishandling of plan assets or investments can create significant liability both for those who improperly handle plan responsibilities and the employer or other plan sponsor, business owner or management, and others who are involved in their selection, oversight and retention.  Consequently, parties should ensure act prudently to ensure plan assets are only invested prudently and for the sole benefit of the plan and its members, as well as to appropriately monitor the actions of other plan fiduciaries or personnel, investment managers, advisors, and others handing investments or other plan transactions, and be prepared to prove it.

The U.S. District Court for the Eastern District of Kentucky on July 26 granted in part the U.S. Department of Labor’s motion for a preliminary injunction against George S. Hofmeister and Bernard Tew, former fiduciaries of four Lexington-based pension plans: the Hillsdale Salaried, Hillsdale Hourly, Revstone Casting Fairfield GMP Local 359, and Fourslides Inc. The injunctions stem from ongoing litigation against the defendants filed by the Labor Department under the Employee Retirement Income Security Act of 1974 (ERISA). See Perez v. George Hofmeister, et al. Civil Action File Number 5:12-cv-00250-KKC, Perez v. George Hofmeister, et al. Civil Action File Number 5:13-cv-00156-KKC and Perez v. Robert La Courciere, et al. Civil Action File Number 5:13-cv-00158-KKC.

The Labor Department previously filed lawsuits in the same court that named Hofmeister and Tew, among others. Hofmeister was the trustee of the four pension plans, and Tew was managing director of their investment service provider, Bluegrass Investment Management LLC. The court’s order removes Hofmeister as a fiduciary of the plans and prohibits him from taking any actions with respect to the pensions plans or their assets. Tew resigned as fiduciary of the plans a few days before a hearing regarding the Labor Department’s motion. The lawsuits alleged that the defendants engaged in a series of prohibited transactions resulting in the misuse of approximately $12.1 million from the Hillsdale Salaried pension plan, approximately $22.5 million from the Hillsdale Hourly pension plan, approximately $4.4 million from the Revstone Casting Fairfield GMP Local 359 pension plan, and approximately $500,000 from the Fourslides Inc. pension plan. The four plan sponsors are closely affiliated with Lexington-based Revstone Industries LLC and Spara LLC.

The suits follow an EBSA investigation that found violations of the Employee Retirement Income Security Act, including prohibited loans to related companies, prohibited use of plan assets for the purchase and lease of employer property, prohibited purchase of customer notes from affiliated companies, prohibited transfer of assets in favor of parties-in-interest, payment of excessive fees to services providers, and payment of fees on behalf of the companies.

ERISA’s fiduciary responsibility rules compel individuals named as employee benefit plan fiduciaries, or who functionally exercise or have discretion or control over plan assets or their investments, or certain other plan actions to act prudently and for the exclusive benefit of participants and beneficiaries.  Plan fiduciaries must act “solely in the interest” of the plan and its members.  ERISA also expressly prohibits fiduciaries from dealing with the plan or its assets for the benefit of themselves or any third party.  Meanwhile, ERISA’s prohibited transaction rules identify a list of parties and transactions that are per se prohibited and violate ERISA’s fiduciary responsibility rules unless the fiduciary demonstrates that an applicable exception applies.  These transactions commonly are referred to as “prohibited transactions.”

According to the Labor Department brief Hofmeister, Tew and Bluegrass have repeatedly violated ERISA, using nearly $40 million in pension plan assets to benefit themselves or related parties.  The department’s investigation of these pension plans revealed a pattern of prohibited transactions involving the use of these plans’ assets by Hofmeister, Tew and investment adviser firms. Alleged improper use of the plans’ assets began within days or months of Hofmeister assuming control of the pension plans. The department contends that Hofmeister has placed millions of dollars in pension plan assets at risk and has consistently failed to act to protect these assets when required.

Under ERISA, fiduciaries that commit prohibited transactions or breach other fiduciary duties rules of ERISA generally are liable personally to the employee benefit plan for the greater of damages resulting from the breach or profits realized, plus attorneys’ fees and other costs of recovery.  In addition, the Labor Department also can impose penalties of up to 20 percent of the amount of the fiduciary breach, seek to enjoin the breaching fiduciaries from serving in a fiduciary capacity, and refer them to the Department of Justice for criminal prosecution.  Bankruptcy often does not provide any protection against the obligation to repay.

Employers, members of management, and others with discretion or control over plan assets or the selection, appointment, oversight or retention for those providing fiduciary or other plan services should be careful to act prudently when performing these duties to avoid becoming exposed to liability for bad actors.  Beyond avoiding committing its own breach of fiduciary duties, a plan sponsor, member of management or other party who is a named fiduciary or possesses fiduciary power or authority over the plan also sometimes can be liable for the prohibited transactions or other fiduciary breaches of another fiduciary under ERISA’s co-fiduciary responsibility rules.  These rules generally allow co-fiduciary liability to attach when an otherwise innocent fiduciary either enabled the breach by failing to appropriately fulfill its own fiduciary responsibilities, knew or should have have known of the breach but failed to properly act to prudently intervene to protect the plan and its assets, or later discovers the breach and fails to prudently act to intervene to protect the plan and its assets.

 

In addition to prudently overseeing those handling investments or other plan assets or performing other fiduciary functions, parties engaging these individuals should ensure that all fiduciaries, investment advisors and service providers of the plan handing plan matters are carefully credentialed.  A documented background check should be conducted to confirm that the individuals or their organizations are not disqualified from serving as fiduciaries and have appropriate credentials and reputations to perform those duties.  This analysis should be periodically rechecked and that documentation and its review also carefully preserved.

Furthermore, employers and plan fiduciaries also should confirm and retain documentation that the parties serving as fiduciaries, involved in the handling of plan assets or funds, or acting in certain other capacities are bonded as required by ERISA.  ERISA’s fiduciary responsibility rules require appropriate bonding.  In addition to overlooking the necessity of bonding, many plan sponsors and vendors underestimate the amount and required terms of the bonding and the scope of individuals required to be bonded.

Failing to meet this requirement can broaden the scope of fiduciary liability to a plan sponsor or member of management who selected or appointed the fiduciary or service provider that engages in the prohibited transaction or other inappropriate conduct.  Consequently, in the event of a plan loss, Labor Department investigators typically request documentation of this credentialing and bonding early in the investigation.

Employee benefit plan vendor selection and compensation arrangements made by association and other employee benefit plan sponsors, fiduciaries and service providers are coming under increasing scrutiny by the EBSA.  While ERISA technically grants plan sponsors and fiduciaries wide latitude to make these choices, the exercise of these powers comes with great responsibility.  See e.g., Plan Sponsors. Their Owners & Management & Others Risk Personal Liability If Others Defraud Plans or Mismanage Employee Benefit Plan Responsibilities; New Rules Give Employee Benefit Plan Fiduciaries & Investment Advisors New Investment Advice Options; DOL Proposes To Expand Investment Related Services Giving Rise to ERISA Fiduciary Status As Investment Fiduciary.

Associations, employer and other plan sponsors, and other entities and individuals who in name or in function have or exercise discretionary responsibility or authority over the selection of plan fiduciaries, administrative or investment service providers or other services to the plan or the establishment of their compensation generally must make those decisions in accordance with the fiduciary responsibility and prohibited transaction rules of ERISA.

Since the earliest days of ERISA, the EBSA as well as private plaintiffs have aggressively enforced these and other fiduciary responsibility rules.  In recent years, EBSA has taken further steps to tighten and enforce these protections such as the new fee disclosure rules recently implemented by the EBSA and other fiduciary guidance. See, e.g., Western Mixers & Officers Ordered To Pay $1.2M+ For Improperly Using Benefit Plan Funds For Company Operations, Other ERISA Violations; Plan Administrator Faces Civil & Criminal Prosecution For Allegedly Making Prohibited $3.2 Million Real Estate Investment; Tough times are no excuse for ERISA shortcuts.

Despite these well-document fiduciary exposures and a well-established pattern of enforcement by the Labor Department and private plaintiffs, many companies and their business leaders fail to appreciate the responsibilities and liabilities associated with the establishment and administration of employee benefit plans.  Frequently, employer and other employee benefit plan sponsors fail adequately to follow or document their administration of appropriate procedures to be in a position to prove their fulfillment of these requirements when selecting plan fiduciaries and service providers, determining the compensation paid for their services, overseeing the performance of these parties, or engaging in other dealings with respect to plan design or administration.  In other instances, businesses and their leaders do not realize that the functional definition that ERISA uses to determine fiduciary status means that individuals participating in discretionary decisions about the employee benefit plan, as well as the plan sponsor, may bear liability under many commonly occurring situations if appropriate care is not exercised to protect participants or beneficiaries in these plans. For this reason, businesses and associations providing employee benefits to employees or dependents, as well as members of management participating in, or having responsibility to oversee or influence decisions about the establishment, maintenance, funding, and administration of their organization’s employee benefit programs need a clear understanding of their responsibilities with respect to such programs, the steps that they should take to prove their fulfillment of these responsibilities, and their other options for preventing or mitigating their otherwise applicable fiduciary risks.

In light of the significant liability risks, employer, association and other employee benefit plan sponsors and their management, plan fiduciaries, service providers and consultants should exercise care when selecting plan fiduciaries and service providers, establishing their compensation and making other related arrangements.  To minimize fiduciary exposures, parties participating in these activities should seek the advice of competent legal counsel on their potential fiduciary status and responsibilities on these activities and take appropriate steps to minimize potential exposures.

For Help or More Information

If you need help reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices or with other employee benefits, human resources, health care or insurance matters, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on leading health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at ww.solutionslawpress.com.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.


Use New Government Health Care Reform Resources With Care

July 22, 2013

While large employers are getting an additional year to collect data and make other preparations to comply with the “pay-or-play” rules in the shared responsibility provisions of new Internal Revenue Code Section 4980H under the extension announced by the Administration in early July, all employers still have much to do stay on top of the developing rules and make the arrangements necessary to prepare to comply with the current and 2014 federal health plan mandates of the Patient Protection & Affordable Care Act (ACA) and other federal laws.

As the Departments of Health & Human Services, Labor and Treasury continue to refine and roll out guidance implementing these rules, the agencies recently released various updated resources discussing these evolving rules.   Among others, Publication 5093, Healthcare Law Online Resources, lists ACA resources from the IRS, the Departments of Health & Human Services and Labor, and the Small Business Administration.  Meanwhile, IRS.gov and HealthCare.gov also have new ACA webpages.

While these updated resources are intended by the agencies to help acquaint businesses with ACA’s requirements, businesses and the insurers and administrators that offer health benefit services need to keep in mind that these resources have risk and limitations.  As the agencies are continuing to refine the rules, these resources often do not reflect the most current or emerging guidance or status of rules.  Additionally, government provided explanations, model forms and resources often incorporate provisions or interpretations that are biased against the interests of the businesses,  or contain other provisions that may not fully inform the business to all of its options.  Furthermore, because of limitations in jurisdiction and other constraints, guidance issued by an agency or agency that reflects that certain approaches may satisfy the requirements of the rules specifically addressed by the guidance often do not disclose or adequately communicate potential concerns with certain types of actions under other applicable requirements.

For instance,  model exchange notices published by the Department of Labor this Spring to assist employers to provide the notifications about federal exchange coverage options that ACA requires employers distribute by October 1 contain many provisions beyond the content actually required to meet the notice requirements.  The Labor Department in announcing the model notices indicated that its model language includes discretionary provisions which the Department thought some employers might want to include to minimize questions from employees about employer provided benefits that employees interested in pursuing subsidized coverage could be expected to need to apply for subsidies.  While as of now, exchanges and subsidies still are scheduled to come on line January 1, 2014, the Obama Administration extended the employer “pay-or-play” mandate of Code Section 4980 and its associated employer reporting requirements, as well as has established that it does not plan to verify eligibility for subsidies requested by individuals enrolling in exchanges in 2014.  Given this, most employers will want to consider carefully the specific content that they wish to include in the exchange notice as they prepare the notice in anticipation of its distribution in October.Accordingly, all businesses dealing with these issues are encouraged to arrange for comprehensive advice from qualified legal counsel familiar with these requirements and other related human resources, health care, insurance and employee benefit issues.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

A Fellow in the American College of Employee Benefit Counsel, State Bar of Texas and American Bar Association, Vice President of the North Texas Health Care Compliance Professionals Association, the Former Chair of the ABA RPTE Employee Benefit & Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Council Representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer serves as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights  on HIPAA and other data privacy and security concerns appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the third year will serve in 2013 as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

In addition to this extensive HIPAA specific experience, Ms. Stamer also is recognized for her experience and skill aiding clients with a diverse range of other employment, employee benefits, health and safety, public policy, and other compliance and risk management concerns.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a member of the Editorial Advisory Board and expert panels of HR.com, Employee Benefit News, InsuranceThoughtLeadership.com, and Solutions Law Press, Inc., management attorney and consultant Ms. Stamer has 25 years of experience helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices.   Ms. Stamer often has worked, extensively on these and other workforce and performance related matters.  In addition to her continuous day-to-day involvement helping businesses to manage employment and employee benefit plan concerns, she also has extensive public policy and regulatory experience with these and other matters domestically and internationally.  A former member of the Executive Committee of the Texas Association of Business and past Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Ms. Stamer served as a primary advisor to the Government of Bolivia on its pension privatization law, and has been intimately involved in federal, state, and international workforce, health care, pension and social security, tax, education, immigration, education and other legislative and regulatory reform in the US and abroad.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

For help  with these or other compliance concerns, to ask about compliance audit or training, or for legal representation on these or other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

“Pay Or Play” Reprieve Still Leaves Employers Facing Challenging 2014 Health Care Reform Deadlines

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.™  All other rights reserved.


OCR Warns Others Learn From WellPoint’s $1.7 M HIPAA Settlement

July 12, 2013

WellPoint $1.7 M HIPAA Settlement Expensive Lesson On HIPAA Risks Of Leaving PHI Too Accessible In Web-Based Applications

As health plans and health care organizations increasingly jump on the Web-based application bandwagon, managed care company WellPoint Inc. (WellPoint) is learning a $1.7 million lesson about the importance of ensuring Web-based applications and portals that allow access to members or other consumers protected health information (PHI) have the administrative, technical and other security safeguards required by the Health Insurance Portability & Accountability Act (HIPAA) Privacy and Security rules.

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced late yesterday (July 11, 2013) that WellPoint has agreed to pay $1.7 million to settle OCR charges that WellPoint violated the HIPAA Security Rule and left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet by failing to implement appropriate administrative and technical safeguards in its Web-based applications. See WellPoint HIPAA Settlement Press Release.

Web-based application use is increasingly popular among health plans and their wellness programs, as well as health care providers.  Employers and health plans use them both in plan administration and offer them to members to use as member tools.  Health care providers use them for health care operations, as well as patient engagement and communication tools.  The WellPoint settlement illustrates that managed care and other health insurers, health plans and their employer or other sponsors, health care providers, health care clearinghouses (Covered Entities) and their business associates can’t let their enthusiasm for the ease of use of these products to compromise the security of PHI.

Rather, health plans and other Covered Entities, employer and other  health plan sponsors, their business associates, and the Web and other technology developers, providers and consultants marketing products, services or other solutions should learn from WellPoint’s hard lesson by ensuring that current and future Web-based applications, portals and other information system components that are or could be used to provide access to PHI incorporate the Security Rule safeguards both when originally implemented and with each subsequent upgrade.

HIPAA Privacy, Security & Breach Notification Rules Require PHI Safeguards & Other Protections

The Breach Notification Rule added to HIPAA under the Health Information Technology for Economic and Clinical Health, or HITECH Act requires HIPAA-covered entities to notify OCR, affected individuals and the media promptly of a breach of “unsecured protected health information” (UPHI) impacting more than 500 individuals.  For smaller breaches, the Breach Notification Rule still requires prompt notice to affected individuals, but allows Covered Entities to disclose the breach to OCR as part of an annual breach report and to forego notification to the media. UPHI generally includes any PHI, whether or not ePHI that is not either secured or destroyed in the way described by the Breach Notification Rules.

In addition to the Breach Notification Rule, most Covered Entities and their business associates also are subject to state laws or regulations that impose similar or additional breach notification and other standards and responsibilities on the protection of personal health or other data including required notification and other responses following a breach of the security of UPHI or other PHI.

WellPoint’s $1.7 HIPAA Security Mistake

WellPoint’s $1.7 million settlement lesson resulted from an OCR investigation started in response to a breach report WellPoint submitted to comply with the Breach Notification Rules.

According to OCR, the Breach Report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.

OCR says its investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule.  According to OCR, WellPoint did not:

  • Adequately implement policies and procedures for authorizing access to the on-line application database;
  • Perform an appropriate  technical evaluation in response to a software upgrade to its information systems; or
  • Have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

As a result, OCR concluded that from October 23, 2009 until March 7, 2010, WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to their ePHI maintained in the application database. This data included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

Under the resulting WellPoint HIPAA Resolution Agreement, WellPoint must pay OCR a $1.7 million settlement payment as well as take a series of corrective actions to correct the deficiencies in its policies and practices that resulted in the reported breach to minimize future risks of breaches resulting from these deficient.

OCR Warns Learn From WellPoint’s Experience

All Covered Entities and their business associates and leaders should heed the lesson sent to them by OCR in announcing the WellPoint settlement and take appropriate steps other to ensure that appropriate policies and safeguards are adopted and applied in selecting and implementing future application or system upgrades, as well as review existing systems to ensure that the security of existing systems and applications have incorporated and apply the requisite safeguards.

OCR made clear that the WellPoint settlement is intended to send a message to Covered Entities and their business associates to ensure that these steps are appropriately taken.  The settlement announcement states:

This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet. Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet.

The settlement announcement also reminds business associates that OCR will begin holding them directly accountable along with their Covered Entity clients for complying with many HIPAA requirements beginning in September, stating:

Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

Take Documented Steps To Show You Hear OCR’s Messages

Covered entities and their business associates and leaders, and vendors and consultants offering services or products to them should take care to conduct careful and well-documented reviews and implement corrective actions necessary to show their applications and systems, policies and practices reflect their strong commitment and action to appropriately protect PHI in accordance with the expectations shown by the WellPoint HIPAA Resolution Agreement and other OCR settlements, OCR’s updated HIPAA regulations, and other OCR and industry information.

In addition to the guidance set forth in OCR’s Resolution Agreements with WellPoint and other Covered Entities, revisions to OCR’s Privacy and Security Rules in OCR’s 2013 restatement of its regulations here cause all Covered Entities and their business associates conduct a well-documented reassessment of the adequacy of their existing policies, systems and practices and steps taken to redress any uncovered gaps.

Among other things, the 2013 Regulations:

  • Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
  • Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
  • Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
  • Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
  • Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act  that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
  • Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
  • Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Covered Entities were required to begin complying with most of these rule changes earlier this year.  However, delayed compliance dates in the 2013 Regulations allowed Covered Entities and Business Associates to delay updates to pre-existing business associate agreements and the date that OCR would begin enforcing many of the HIPAA Rules directly against business associates to September 23, 2013.

Even without the necessity Settlements like that involving WellPoint, these 2013 Regulations make it imperative that Covered Entities to take the necessary steps to conduct an appropriate and well-documented review  and update as needed their systems, policies and practices,  business associate agreements, training and documentation.

With self-disclosures of breaches mandated by the Breach Notification Rules and OCR audits and enforcement rising, careful documentation of these activities and its analysis is necessary so that Covered Entities can be in a position to show OCR that the risk assessments required by the Security Rules was conducted as well as the efforts and commitment of the Covered Entity or business associate in the event of a breach investigation or audit. Yesterday’s WellPoint HIPAA announcement is just the latest in an ever-growing list of examples of the expensive consequences that can result if a Covered Entity or business associate cannot produce this documentation in response to an OCR audit or investigation. See, e.g.  OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks$1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other SafeguardsIn contrast, the OCR website also provides a multitude of examples showing how the ability to produce documentation and other evidence showing diligent efforts to comply has helped other covered entities that fall under OCR investigation to avoid or mitigate serious sanctions.

Coupled with statements by OCR about its intolerance, the WellPoint and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions against WellPoint and others, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable.  Covered Entities and business associates should document this review in a manner that both reflects the scope and diligence of their activities including relevant considerations and decision-making about identified potential susceptibilities and reasoning about the adequacy of safeguards and other solutions.

Because this review is likely to uncover existing or past deficiencies or breaches, most covered entities and business associates will want to discuss with qualified legal counsel the planned assessment within the scope of attorney-client privilege to understand when and how to conduct the assessment to preserve options to claim attorney-client privilege to protect sensitive work product or discussions that may result in the course of the investigation within the attorney-client communication, work product or other evidentiary privileges, evaluation of the adequacy and appropriateness of the audit and resulting investigations and its documentation, and other assistance in strengthening the defensibility of compliance and risk management activities.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

A Fellow in the American College of Employee Benefit Counsel, State Bar of Texas and American Bar Association, Vice President of the North Texas Health Care Compliance Professionals Association, the Former Chair of the ABA RPTE Employee Benefit & Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Council Representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer serves as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights  on HIPAA and other data privacy and security concerns appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the third year will serve in 2013 as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

In addition to this extensive HIPAA specific experience, Ms. Stamer also is recognized for her experience and skill aiding clients with a diverse range of other employment, employee benefits, health and safety, public policy, and other compliance and risk management concerns.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a member of the Editorial Advisory Board and expert panels of HR.com, Employee Benefit News, InsuranceThoughtLeadership.com, and Solutions Law Press, Inc., management attorney and consultant Ms. Stamer has 25 years of experience helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices.   Ms. Stamer often has worked, extensively on these and other workforce and performance related matters.  In addition to her continuous day-to-day involvement helping businesses to manage employment and employee benefit plan concerns, she also has extensive public policy and regulatory experience with these and other matters domestically and internationally.  A former member of the Executive Committee of the Texas Association of Business and past Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Ms. Stamer served as a primary advisor to the Government of Bolivia on its pension privatization law, and has been intimately involved in federal, state, and international workforce, health care, pension and social security, tax, education, immigration, education and other legislative and regulatory reform in the US and abroad.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

For help  with these or other compliance concerns, to ask about compliance audit or training, or for legal representation on these or other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

“Pay Or Play” Reprieve Still Leaves Employers Facing Challenging 2014 Health Care Reform Deadlines

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.™  All other rights reserved.


HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce

June 14, 2013

Health plans, health care providers, health care clearinghouses (covered entities) and their business associates should confirm their existing policies, practices and training for communicating with the media and others comply with the Privacy Rule requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in light of a Resolution Agreement with Shasta Regional Medical Center (SRMC) announced by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights today (June 14, 2013).

Under the Resolution Agreement, SRMC agrees to pay $275,000 and implement a comprehensive corrective action plan (CAP) to settle an investigation that resulted when SRMC used and disclosed protected health information (PHI) of a patient to members of the media and its workforce while trying to do damage control against fraud or other allegations of misconduct involving individual patient information or circumstances.  The Resolution Agreement shows how efforts to respond to press or media reports, patient or other complaints, physician or employee disputes, high profile accidents, or other events that may involve communications not typically run by privacy officers can create big exposures.  While the Resolution Agreement targets a health care provider, the lessons are equally applicable to health plans and health care clearinghouses, who increasingly face their own pressure to communicate with the media and others about enforcement actions, workforce claims and other matters.

Talking Out Of Turn To Media & Others Violated HIPAA

OCR investigated SRMC after a January 4, 2012 Los Angeles Times article reported two SRMC senior leaders had met with media to discuss medical services provided to a patient.  OCR’s investigation indicated that SRMC failed to safeguard the patient’s protected health information (PHI) from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce.  Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.

Among other things, the specific misconduct uncovered by HHS’s investigation indicated that from December 13 – 20, 2011, SRMC failed to safeguard the patient’s PHI from any impermissible intentional or unintentional disclosure on multiple occasions in connection with its response to media coverage arising from a Medicare fraud story including:

  • On December 13, 2011, for instance, OCR reports SRMC’s parent company sent a letter to California Watch, responding to a story about Medicare fraud. The letter described  the patient’s medical treatment and provided specifics about her lab results even though SRMC did not have a written authorization from  the patient to disclose this information to this news outlet.
  • On December 16, 2011, two of SRMC’s senior leaders also met with The Record Searchlight’s editor to discuss the patient’s medical record in detail even though SRMC did not have a written authorization from  the patient to disclose this information to this newspaper.
  • On December 20, 2011, SRMC sent a letter to The Los Angeles Times, which contained detailed information about the treatment  the patient received when, again, SRMC did not have a written authorization from  the patient to disclose this information to this newspaper.

In addition, OCR found SRMC impermissibly used the affected party’s PHI  when on December 20, 2011, SRMC sent an email to its entire workforce and medical staff, approximately 785-900 individuals, describing, in detail,  the patient’s medical condition, diagnosis and treatment. SRMC did not have a written authorization from  the patient to share this information with SRMC’s entire workforce and medical staff.

SRMC Must Correct & Pay $$275K Penalty

Under the Resolution Agreement, SRMC pays a $275,000 monetary settlement and agrees to comply with a CAP for the next year.

The CAP requires SRMC to update its policies and procedures on safeguarding PHI from impermissible uses and disclosures and to train its workforce members.  The CAP also requires fifteen other hospitals or medical centers under the same ownership or operational control as SRMC to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media.

The Resolution Agreement specifically requires that Shasta Regional Medical Center, among other things:

  • To update policies to include specific policies about sharing PHI with the media, members of the workforce not involved in an individual patient’s care and others to comply with HIPAA;.
  • To provide updated policies to OCR for approval;
  • To provide training documented with certification of all workforce members before allowing them to get access to PHI;

SRMC is one of several Prime Healthcare Services facilities under common ownership and control.  The Resolution Agreement also requires corrective action at these commonly owned facilities including California-based Alvarado Hospital Medical Center in San Diego, Centinela Hospital Medical Center in Inglewood, Chino Valley Medical Center in Chino, Desert Valley Hospital in Victorville, Garden Grove Hospital Medical Center in Garden Grove,  La Palma Intercommunity Hospital in La Palma, Paradise Valley Hospital in National City, San Dimas Community Hospital in San Dimas, Shasta Regional Medical Center in Redding, and West Anaheim Medical Center in Anaheim; Saint Mary’s Regional Medical Center in Reno, Nevada; Pennsylvania based Lower Bucks Hospital in Bristol and Roxborough Memorial Hospital in Philadelphia;and Texas-based Dallas Medical Center in Dallas, Harlingen Medical Center in Harlingen, Pampa Regional Medical Center in Pampa.  Among other things, the Resolution Agreement requires that for each of these related facilities:

  • The CEO and Privacy Officer of each facility must give OCR a signed affidavit stating that they understand that the Privacy Rule protects an individual’s PHI is protected by Privacy Rule even if such information is already in the public domain or even though it has been disclosed by the individual; and that disclosures of PHI in response to media inquiries are only permissible pursuant to a signed HIPAA authorization; and
  • Ensure all members of their respective workforce are informed of this policy.

The Resolution Agreement highlights the difficulty that health care providers and other covered entities often face in properly recognizing and handling PHI in the case of fraud or other disputes.  While health care providers have an understandable wish to defend themselves in the media and elsewhere in response to charges of misconduct, today’s settlement shows that improperly sharing PHI of each patient in the process will make matters much worse. It’s important to keep in mind that just omitting to mention the name or other common identifying information may not overcome this concern because information about a patient can be considered individually identifiable and to enjoy protection under HIPAA where the facts and circumstances would allow another person to know or determine who the individual is, even if the specific name, address or more common identifying information is not shared.

Furthermore, the settlement also makes clear that merely because the patient or some other party has shared the same information with the media or others does not excuse the health care provider or other covered entity or business associate from the obligation to keep confidential the PHI unless it gets proper consent or otherwise can show that an exception to HIPAA applies.

Finally, the Resolution Agreement also makes clear that OCR expects covered entities to connect their HIPAA compliance with other policies and operations and will hold covered entities and associates accountable for properly integrating, training workforce and enforcing compliance with these policies.  While this  means that covered entities and business associates may find themselves in the uncomfortable situation of facing unsavory reports and rumors without the ability to respond, the significant civil and even criminal penalties that can arise from violation of HIPAA make it critical that covered entities exercise discipline in responding to avoid sharing PHI improperly.

The 2013 Regulations Overview

Adding a review and update of HIPAA and other policies for communicating with the media and internally on matters that may involve use or discussions of PHI in unusual contexts outside the purview of typically HIPAA policies is a good idea while health plans and other covered entities and business associates are updating their existing policies and practices for compliance with updated Omnibus HIPAA Rules (2013 Regulations) implementing HITECH Act amendments to the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  The Rulemaking announced January 17, 2013 may be viewed here.

Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates (“Covered Entities”) restrict and safeguard individually identifiable  health care information (“PHI”) of individuals and afford other protections to individuals that are the subject of that information.  The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that OCR found desirable based on its experience administering and enforcing the law over the past decade.

Since passage of the HITECH Act, OCR officials have warned Covered Entities to expect an omnibus restatement of its original regulations.  While OCR had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to  its HIPAA Rules. The 2013 Regulations published today fulfill  that promise by restating OCR’s HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR’s interpretation and enforcement of HIPAA.

Among other things, the 2013 Regulations:

  • Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
  • Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
  • Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
  • Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the way required by the 2013 Regulations;
  • Update OCR’s rules about the rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act  that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
  • Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
  • Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Liability & Enforcement Risks Heighten Need To Act To Review & Update Policies & Practices

The new Resolution Agreement and the growing list of others like it, as well as restated rules in the 2013 Regulations make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks.  OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements.

OCR increasingly is imposing  sanctions against a covered entity for data breaches to show the potential risks of HIPAA violations are significant and growing.  OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks$1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable.   In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The SRMC Resolution Agreement again shows the growing risk of enforcement that health care providers, health plans, health care clearinghouses and their business associates face as OCR continues its audits and enforcement, new Omnibus HIPAA Regulations implementing the HITECH Act amendments to HIPAA and state and federal liability grows..  See e.g., $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

As part of this process, covered entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate training and clarification is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations.  Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

For more information about HIPAA compliance and risk management tips, see here.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

A Fellow in the American College of Employee Benefit Counsel, State Bar of Texas and American Bar Association, Vice President of the North Texas Health Care Compliance Professionals Association, the Former Chair of the ABA RPTE Employee Benefit & Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Council Representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer serves as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights  on HIPAA and other data privacy and security concerns appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the third year will serve in 2013 as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

In addition to this extensive HIPAA specific experience, Ms. Stamer also is recognized for her experience and skill aiding clients with a diverse range of other employment, employee benefits, health and safety, public policy, and other compliance and risk management concerns.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a member of the Editorial Advisory Board and expert panels of HR.com, Employee Benefit News, InsuranceThoughtLeadership.com, and Solutions Law Press, Inc., management attorney and consultant Ms. Stamer has 25 years of experience helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices.   Ms. Stamer often has worked, extensively on these and other workforce and performance related matters.  In addition to her continuous day-to-day involvement helping businesses to manage employment and employee benefit plan concerns, she also has extensive public policy and regulatory experience with these and other matters domestically and internationally.  A former member of the Executive Committee of the Texas Association of Business and past Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Ms. Stamer served as a primary advisor to the Government of Bolivia on its pension privatization law, and has been intimately involved in federal, state, and international workforce, health care, pension and social security, tax, education, immigration, education and other legislative and regulatory reform in the US and abroad.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

For help  with these or other compliance concerns, to ask about compliance audit or training, or for legal representation on these or other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.™  All other rights reserved.


Consider OCR Technical Corrections When Updating Privacy Practices & Agreements For Omnibus Restatement of HIPAA Privacy, Security, Breach Notification & Enforcement Rules

June 6, 2013

The Department of Health & Human Services Office of Civil Rights (OCR) on June 6, 2013 released an advance copy of to Technical Corrections  (Technical Corrections) to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notifications Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Rule) previously published on January 25, 2013.  Health plans, health care clearinghouses, health care providers and their business associates will want to be sure to take into account the Technical Corrections as they rush to update business associate agreements, policies, practices, training and other HIPAA compliance to comply with the Omnibus Rule changes by the September 2013 deadline.

Technical Corrections To Omnibus Rule Released

OCR published the Omnibus Rule to implement changes to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (“the HIPAA Rules”) enacted by the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”) and section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008, as well as to address public comment received on the interim final Breach Notification Rule and to other changes to the HIPAA Rules.  The Technical Corrections are scheduled for publication in the Federal Register on June 7, 2013.

The Technical Corrections correct various typographical errors and other oversights in the Omnibus Regulations as originally published.   While many of these corrections have limited material impact, certain corrections do have substantive implications.  For instance, by correcting errors in references to other provisions of the Omnibus Regulations, the Technical Corrections clarify that the authority of OCR to grant an extension of time pursuant to § 160.508(c)(5) for violations before February 18, 2009 also applies to violations occurring on or after February 18, 2009, as there is for violations occurring prior to February 18, 2009.

Health plans, health care clearinghouses and their business associates will need to review and take into account the Technical Corrections as they work to review and update their  policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the Omnibus Rule.

Get Moving To Update HIPAA Compliance For New Omnibus Rule Requirements As Amended By Technical Corrections

Covered entities and their business associates have a lot to accomplish between now and September to update their business associates and comply with other changes made by the Omnibus Rule by its September 2013 deadline. Among other things, the Omnibus Regulations:

  • Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
  • Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
  • Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
  •  Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the way required by the Omnibus Regulations;
  • Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act  that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
  • Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
  • Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Liability & Enforcement Risks Heighten Need To Act To Review & Update Policies & Practices

The restated rules in the Omnibus Rule make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks.  OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements.  See, e.g.,  OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks$1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

Coupled with statements by OCR about its intolerance, the HONI and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

All Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable.   In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

A Fellow in the American College of Employee Benefit Counsel, State Bar of Texas and American Bar Association, Vice President of the North Texas Health Care Compliance Professionals Association, the Former Chair of the ABA RPTE Employee Benefit & Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Council Representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer serves as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.  Her publications and insights  on HIPAA and other data privacy and security concerns appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.   For instance, Ms. Stamer for the third year will serve in 2013 as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR.  Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

In addition to this extensive HIPAA specific experience, Ms. Stamer also is recognized for her experience and skill aiding clients with a diverse range of other employment, employee benefits, health and safety, public policy, and other compliance and risk management concerns.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a member of the Editorial Advisory Board and expert panels of HR.com, Employee Benefit News, InsuranceThoughtLeadership.com, and Solutions Law Press, Inc., management attorney and consultant Ms. Stamer has 25 years of experience helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices.   Ms. Stamer often has worked, extensively on these and other workforce and performance related matters.  In addition to her continuous day-to-day involvement helping businesses to manage employment and employee benefit plan concerns, she also has extensive public policy and regulatory experience with these and other matters domestically and internationally.  A former member of the Executive Committee of the Texas Association of Business and past Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Ms. Stamer served as a primary advisor to the Government of Bolivia on its pension privatization law, and has been intimately involved in federal, state, and international workforce, health care, pension and social security, tax, education, immigration, education and other legislative and regulatory reform in the US and abroad.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

For help  with these or other compliance concerns, to ask about compliance audit or training, or for legal representation on these or other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here

About Solutions Law Press, Inc.

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

©2013 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press, Inc.™  All other rights reserved.


Id & Manage Hidden Employee Benefit Exposures In Business Insolvency Or Other Transactions

June 5, 2013

The June 4, 2013 announcement of the Employee Benefit Security Administration (EBSA) provides a timely reminder to businesses sponsoring employee benefit plans, their owners and management, plan fiduciaries, banks, administrative service providers and other plan vendors, employee benefit plan and bankruptcy trustees, corporate receivers, creditors, and others looking to expedite the windup of abandoned  401(k), profit-sharing and other individual account pension plans of the challenges that can result when employee benefit plan responsibilities are mishandled when companies fail or experience other significant events, as well as the availability of tools to help mitigate or prevent these challenges through responsible proactive action.

Hidden Employee Benefit Exposures For Unwary Abound For Parties In Business Insolvency Or Other Transactions

A complex maze of ERISA, tax and other rules make, administration and termination of employee benefit plans a complicated matter. When the company sponsoring a plan experiences a significant workforce or other restructuring, becomes distressed, goes bankrupt or liquidates, merges, sells assets or engages in other significant business transaction impacting the plans or its workforce, the rules, as well as the circumstances, can create a liability and operational quagmire for everyone from the sponsoring business, its management, buyers, vendors, plan fiduciaries, plan participants and beneficiaries, related entities, asset purchasers and others.  While tough economic times may tempt business leaders to cut corners, more than 3o years of litigation and enforcement precedent make clear that cutting corners on the assessment and handling of employee benefit and other workforce responsibilities amid business distress or in other business transactions or events presents risks for all parties involved.  See e.g., Tough Times Are No Excuse For ERISA Shortcuts;  Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business LeadersWhile many business leaders and plan fiduciaries lack a strong understanding of these rules and their implications in times of business or benefit plan distress or other significant business transactions, even those experienced with these concerns need to use caution to understand and respond to the series of ongoing changes in these rules, regulations and precedent that impact on the handling of plan related responsibilities in these and other special situations. 

The Internal Revenue Code (Code) requires contains a maze of requirements that companies sponsoring pension, profit-sharing, health and other employee benefit plans, their plans, and plan administrators must follow when maintaining, administering, or terminating these plans including in many instances, special rules on the termination of the plans, distribution of assets, and the liabilities that attach to affiliated companies, successors, and assets resulting from transactions involving employee benefit plans or their sponsors.

In addition to the Code’s rules, companies and other individuals that in name or in function have or exercise discretionary responsibility or authority over the maintenance, administration or funding of employee benefit plans regulated by ERISA also generally must meet ERISA’s high standards  for carrying out these duties based on their functional ability to exercise discretion over these matters, whether or not they have been named as fiduciaries formally. Under many circumstances these rules, or the handling of transactions can broaden the scope of responsibility or create exposures for a surprising range of parties dealing with the plan sponsor, related corporations or their stock, assets, benefit plans or workforce in corporate bankruptcies, mergers, asset or stock acquisitions, liquidations or other transactions.

Beyond these basic tax and fiduciary obligations, ERISA and the Internal Revenue Code (Code) create additional responsibilities and liabilities for when dealing with defined benefit or other pension plans subject to ERISA’s minimum funding and plan termination rules that when violated trigger a plethora of funding and notification obligations, penalties, liens on assets, and other obligations that can create significant traps for unwary plan fiduciaries and administrators, the sponsoring corporation, its management, affiliates and successors, as well as creditors or purchasers of stock or assets and others dealing with them.

Despite these well-documented responsibilities and a well-established pattern of enforcement by the Department of Labor, Pension Benefit Guarantee Corporation, Internal Revenue Service and private plaintiffs, many businesses and business leaders fail to appropriately understand these and other basic responsibilities and liabilities associated with the establishment, administration, termination and windup of employee benefit plans and other details about how their or others mishandling of employee benefit plan related responsibilities can undermine business goals and create unanticipated liability exposures.

Frequently, companies sponsoring their employee benefit plans and their executives mistakenly assume that they can rely upon vendors and advisors to ensure that their programs are appropriately established. The establishment and maintenance of these arrangements with limited review or oversight by the sponsoring company or its management team can be risky.

In other instances, businesses and their leaders do not realize that ERISA’s functional definition to determine fiduciary status means that individuals participating in discretionary decisions about the employee benefit plan, as well as the plan sponsor, may bear liability under many commonly occurring situations if appropriate care is not exercised to protect participants or beneficiaries in these plans.

In yet other instances, purchasers, related entities, bankruptcy trustees and creditors or others don’t appreciate the way their own or others mishandling of employee benefit plan obligations or exposures can impact their transactions and associated risks.

Proactive Action Can Mitigate Exposures & Costs

For this reason, companies providing employee benefits and their management, service providers, and related entities and the businesses dealing with them need a clear understanding of the rules and responsibilities Federal law imposes on the funding, administration and termination of these programs, how these rules can impact their responsibilities and goals, and the steps necessary to avoid or mitigate exposures likely to result if they or others mishandle employee benefit plan related responsibilities or assets and how to avoid or mitigate these concerns.

The challenges of winding up an abandoned plan discussed in the EBSA news release yesterday highlights just one of these complications, the problem of dealing with abandoned plans.

When companies and their management abandon plans, they leave their plans, participants and beneficiaries, service providers and others in limbo, without the authority or funds to wind up the plans.  When employers abandon their individual account pension plans, custodians such as banks, insurers and mutual fund companies are left holding the assets of these abandoned plans but without the authority to terminate such plans and make benefit distributions even in response to participant demands. Service providers often find themselves in the legally awkward situation of having continuing plan responsibilities without necessary direction or compensation for performance.  Meanwhile, participants and beneficiaries can’t manage, access or often even get information about their funds until the situation resolves.  Dealing with these issues usually requires cumbersome, time-consuming and costly processes often requiring complex, lengthy, highly formalistic and expensive judicial and administrative procedures to resolve while fiduciary, tax and other liabilities mount.  Meanwhile, participants and beneficiaries often lose access to their accounts or benefits or even see plan value decline as plan assets that could go to benefits are diverted to cover administrative costs of winding up the plan.

The EBSAs abandoned plan program is just one of many examples of tools that parties struggling with these issues can use to mitigate these challenges and exposures.  EBSA uses its abandoned plan program to facilitate a voluntary efficient process for winding up the affairs of abandoned individual account plans so that benefit distributions are made to participants and beneficiaries when this occurs.

The EBSA Abandoned Plan News Release  and the EBSA’s related response Response to ADP/JP Morgan published June 4, 2013 show an example of how EBSA used its abandoned plan program to give critical relief to JP Morgan Chase Bank NA and ADP Inc. to use to wind up certain abandoned plans without exhausting the 90-day waiting period that ordinarily applies before the termination of a retirement plan based on the best interest of participants pursuant to 29 CFR §2578.1.  By exercising its discretion to waive the 90-day notice period, the EBSA allowed JP Morgan Chase Bank NA and ADP Inc. to terminate immediately and wind up approximately 180 defined contribution pension plans abandoned due to corporate crises or neglect.

Requesting relief from the EBSA like that granted to JP Morgan Chase Bank NA and ADP Inc. in the announcement made yesterday is just one of various types of relief that legal counsel experienced with dealing with workforce and employee benefit plan challenges that can arise when companies or their plans become inadequately funded, bankrupt, or experience other significant transactions or events, can use to help debtors, and other plan sponsors, their management, affiliates, successors, buyers, plan fiduciaries, vendors, bankruptcy creditors and trustees.

Experienced counsel can help companies understand and negotiate the complex rules of the EBSA, the Pension Benefit Guarantee Corporation and the Internal Revenue Service governing dealings with these plans and where appropriate and available by taking advantage of relief or other options to mitigate these challenges.  Involving experienced counsel to explore and use these options early can help all parties get participants and beneficiaries their benefits while minimizing legal risks, time and expenses associated with the wind up of these troubled or abandoned plans.  Even where special dispensation is not available, the early involvement of experienced legal counsel as early as possible after the possibility that a business or its plans or assets will be impacted by underfunding, insolvency, a bankruptcy or liquidation, workforce reduction, sale, merger or other significant event can help plan and administer the steps necessary to handle cost effectively employee benefit related responsibilities and impacts.

For Help or More Information

If you need help with assessing or handing employee benefit or workforce challenges arising from business or employee benefit plan insolvency, stock or asset sales, mergers, bankruptcy or liquidation, reductions or other workforce changes or other significant business transactions or events, or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters including extensive experience handling workforce and employee benefit challenges arising from plan underfunding, company restructurings, workforce change,  insolvencies, bankruptcies, mergers, stock or asset acquisitions, or other significant business or plan transactions.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, and insurers, bankruptcy trustees and receivers, asset purchasers, creditors and others dealing with plans and their sponsors, and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.  Her experience includes involvement in the planning, execution and resolution of workforce and employee benefit related details of a multitude of high and low profile restructurings, bankruptcies and other significant transactions throughout her more than 25 year career.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C.  Nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved


Follow

Get every new post delivered to your Inbox.

Join 517 other followers