EEOC Charges Employer Violated ADA By Terminating Employment At FMLA Leave End

March 2, 2015

Employers considering terminating the employment of employees not ready to resume their usual duties when their eligibility for medical leave ends under the Family & Medical Leave Act (FMLA) or other leave policies should first consider whether the employee qualifies for accommodation under the Americans With Disabilities Act.  That’s the message transmitted by a new Employment Opportunity Commission (EEOC) Americans With Disabilities Act (ADA) lawsuit against ValleyLife of Phoenix, Arizona.

In EEOC v. ValleyLife, the EEOC charges that ValleyLife engaged in illegal disability discrimination in violation of the ADA when it allegedly fired employees with disabilities instead of providing them with reasonable accommodations when their eligibility for family leave ended under the FMLA and allegedly failed to keep employees’ medical records confidential.  See EEOC v. ValleyLife, Civil Action No. 2:15-cv-00340-GMS (N.Az).

According to the lawsuit, ValleyLife fired employees with disabilities rather than provide them with reasonable accommodations due to its inflexible leave policy.  The policy compelled the termination of employees who had exhausted their paid time off and/or any unpaid leave to which they were eligible under the FMLA.   In its complaint, for instance, the EEOC alleges that ValleyLife fired supervisor, Glenn Stephens, due to his need for further surgery when his FMLA leave was exhausted.  EEOC claims this termination violated the ADA because ValleyLife did not engage in any interactive process to determine whether any accommodations (including additional leave) were possible.  Stephens had worked for ValleyLife for over ten years at the time of his termination.  The EEOC contends that ValleyLife’s failure to offer extended leave or other accommodation to Stephens when his leave eligibility ended violated the ADA, which protects workers from discrimination based upon disability and requires employers to provide reasonable accommodations to the known physical or mental impairments of disabled employees unless doing so would cause an undue hardship.

The suit also alleges that ValleyLife commingled medical records in employee personnel files and failed to maintain these medical records confidential in violation of the medical record confidentiality requirements of the ADA, which requires employees’ to keep medical documents confidential and separate from other personnel records.

The lawsuit seeks lost wages and compensa­tory and punitive damages for the alleged victims, as well as appropriate injunctive relief to prevent discriminatory practices in the future.

Prepare Employment Discrimination Defenses

The EEOC suit against ValleyLife sends a message to employers of the need to use care to monitor and manage ADA and other disability discrimination risks at the end of a FMLA or other medical leave.  Employers assume at their own peril that their responsibility to an employee ends when an employee is unable to or fails to return to work following a FMLA or other medical leave.  Instead, the employer should evaluate whether the affected employee qualifies as disabled under the ADA and if so, whether the employer has any responsibility to offer the employee an extended leave or other accommodations before terminating the employee.

Employers also should consider reviewing and updating their current FMLA and other leave policies and communications to incorporate appropriate accommodation offer and administration procedures and notices, as well as other processes to ensure that these practices are operationalized in a manner to create and keep appropriate documentation to defend staffing decisions against potential claims of illegal discrimination under the ADA, Civil Rights, or other laws that could trigger ADA or other discrimination charges.  Employers should keep in mind that an evidentiary doctrine known as the “after acquired evidence rule” makes it important to properly document analysis and decision-making before an employment action is taken to help ensure that critical evidence of employer intention necessary to defend discrimination claims will not be excluded or compromised in the event of litigation.

For Advice, Training & Other Resources

Should your business need legal advice about the taxability of or other requirements on tips, gratuities or other compensation,  assistance assessing or resolving potential past or existing compliance exposures, or monitoring and responding to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, an ABA Joint Committee On Employee Benefits Council representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a Fellow in the American College of Employee Benefit Counsel, ABA, and State Bar of Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health plans and insurers about ACA, and a wide range of other plan design, administration, data security and privacy and other compliance risk management policies.  Ms. Stamer also regularly represents clients and works with Congress and state legislatures, EBSA, IRS, EEOC, OCR and other HHS agencies, state insurance and other regulators, and others.   She also publishes and speaks extensively on health and other employee benefit plan and insurance, staffing and human resources, compensation and benefits, technology, public policy, privacy, regulatory and public policy and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to receive these and other updates here.  Recent examples of these updates include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here

NOTE:  This article is provided for educational purposes.  It is does not establish any attorney-client relationship nor provide or serve as a substitute for legal advice to any individual or organization.  Readers must engage properly qualified legal counsel to secure legal advice about the rules discussed in light of specific circumstances.

The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations.  The Regulations now require that either we (1) include the following disclaimer in most written Federal tax correspondence or (2) undertake significant due diligence that we have not performed (but can perform on request).

ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, or (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2015 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press.  All other rights reserved.

 

Check Out Updated Kaiser Calculator For 2015 Zip Code-Specific Premium and Tax Credit Estimates for Health Marketplace Coverage Coverage

November 13, 2014

The Kaiser Family Foundation has announced that its updated Health Insurance Marketplace Calculator now includes zip code-specific data on 2015 health plans that are being sold through the Patient Protection & Affordable Care Act’s (ACA’s) insurance marketplaces during the open enrollment period that begins this Saturday, November 15.

Kaiser says the new tool allows consumers around the nation  to generate estimates of their health insurance premiums and government subsidies for 2015 plans that they purchase on their own through an ACA marketplace. The estimates are based on zip code, household income, family size and ages of family members. The calculator also helps consumers determine whether they could be eligible for Medicaid.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry, insurance, technology and other clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to OCR Privacy and Civil Rights, DOL, IRS, SEC, insurance department and other investigation and enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

For the past four years, Ms. Stamer has served as the  scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR.   Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


Ebola Scare & New OCR Privacy Guidance Reminder To Prepare For Pandemic & Other Emergencies

November 11, 2014

The recent US Ebola scare provided an important reminder to health care providers, health insurers and health plans, health care clearinghouses, employers and others of the importance of understanding and preparing to deal with health care privacy and other challenges arising from epidemics and other emergencies.  In response to the recent Ebola and other contagious disease outbreaks and just as U.S. health care and other business leaders are working to prepare for the biggest contagious disease time of the year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is reminding health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates that the privacy rules of the Health Insurance Portability & Accountability Act (HIPAA) requiring Covered Entities and their business associates to limit the use, access and disclosure of patient’s protected health information (PHI) continue to apply during emergency situations and help them understand when HIPAA allows them to share PHI in emergency situations in a new notice titled “HIPAA Privacy in Emergency Situations” (Guidance) published November 10, 2014. A business associate of a covered entity (including a business associate that is a subcontractor) also must continue to comply with HIPAA and may only make disclosures permitted by the Privacy Rule on behalf of a Covered Entity or another business associate to the extent authorized by its business associate agreement and consistent with HIPAA’s requirements.  With annual flu season approaching and the Ebola and other pandemic issues still circling, it’s time for all organizations to prepare to respond to these and other emergencies including the special privacy and other concerns they often raise.

Sharing Patient Information

The Guidance begins by reminding Covered Entities and their business associates that HIPAA’s Privacy Rule continues to apply in emergency situations and requires Covered Entities protect and prohibits their use, access or disclosure of patient’s protected health information except as allowed by HIPAA unless the patient authorizes the Covered Entity to disclose the PHI in accordance with HIPAA’s requirements for authorization set forth in 45 CFR 164.508.

The Guidance then goes on to discuss the following circumstances that the HIPAA Privacy Rule might allow Covered Entities to share PHI without getting patient authorization, subject to the reminder that in many cases, HIPAA will require that the Covered Entity limit the disclosure to the minimum necessary disclosure necessary for the allowable purpose and require other conditions to be fulfilled:

  • Treatment.

Under the Privacy Rule, covered entities may disclose, without a patient’s authorization, protected health information about the patient as necessary to treat the patient or to treat a different patient. Treatment includes the coordination or management of health care and related services by one or more health care providers and others, consultation between providers, and the referral of patients for treatment. See 45 CFR §§ 164.502(a)(1)(ii), 164.506(c), and the definition of “treatment” at 164.501.

  • Public Health Activities.

The HIPAA Privacy Rule recognizes the legitimate need for public health authorities and others responsible for ensuring public health and safety to have access to protected health information that is necessary to carry out their public health mission. Therefore, the Privacy Rule permits covered entities to disclose needed protected health information without individual authorization:

  • To Or At The Direction Of A Public Health Authority.

The HIPAA Privacy Rule allows Covered Entities to share protected health information with Public Health Authorities authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury or disability like the Centers for Disease Control and Prevention (CDC) or a state or local health department. This would include, for example, the reporting of disease or injury; reporting vital events, such as births or deaths; and conducting public health surveillance, investigations, or interventions. A “public health authority” is an agency or authority of the United States government, a State, a territory, a political subdivision of a State or territory, or Indian tribe that is responsible for public health matters as part of its official mandate, as well as a person or entity acting under a grant of authority from, or under a contract with, a public health agency. See 45 CFR §§ 164.501 and 164.512(b)(1)(i). For example, a covered entity may disclose to the CDC protected health information on an ongoing basis as needed to report all prior and prospective cases of patients exposed to or suspected or confirmed to have Ebola virus disease.

The HIPAA Privacy Rule also allows Covered Entities to share information at the direction of a public health authority:

    • To a foreign government agency that is acting in collaboration with the public health authority. See 45 CFR 164.512(b)(1)(i); and
    • To persons at risk of contracting or spreading a disease or condition if other law, such as state law, authorizes the covered entity to notify such persons as necessary to prevent or control the spread of the disease or otherwise to carry out public health interventions or investigations. See 45 CFR 164.512(b)(1)(iv)
  • Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification.

The HIPAA Privacy Rule allows a Covered Entity to share protected health information:

    • With a patient’s family members, relatives, friends, or other persons identified by the patient as involved in the patient’s care;
    • About a patient as necessary to identify, locate, and notify family members, guardians, or anyone else responsible for the patient’s care, of the patient’s location, general condition, or death including where necessary to notify family members and others, the police, the press, or the public at large. See 45 CFR 164.510(b).

The Guidance reminds Covered Entities, however, that the Privacy Rule requires the Covered Entity to get verbal permission from individuals or otherwise be able to reasonably infer that the patient does not object, when possible. If the individual is incapacitated or not available, the Guidance states Covered Entities may share information for these purposes if, in their professional judgment, doing so is in the patient’s best interest.

The Guidance also confirms that Covered Entities may share protected health information with disaster relief organizations authorized by law or by their charters to assist in disaster relief efforts like the American Red Cross for the purpose of coordinating the notification of family members or other persons involved in the patient’s care, of the patient’s location, general condition, or death. It is unnecessary to obtain a patient’s permission to share the information in this situation if doing so would interfere with the organization’s ability to respond to the emergency.

  • Imminent Danger

The Guidance also states that Covered Entities that are health care providers may share patient information with anyone as necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public – consistent with applicable law (such as state statutes, regulations, or case law) and the provider’s standards of ethical conduct. See 45 CFR 164.512(j).

  • Disclosures to the Media & Others Not Involved in the Care of the Patient/Notification

The Guidance also reminds Covered Entities of the importance of closely adhering to HIPAA’s rules when responding to information requests from the medial or others not involved in the care of a patient. The Guidance states that when the media or other other party not involved un the patient’s care asks the Covered Entity for information about a particular patient by name, a hospital or other health care facility may release limited facility directory information to acknowledge an individual is a patient at the facility and provide basic information about the patient’s condition in general terms (e.g., critical or stable, deceased, or treated and released) if the patient has not objected to or restricted the release of such information or, if the patient is incapacitated, if the disclosure is believed to be in the best interest of the patient and is consistent with any prior expressed preferences of the patient. See 45 CFR 164.510(a). In general, except in the limited circumstances authorized in the HIPAA Privacy Rule, affirmative reporting to the media or the public at large about an identifiable patient, or the disclosure to the public or media of specific information about treatment of an identifiable patient, such as specific tests, test results or details of a patient’s illness, may not be done without the patient’s written authorization (or the written authorization of a personal representative who is a person legally authorized to make health care decisions for the patient).

  • Minimum Necessary Restriction Requirement

The Guidance cautions Covered Entities and their business associates that for most disclosures, a Covered Entity generally must make reasonable efforts to limit the information disclosed to that which is the “minimum necessary” to accomplish the purpose. However, this minimum necessary requirement does not apply to disclosures to health care providers for treatment purposes.

Covered Entities may rely on representations from a public health authority or other public official that the requested information is the minimum necessary when making disclosures in response to request from those parties. For example, a covered entity may rely on representations from the CDC that the protected health information requested by the CDC about all patients exposed to or suspected or confirmed to have Ebola virus disease is the minimum necessary for the public health purpose.

  • Required Internal Restrictions On Use, Access & Disclosure

Internally, covered entities should continue to apply their role-based access policies to limit access to protected health information to only those workforce members who need it to carry out their duties. See 45 CFR §§ 164.502(b), 164.514(d).

Safeguarding Patient Information

Beyond limiting the use, access and disclosure of PHI, the Guidance also reminds Covered Entities and their business associates that even in emergency situations, HIPAA continues to require them to implement reasonable safeguards to protect patient information against intentional or unintentional impermissible uses and disclosures as well as to apply the administrative, physical, and technical safeguards of the HIPAA Security Rule to electronic PHI.

Limited Waiver

Although HHS has yet to take steps to trigger a limited waiver, the Guidance also reminds Covered Entities and their business associates that HHS has the power to do so, the effect of a limited waiver and the circumstances under which HHS could elect to apply  a limited waiver to waive sanctions against a hospital for certain specific types of HIPAA violations while the waiver is in effect.

As the Guidance notes, the HIPAA Privacy Rule is not suspended during a public health or other emergency.  Rather, the limited waiver rules only operates to permit the Secretary of HHS to waive certain provisions of the Privacy Rule under the Project Bioshield Act of 2004 (PL 108-276) and section 1135(b)(7) of the Social Security Act. The limited waiver only applies when the President declares an emergency or disaster and HHS declares a public health emergency. When and if these requirements are met, HHS may waive sanctions and penalties against a Covered Entity that is a hospital for failing to comply with the following HIPAA Privacy Rule provisions:

  • The requirements to obtain a patient’s agreement to speak with family members or friends involved in the patient’s care. See 45 CFR 164.510(b).
  • The requirement to honor a request to opt out of the facility directory. See 45 CFR 164.510(a).
  • The requirement to distribute a notice of privacy practices. See 45 CFR 164.520.
  • The patient’s right to request privacy restrictions. See 45 CFR 164.522(a).
  • The patient’s right to request confidential communications. See 45 CFR 164.522(b).

If the Secretary issues such a waiver, Covered Entities and their business associates should keep in mind the waiver only applies to the list violations and only applies:

  • For so long as the waiver remains in effect;
  • In the emergency area and for the emergency period identified in the public health emergency declaration
  • To hospitals that have instituted a disaster protocol; and
  • For up to 72 hours from the time the hospital implements its disaster protocol.

When the Presidential or Secretarial declaration terminates, a hospital must then comply with all the requirements of the Privacy Rule for any patient still under its care, even if 72 hours has not elapsed since implementation of its disaster protocol.

Not Necessarily Just About HIPAA

HIPAA is not necessarily the only law that Covered Entities, business associates or others need to consider when deciding what to disclose during an emergency or otherwise.  The HIPAA Privacy Rule applies to disclosures made by and Covered Entities, business associates employees, volunteers, and other members of a Covered Entity’s or Business Associate’s workforce. The Privacy Rule does not apply to disclosures made by entities or other persons who are not Covered Entities.

Beyond HIPAA, Covered Entities, their business associates or members of their workforce, employers, and other organizations also need to consider whether other federal or state laws, ethical rules, contracts or policies may restrict use or disclosure, safeguard, or take other steps to protect PHI or other information.  For instance, other federal laws, state law, professional ethical rules, contracts, facility policies or procedures, or other restrictions often apply to health care provides, insurers, brokers, employers or others.  Employers, health care organizations, insurers and others also need to be concerned about potential discrimination, common law and statutory privacy, retaliation, defamation and other exposures.

Prepare For Compliance Now

The recent experiences of various health care organizations intimately involved in caring for the Ebola patients highlights the importance of anticipating, preparing and conducting training, and having your workforce practice to prepare  to deal with the special challenges of dealing with HIPAA and other legal responsibilities in advance of emergency events.  When preparing for these events, Covered Entities and business associates need to take into account the need to comply operationally as well as to document and retain records of compliance.   They should  both should anticipate and prepare to respond to both typical inquiries as well as those from the media, public and others.   They also should consider how various types of emergencies could create new privacy or security risks.  For instance, in certain emergency situations, recordkeeping or other systems could be disrupted, impacting the ability retain and subsequently produce required documentation.  Furthermore, Covered Entities also should prepare to manage the patient and public relations aspects of these events including adverse impressions that often arise when the media or others are disappointed at being denied information because of compliance obligations, from breaches or perceived breaches, or other similar events.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 26 years experience advising health industry, insurance, technology and other clients to establish and administer compliance and risk management policies; prevent, conduct and investigate, and respond to peer review and other quality concerns; and to respond to OCR Privacy and Civil Rights, DOL, IRS, SEC, insurance department and other investigation and enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights,  Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.  Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.  In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans,  as well as  HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for  Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

For the past four years, Ms. Stamer has served as the  scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR.   Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here.

©2014 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


New OCR Guidance Assigns More HIPAA Homework Health Plans, Providers, Business Associates and Employers

March 5, 2014

Think your health plan, health care organization, health care clearinghouse or their business associates has health care privacy covered?  Think again.

A series of supplemental guidance issued by the Department of Health & Human Services Office of Civil Rights (OCR) in recent weeks is giving health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates even more to do in reviewing and updating their policies, practices and training for handing protected health information (PHI) beyond bringing their policies and practices into line with OCR’s restatement and update to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act since the Omnibus Final Rule took effect on March 26, 2013 and to have updated business associate agreements in place since September 23, 2013.  Meanwhile, the Omnibus Final Rule generally has required business associates have updated business associate agreements in place and otherwise to have come into compliance with all of the applicable requirements of the Omnibus Final Rule since September 23, 2013.  Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in  the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same.    When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

 For Representation, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update distributions here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.


Dermatology Practice To Pay $150K To Settle Charges It Breached HIPAA Breach Notice Rule

December 26, 2013

A new settlement agreement announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows health plans, health care providers, health care clearinghouses and their business associates the perils of failing to properly implement the necessary policies and procedures to comply with the breach notification requirements added to the Health Insurance Portability & Accountability Act of 1996 (HIPAA) added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).

Private dermatology practice,, Adult & Pediatric Dermatology, P.C., (APDerm) has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy,  Security, and Breach Notification Rules.  The APDerm Setttlement  marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

According to its December 26, 2013 announcement of the settlement, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered.  The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process.  Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The APDerm settlement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On WebsiteIt joins the  growing list of settlement or resolution agreements under HIPAA announced by OCR.

The APDerm also is notable both as it settles the first ever charges against a covered entity for failing to adopt required Breach Notification policies and procedures and the relatively most settlement payment required in comparison to other announced settlement.  Other settlements have been significantly higher.  For instance,  OCR required that Blue Cross Blue Shield of Tennessee (BCBST) to pay $1.5 million to resolve HIPAA violations charges.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s audit,  investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, evolving rules and technology, and other developments to determine if additional steps are necessary or advisable. For tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

For the past two years, Ms. Stamer has served as the  scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR.   Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.  You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here.

©2013 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.


HHS Share Model HIPAA Notices 1 Week Before Deadline For Updating Business Associate Agreements

September 16, 2013

A week before the September 23, 2013 deadline for all health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates to have updated their business associate agreements to comply with the Final Omnibus HIPAA Rule, the Department of Health & Human Services Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) today (September 16, 2013) released Model Notices of Privacy Practices (Notices) for health care providers and health plans to use to communicate with their patients and plan members. With penalties and enforcement continuing to rise, Covered Entities and their business associates should take appropriate steps to review and update their privacy and breach notification policies and procedures, privacy officer appointments, notices of privacy practices, business associate agreements and other HIPAA compliance and risk management documentation, practices, procedures and coverage, breach notification and other HIPAA compliance and risk management practice.

Model HIPAA Notices

Developed collaboratively by ONC and OCR the Notices available here designed in the following three different styles are designed for users to customize to fit their specific needs and practices:

  • A notice in the form of a booklet;
  • A layered notice with a summary of the information on the first page and full content on the following pages; and
  • A notice with the design elements of the booklet, but that is formatted for full-page presentation.

Use of these model Notices is optional.  While the agencies designed the Notices to let Covered Entities to use these models by entering some of their own information into the model, such as contact information, and then printing for distribution and posting on their websites, Covered Entities should consult with legal counsel to determine the suitability of the Notices generally for their entity’s use and any customization, if any, that may be recommended or required to a Notice if the Covered Entity decides rely upon a model Notice to prepare its Notice of Privacy Practices.  To facilitate any tailoring, the agencies provided a text-only version for Covered Entities wishing only wish to use the content with or without tailoring.

September 23 Business Associate Agreement Update Deadline

September 23, 2013 also is the final deadline established in the Final Omnibus HIPAA Rule for Covered Entities and their business associations to update the business associate agreements required by HIPAA to reflect application of the breach notification, business associate, and many of HIPAA’s requirements to directly cover business associates and other aspects of the Health Information Technology for Economic and Clinical Health (HITECH) Act enacted as part of the American Recovery and Reinvestment Act of 2009.  While HHS published a Sample Business Associate Agreement last June to aid Covered Entities and their business associates with understanding the business associate agreement requirements as impacted by the Omnibus Final HIPAA Rule, it also made clear that Covered Entities and their business associates should tailor their business associate agreements to fit their specific circumstances and relationships.  OCR National Office and regional officials speaking about their findings about past business associate agreement compliance have indicated that their audit and enforcement activities show widespread compliance issues among Covered Entities and business associates with the original business associate agreements.  OCR clearly expects Covered Entities and their business associates to address and resolve these compliance issues going forward.

Covered Entities and their business associates are increasingly at peril if caught violating HIPAA’s Privacy, Security or Breach Notification rules.  With the HITECH Act Breach Notification rules now requiring Covered Entities to self-disclose breaches, OCR becomes aware of breaches much more easily.  Coupled with the HITECH Act’s increase in sanctions for HIPAA violations, Covered Entities and, beginning September 23, 2013, their business associates face rising risks for violating HIPAA.  See, e.g. HHS Settles with Health Plan in Photocopier Breach Case; WellPoint Settles HIPAA Security Case for $1,700,000; Shasta Regional Medical Center Settles HIPAA Security Case for $275,000; Idaho State University Settles HIPAA Security Case for $400,000; and HHS announces first HIPAA breach settlement involving less than 500 patients.

In response to the updated Final Regulations and these expanding HIPAA enforcement and exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable.   In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For Help or More Information

If you need assistance responding to HIPAA or other health industry regulatory, enforcement or other developments, reviewing or tightening your policies and procedures, conducting training or audits, responding to or defending an investigation or other enforcement actions; with 2014 health plan decision-making, or with reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer for help.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer is widely recognized for her extensive work, publications, and thought leadership on HIPAA and other privacy and data security issues.  Scribe for the ABA JCEB annual Technical Sessions meeting with OCR for the past three years, Ms. Stamer’s experience includes extensive work advising, representing and training health plan, health insurance, health IT, health care and other clients on HIPAA and other privacy, data protection and breach and other related matters and represents and advises these and other clients in responding to OCR Privacy and Civil Rights and other HHS agencies, Labor Department, IRS regulations, investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.  She also is recognized for her extensive publications and programs including numerous highly regarding publications and programs on HIPAA and other privacy and data security concerns as well as a wide range of other workshops, programs and publications.

Beyond her HIPAA involvement, Ms. Stamer also continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials concerning regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

For important information about this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C. 

Nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


[*] On January 24, 2013, the Department of Labor (the Department) issued guidance stating the Department’s conclusion that the notice requirement under FLSA section 18B will not take effect on March 1, 2013 for several reasons until further guidance setting the extended deadline was published.


IRS Publishes Final Health Reform Individual Shared Responsibility Rules

September 1, 2013

Starting in 2014, the Individual Shared Responsibility mandate of the Patient Protection & Affordable Care Act (ACA) dictates that each individual American either have minimum essential coverage for each month, qualify for an exemption, or make a payment when filing his or her federal income tax return.  In anticipation of the implementation of this Individual Shared Responsibility mandate, the Department of the Treasury and the Internal Revenue Service (IRS) published final regulations implementing the Individual Shared Responsibility mandate in the Internal Revenue Code. The guidance contained in these final regulations provide each American with critical information about their families’ potential exposure to liability for the individual shared responsibility tax in 2014 as well as key insights for employers.  Solutions Law Press, Inc.  authors are finalizing various articles on certain key aspects of these new regulations for publication over the next few days. Stay tuned for more details!

For each month beginning after December 31, 2013, Internal Revenue Code Section 5000A’s Individual Shared Responsibility mandate requires that individual Americans either qualify as exempt, maintain minimum essential coverage for themselves and any nonexempt family members, or pay an individual shared responsibility payment when paying their Federal income tax return.  A taxpayer will be obligated to pay the individual shared responsibility tax under Internal Revenue Code Section 5000A for any non-exempt individual the taxpayer claims on his or her individual tax return as a dependent who is not exempt or enrolled in minimum essential coverage.

Under § 5000A(f)(2), minimum essential coverage includes coverage under an eligible employer-sponsored plan.

The final regulations set the rules that the IRS will use to decide when an individual American will become liable for paying the tax imposed by ACA for failing to maintain the minimum required health insurance coverage mandated by ACA beginning January 1, 2013 and other related rules.  While specifically addressing the obligations of individual Americans to pay the Individual Shared Responsibility payment, the final rules coupled with the availability of the new option for individual Americans to buy coverage through an ACA-qualified federal health care exchange and, depending on the adjusted household income of the individual, potentially also to receive tax credits for enrolling in coverage through an exchange is likely to impact the enrollment choices that employed individuals make about enrolling in coverage offered by their employer versus in coverage through a federally qualified health insurance exchange.  Accordingly, both individual Americans and the businesses that employ them should act quickly to understand the key aspects of the final regulations and their implications.

When considering the effect of these final regulations, employers and individual Americans should keep in mind that Notice 2013-42, issued on June 26, 2013, provides limited transition relief from the Individual Shared Responsibility mandate for employees and their families who are eligible to enroll in certain employer-sponsored health plans with a plan year other than a calendar year if the plan year begins in 2013 and ends in 2014. For additional information on the Individual Shared Responsibility provision, the final regulations and Notice 2013-42, see the IRS questions and answers.

Coming slightly less than a month before the October 1, 2013 scheduled opening of the first enrollment period for individual Americans to enroll in health care coverage through a federally qualified health insurance exchange created pursuant to ACA and the deadline for employers to deliver the notice of the availability of this option dictated by Fair Labor Standards Act 18B,  the final regulations and Obama Administration’s announced plans to enforce its provisions has drawn criticism from a number of groups.  While the Obama Administration has indicated that it still plans to enforce the Individual Shared Responsibility mandate against individual Americans, it announced in July, 2013 that it would delay enforcement of the Employer Shared Responsibility Mandate rules of Internal Revenue Code Section 4980H until 2015.  Many consumer rights groups and others are arguing that the Administration should also delay its enforcement of the Individual Shared Responsibility Mandate in light of its delay of enforcement of Internal Revenue Code Section 4980H against businesses.   Pending a reversal of its position or Congressional relief, the final regulation signal to individual Americans and their employers to prepare to deal with the new Individual Shared Responsibility Mandate beginning in January, 2014.

While the delay in enforcement of the Section 4980H employer shared responsibility payment until 2015 means that employers will not incur liability for failing to provide coverage meeting the minimum essential coverage, minimum value and affordability standards of Internal Revenue Code Section 4980H, the impending implementation of the Individual Shared Responsibility mandate of Internal Revenue Code Section 5000A and the impending availability of tax credits for certain individuals with Household Adjusted Gross Incomes of less than 400 percent of the poverty level almost certainly will influence enrollment decisions that employees make concerning coverage offered by their employer, if any.  Employers  can expect that employee choices about enrolling in employer-sponsored group health coverage will be influenced by the impending obligation to enroll in coverage or pay the individual shared responsibility tax in 2014 governed by the final regulations.  Employers can expect that employee concern about these exposures will prompt many employees to carefully scrutinize and in some cases question the information and implications of information provided by the employer or its plan such as the Section 18B notice that employers must provide by October 1, 2013, the summary of benefits and coverage (SBC) that the Affordable Care Act obligations the employer or plan to provide as the employees work to sort out their choices.  As these and other plan communications are likely to face significant scrutiny, employers and their employee benefit plan fiduciaries and administrators should use extra care to ensure that these and other plan documents and communications are carefully and precisely tailored to accurately convey all material plan terms.

For Help or More Information

If you need help understanding or dealing with these impending notification requirements, with other 2014 health plan decision-making or preparation, or with reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals.  A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials concerning regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations.   She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications.   You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

For important information about this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS.  ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

©2013 Cynthia Marcotte Stamer, P.C. 

Nonexclusive license to republish granted to Solutions Law Press, Inc.  All other rights reserved.


[*] On January 24, 2013, the Department of Labor (the Department) issued guidance stating the Department’s conclusion that the notice requirement under FLSA section 18B will not take effect on March 1, 2013 for several reasons until further guidance setting the extended deadline was published.


Follow

Get every new post delivered to your Inbox.

Join 600 other followers