If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.©2017. Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
©2017. Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.
Metro Community Provider Network (MCPN), a federally-qualified health center (FQHC), must pay $400,000 and implement a corrective action plan to resolve U.S. Department of Health and Human Services, Office for Civil Rights (OCR) charges it violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule by failing to implement a security management process to safeguard electronic protected health information (ePHI). The latest in a growing series of high-dollar HIPAA settlements and penalty assessments, it reminds health plans and other HIPAA-covered entities of the importance of conducting risk assessments and other actions to prevent and prepare to respond to hacking and other data breach and security events.
The Resolution Agreement and Corrective Action Plan, like most others before it, resulted from an investigation opened in response to a breach report. On January 27, 2012, MCPN filed a breach report with OCR indicating that a hacker accessed employees’ email accounts and obtained 3,200 individuals’ ePHI through a phishing incident. OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident. However, the investigation also revealed that MCPN failed to conduct a risk analysis until mid-February 2012 – well after the hacking incident reported in the breach report.Prior to the breach incident, MCPN had not conducted a risk analysis to assess the risks and vulnerabilities in its ePHI environment, and, consequently, had not implemented any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis.
When MCPN finally conducted a risk analysis, OCR found that risk analysis, as well as all subsequent risk analyses, were insufficient to meet the requirements of the Security Rule.
OCR made a point in announcing the Resolution Agreement of noting it considered MCPN’s status as a FQHC when balancing the significance of the violation with MCPN’s ability to maintain sufficient financial standing to ensure the provision of ongoing patient care. MCPN provides primary medical care, dental care, pharmacies, social work, and behavioral health care services throughout the greater Denver, Colorado metropolitan area to approximately 43,000 patients per year, a large majority of whom have incomes at or below the poverty level. It is likely that OCR would have imposed a much greater settlement amount had the covered entity not been a FQHC serving the poor.
About The Author
Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.
Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.
Throughout her career, she has helped health industry clients manage workforce, medical staff, vendors and suppliers, medical billing, reimbursement, claims and other provider-payer relations, business partners, and their recruitment, performance, discipline, compliance, safety, compensation, benefits, and training ;board, medical staff and other governance; compliance and internal controls; strategic planning, process and quality improvement; change management; assess, deter, investigate and address staffing, quality, compliance and other performance; meaningful use, EMR, HIPAA and other data security and breach and other health IT and data; crisis preparedness and response; internal, government and third-party reporting, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.
Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other laws.
The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked closely with a diverse range of physicians, hospitals and healthcare systems, DME, Pharma, clinics, health care providers, managed care, insurance and other health care payers, quality assurance, credentialing, technical, research, public and private social and community organizations, and other health industry organizations and their management deal with governance; credentialing, patient relations and care; staffing, peer review, human resources and workforce performance management; outsourcing; internal controls and regulatory compliance; billing and reimbursement; physician, employment, vendor, managed care, government and other contracting; business transactions; grants; tax-exemption and not-for-profit; licensure and accreditation; vendor selection and management; privacy and data security; training; risk and change management; regulatory affairs and public policy and other concerns.
As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.
Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.
Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns. Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.
Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.
A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved. For information about republication or other use, please contact Ms. Stamer here.
Congress Sends President Resolution Striking Down EBSA Regs Allowing States To Default Enroll Non-Governmental Employees In State Run Savings PlansApril 5, 2017
Congress has sent to President Trump for signature a resolution striking down amendments made on December 20, 2016 by the Employee Benefit Security Administration (EBSA) to its regulations on “Savings Arrangements Established by Qualified State Political Subdivisions for Non-Governmental Employees” (Regulation).
Adopted at the end of the Obama Administration, the amended Regulation empowered state governments and their political subdivisions to design and operate payroll deduction savings programs for private-sector employees, including programs that use automatic enrollment, without causing the states or private-sector employers to have established employee pension benefit plans subject to ERISA.
While EBSA in adopting the Rule and other advocates of the Regulation touted it as expanding savings options for Americans not otherwise covered by private retirement programs, Republican leaders and other critics argued among other things that the Regulation undercut the retirement security safeguards provided by ERISA for private sector employees by authorization the creation of government-run plans that lacked the basic protections for retirement savers provided by ERISA and as a result, left private sector workers and retirees forced into these programs with “nowhere to turn if their savings were mismanaged.”
H.J.Res.67 disapproves the Rule and directs that its provisions are to have “no force or effect.” President Trump is expected to sign the Resolution into law.
About The Author
About Solutions Law Press, Inc.™
Employers looking for cost-effective opportunities to sweeten the perceived value their compensation and fringe benefit packages periodically should re-examine their policies for reimbursement of employees for ordinary and necessary business expenses an employee incurs in connection with the performance of his duties, such as:
- Required work clothes or uniforms not appropriate for everyday use.
- Supplies and tools for use on the job.
- Business use of a car.
- Business meals and entertainment.
- Business travel away from home.
- Business use of a home.
- Work-related education.
Businesses generally consider a wide range of factors when deciding what expenses to reimburse to employees. In arriving at these decisions, however, many businesses overlook the opportunity to stretch the overall compensation dollars by reimbursing employees for business expenses in lieu of paying cash compensation to the employee but requiring the employee to use after tax dollars to pay business expenses not reimbursed by the employer.
While many employers believe “cash is king” when paying employees, paying employees more cash in lieu of reimbursing employees for business often increases the employment tax liability of the employer while also unwittingly diminishing the value of the cash compensation paid to the employee because of federal tax rules governing individual deductions a business expenses.
While the Internal Revenue Code and associated Internal Revenue Service regulations impose special rules for certain categories of employment, federal tax law generally allows businesses both:
- To deduct from the gross income of the business for purposes of determining its adjusted gross income those amounts the business pays as wages as well as amounts paid to reimburse an employee for ordinary and necessary business expenses expended by the employee in the performance of his duties and to exclude such amounts for calculating the employment tax liabilities of both the employer and the employee; and
- In many, but not all instances, to exclude all or some of the reimbursement amount from the taxable wages of the employee for income tax and/or employment tax purposes.
The income and employment tax treatment of business expenses paid by an employee generally is much less favorable when an employee seeks to deduct or exclude xpenditures made for ordinary and necessary business expenses from taxable income.
While federal income tax rules generally allow businesses to deduct ordinary and business expenses directly from gross income to arrive at their taxable adjusted gross income, federal tax rules are more restrictive concerning the deduction of business expenses by employees for income tax purposes and provides no easy mechanism to claim credit for such amounts for employment tax purposes.
In general, the Internal Revenue Code generally only allows employees who otherwise have sufficient deductible expenses to itemize deductions to claim any business expenses as a deduction when calculating their federal income taxes. Depending on the income of the workforce and particularly in the case of lower income workers, the itemization requirement effectively bars a large percentage of employees from any possibility of deducting business expenses incurred in the performance of their work.
Beyond the requirement to itemize, the Internal Revenue Code also imposes a second hurdle that further restricts the deductibility of business expenses when claimed by an employee versus a business. Specifically, the Internal Revenue Code generally only allows an employee to deduct business expenses paid by the employee to the extent those expenses exceed 2% of the employee’ adjusted gross income. This means that even those employees who qualify to file itemize deductions cannot deduct the initial 2% of the ordinary and necessary business expenses the employee pays and connection of the performance of his job even though the Internal Revenue Code would allow the employer to deduct the full amount of amounts paid to reimburse the employee for those same expenses.
Since most employees understand that the purchasing power of any cash compensation they receive from the employer is reduced by the amount of any expenses that they pay but are not reimbursed for, considering reimbursing employees for expenses in lieu of paying the employee cash, then requiring the employee to pay those expenses out of taxable income.
Of course, when considering whether to pay or reimburse employee expenses, employers also should evaluate and verify that their planned treatment of an expenditure and its reimbursement otherwise complies with any union or other contracts, as well as any applicable federal and state occupational safety, wage and hour and other laws.
Regardless of whether the employer or the employee plans to claim a business expense for tax purposes, an employer should encourage its employees to keep, and if reimbursing the employee, submit good records for proof of income and expenses. Employers reimbursing business expenses may wish to educate employees about both the tax and financial value of these reimbursement benefits as a part of the overall compensation package provided to employees. Even where an employer does not reimburse its employees all or part of an otherwise deductible business expense, however, it also may want to share Internal Revenue Service resources like “IRS Publication 529, Miscellaneous Deductions,” and “Publication 463, Travel, Entertainment, Gift and Car Expenses” with employees to help educate employees about these tax rules and their opportunities and responsibilities.
About The Author
About Solutions Law Press, Inc.™
A series of Labor Department Office of Inspector General (OIG) reports emphasizing safety signal possible stepped up safety regulation and enforcement.
OIG recently released the following report(s):
- OSHA Could Do More to Ensure Employers Correct Hazards Identified During Inspections, Report No. 02-17-201-10-105 (March 31, 2017);
- Better Strategies Needed To Increase Employer Participation In The State Information Data Exchange System, Report No. 04-17-003-03-315 (March 31, 2017);
- MSHA Needs to Provide Better Oversight of Emergency Response Plans, Report No. 05-17-002-06-001 (March 31, 2017); and
- Review of Job Corps Center Safety and Security, Report No. 26-17-001-03-370 (March 31, 2017).
Since the findings of these reports are likely to prompt enhanced regulatory activity, enforcement or both by the Labor Department, employers should consider their recommendations when evaluating and planning their safety efforts. At the same time, business leaders and others monitoring these developments should keep in mind that the OIG reports were published in the absence of new Labor Department leadership appointed by the Trump Administration. It remains to be seen how fully and which of these recommendations that the new Secretary of Labor ultimately appointed by the Trump Administration will implement.
About The Author
About Solutions Law Press, Inc.™