Federal Agencies Take Aim At Businesses, Benefit Plan Fiduciaries & Service Providers & Others With Lax CyberSecurity & CyberBreach Compliance; Build Defenses By Strengthening Internal & External Controls & Risk Managment

October 19, 2021

Businesses, their employee benefit plan fiduciaries, their employer and other sponsors, their record keepers, financial advisors and other service providers and other business partners face growing pressure to shore up cyber security and cyber breach compliance and other safeguards to defend against a slew of  new and ongoing federal cyber security and breach regulatory and enforcement the Biden-Harris Administration is rolling out in its effort to stem the rising tide of  cybersecurity incidents.

Agencies Targeting Businesses, US Entities & Their Leaders For CyberSecurity & CyberBreach Regulation & Enforcement

On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced plans to civilly prosecute federal government contractors that fail to follow required cyber security standards under the False Claims Act under a new Civil Cyber-Fraud Initiative to be led by DOJ’s Civil Division’s Commercial Litigation Branch, Fraud Section.  While adding new exposures to the already substantial exposures  federal government contractors and grant recipients already face for failing to comply with applicable cybersecurity and cyberbreach notifications under federal and state laws, the Civil Cyber-Fraud Initiative also provides more evidence that the Biden-Harris Administration is serious about moving forward on its broader strategy to stem the recurrent waves of disruptive cyber breaches and other security incidents buffeting U.S. public and private institutions and citizens by ramping up cybersecurity regulations, oversight and enforcement against all U.S. organizations.   See e.g., New DOJ Civil Cyber-Fraud Initiative Pressures Federal Contractors & Grant Recipients To Tighten Cybersecurity Controls, Training & Other Safeguards. May 12, 2021 Executive Order on Improving the Nation’s Cybersecurity; July 28, 2021 National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.

The DOJ Civil Cyber-Fraud Initiative is the latest in a growing list of new regulatory and enforcement programs placing pressure on U.S. businesses and their leaders to get serious about cybersecurity.  Examples of some of the more far reaching of these new or continuing programs include:

  • Government Contractors. 

Under the Civil Cyber-Fraud Initiative, DOJ plans to use the False Claims Act to prosecute pursue cyber security related fraud by government contractors and grant recipients.  According to DOJ, the initiative will hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cyber security products or services, knowingly misrepresenting their cyber security practices or protocols, or knowingly violating obligations to monitor and report cyber security incidents and breaches. Federal contractors and grant recipients submitting claims for federal funds will be considered to have filed a false claim in violation of the False Claims Act if their cyber security and cyber breach practices are not compliant with applicable federal requirements when the payment is requested.

  • Federal Health Program Participating Health Care Providers And Plans. 

The DOJ Cyber-Fraud Initiative follows a similar interpretation of the Department of Health & Human Services (“HHS”) Office Inspector General (“OIG”) about the cybersecurity and cyberbreach compliance requirements health care providers and health plan issuers participating in Medicare and certain other federally funded health care programs (“Medicare Participating Providers”) are accountable to meet under the Conditions of Participation for those programs.  HHS OIG’s construction of these Conditions of Participation as including cybersecurity and cyberbreach compliance signs that Medical Participating Providers with deficient cybersecurity practices now may risk program disqualification and False Claims Act liability along with their already well-known exposure to civil monetary penalties under the Health Insurance Portability & Accountability Act (“HIPAA”) protected health information privacy, security and data breach rules.

  • Health & Other Employee Benefit Plans. 

Health plans and other employee benefit plans, their fiduciaries, record keepers and service providers also face growing cybersecurity responsibilities and risks.  While HHS Office of Civil Rights (“OCR”) continues to clarify and expand its interpretation, investigation and enforcement of HIPAA privacy, security and data breach rules against health plans, health care providers, health care clearinghouses and their business associates, the Department of Labor Employee Benefit Security Administration is turning up the heat on employee benefit plan fiduciaries to prudently protect their employee benefit plan assets and participants against cyberthreats.

On April 14, 2021, the Department of Labor Employee Benefit Security Administration (“EBSA”) made official its interpretation of the duty of prudence applicable to employee benefit plan fiduciaries under Section 404 of the Employee Retirement Income Security Act (“ERISA”) includes a duty for ERISA-covered employee benefit plan fiduciaries to take “appropriate precautions” to mitigate risks to plan participants and assets from both internal and external cybersecurity threats. The April 14 announcement makes official EBSA’s interpretation of the duty of prudence applicable to fiduciaries of ERISA-covered employee benefit plans as extending to a duty to act prudently to safeguard plan assets and plan participants against cybersecurity threats.

Concern about cyberthreats to private employee benefit plans covered by ERISA, their participants and beneficiaries has soared as massive data breaches  Federal Thrift Savings Plan, Anthem, Capital Onethe Public Employees Retirement Association of New Mexico and other employee benefit plans, their vendors and service providers increasingly have impacted millions of employee benefit plans, their accounts and participants.

While Congress chose to subject health plans to the detailed health privacy, security and breach rules of HIPAA and financial and certain other employee benefit plan service providers to consumer financial disclosure and data information security requirements of laws like Gramm-Leach-Bliley Act and the Fair and Accurate Credit Transactions Act, and even employers and others conducting background and other credit checks to the  Fair Credit Reporting Act, growing awareness of the cyberthreat to employee benefits has not prompted Congress to date to extend those laws or otherwise to enact express statutory requirements for employee benefit plans and their fiduciaries.  However, private litigants and others increasingly have speculated that a fiduciary duty to safeguard plan asset against cyberthreats might be subsumed in the obligation of fiduciaries under Section 404 of ERISA at all times to act with “the care, skill, prudence, and diligence under the circumstances then prevailing that a prudent man acting in a like capacity and familiar with such matters would use in the conduct of an enterprise of a like character and with like aims.” See, e.g., See Record $16M Anthem HIPAA Settlement Signals Need to Tighten Your Health Plan HIPAA Compliance & Risk Management.

While EBSA has worked to formulate its recently announced positions, private litigants increasingly have begun debating the applicability and effect of ERISA on cyberbreaches involving ERISA regulated plans.  See e.g., In re Anthem, Inc. Data Breach Litig., No. 15-CV-04739-LHK, 2015 WL 7443779, at *1 (N.D. Cal. Nov. 24, 2015)(holding Anthem entitled under ERISA to remove claims to federal court and refusing employee benefit plan participants’ motion to remand to state court state claims arising from data breach); In re Anthem, Inc. Data Breach Litig., No. 15-MD-02617-LHK, 2016 WL 3029783 (N.D. Cal. May 27, 2016)(refusing to dismiss participant claims against non-Anthem defendants for lack of standing), motion reconsideration denied In re Anthem, Inc. Data Breach Litig., No. 15-CV-04739-LHK, 2016 WL 324386 (N.D. Cal. Jan. 27, 2016); Bartnett v. Abbott Lab’ys, No. 20-CV-02127, 2021 WL 428820, at *5 (N.D. Ill. Feb. 8, 2021) (dismissing breach of fiduciary duty claim based on inadequate evidence); In re: Premera Blue Cross Customer Data Sec. Breach Litig., No. 3:15-MD-2633-SI, 2017 WL 539578, at *21 (D. Or. Feb. 9, 2017). While mostly unsuccessful to date for procedural or factual sufficiency reasons, the preemption issues argued in many of these cases support concerns that under the proper circumstances ERISA could apply to breaches involving plans or their participants.  As these and other actions continue to wind their way through the courts, EBSA also has begun to acknowledge that ERISA plan fiduciaries duties of prudence include cybersecurity responsibilities.

EBSA’s first official recognition of a cybersecurity responsibility by plan fiduciaries appears in the Default Electronic Disclosure by Employee Pension Benefit Plans Under ERISA Final Rule (the “Electronic Disclosure Rule”), which took effect July 27, 2020 . In the discussion of its requirements regarding website-based electronic disclosures in Subpart (e)(3), the Electronic Disclosure Rule requires that “[T]he administrator must take measures reasonably calculated to ensure that the website protects the confidentiality of personal information relating to any covered individual.”  Similarly, the requirements for using e-mail to provide electronic disclosures in Subsection (k)(4) of the Electronic Disclosure Rule require the plan administrator to take “measures reasonably calculated to protect the confidentiality of personal information relating to the covered individual.”  While recognizing these cyber security responsibilities in the Electronic Disclosure Rule, however,  EBSA explained in the Preamble to the Electronic Disclosure Rule that it decided not to include more cumbersome cybersecurity requirements in the Electronic Disclosure Rule out of concern over the cost and other burdens of such requirements.  Nevertheless, the Electronic Disclosure Rule imposed a responsibility by plan fiduciaries of employee benefit plans making electronic disclosures to ensure that electronic recordkeeping systems have in place reasonable controls, adequate records management practice, and other measures calculated to protect Personally Identifiable Information.

EBSA’s April 14, 2021 reflects EBSA now views the fiduciary responsibilities of ERISA-covered employee benefit plan fiduciaries generally as including the responsibility to take “appropriate precautions” to mitigate risks to plan participants and assets from both internal and external cybersecurity threats. Beyond acknowledging a duty to take prudent steps to protect plans assets and participants against internal and external cybersecurity threats, EBSA also shared the following three resources to help plan sponsors, fiduciaries and participants to safeguard benefit plans and personal information against emerging cyber threats:

  • Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
  • Cybersecurity Program Best Practices: Assists plan fiduciaries and record-keepers in their responsibilities to manage cybersecurity risks.
  • Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.
  • Participants in Securities Markets, Market Infrastructure Providers & Vendors. 

Meanwhile the Securities and Exchange Commission (“SEC”) also has made clear its expectation that all firms participating in the securities markets, market infrastructure providers and vendors will appropriately monitor, assess and manage their cybersecurity risk profiles, including their operational resiliency. Consistent with the shared understanding of best cybersecurity practices shared with the agencies, the SEC guidance makes clear its market involved and impacting regulated entities are accountable for maintaining and enforcing appropriate internal and external controls to prevent, detect and redress cybersecurity threats, including appropriate board governance and risk management, access rights and controls, data loss prevention,mobile security, incident response and resiliency, vendor management, training and awareness and other practices.  See  SEC Office of Compliance Inspections and Examinations Cybersecurity and Resiliency Observations.  Recently announced enforcement actions demonstrate that the SEC is acting on its promise to go after SEC regulated entities that breach these expectations.  See, e.g., SEC Announces Three Actions Charging Deficient Cybersecurity Procedures.

These and other recently announced federal regulatory and enforcement developments send a clear message to businesses and their leadership, employee benefit plan sponsors, fiduciaries, record keepers and other vendors, SEC securities market involved organizations and others to clean up their cybersecurity compliance and risk management.  Beyond the governmental enforcement risks these developments signal, these and other emerging regulatory developments provide added fuel for the already substantial private litigant and government complaints, investigations and prosecutions against businesses, their leaders, their employee benefit plan fiduciaries, record keepers and other service providers,and others.   and their leaders unable to defend the adequacy of their cybersecurity related practices.

Raise Cybersecurity Compliance & Defenses To Mitigate Risks & Liabilities

In the face of these developments, all businesses, employee benefit plan fiduciaries, their employer and other sponsors, record keepers and other vendors and their leaders should prioritize cybersecurity compliance, risk management, oversight and controls.  As part of these efforts, organizations and their leaders should move quickly to position themselves to defend against potential investigation and enforcement risks created by these emerging policies. These efforts should seek to ensure compliance with all applicable statutory, regulatory and contractual requirements as well as institutionalize the necessary operational controls to protect systems, data and operations from cyber breaches and other threats, to detect and redress cyber events promptly, and to ensure that the organization otherwise can demonstrate both their compliance efforts, as well as their timely prudent detection, investigation, reporting, mitigation and remediation in response to actual or suspected cyber threats or other compliance breaches.

Efforts should begin by taking carefully crafted, well-documented documented steps to prudently evaluate and strengthen  cybersecurity and breach safeguards and compliance, as well as prudently to assess and verify those of their vendors and others involved with their employee benefit plans or their administration within the scope of attorney-client privilege.

Assessments should take into account all existing required statutory, regulatory, and contractual controls and practices, documentation and other procedures.  In addition, organizations should consider the advisability of adopting other “best practice” safeguards or actions taking into account relevant agency guidance and resources,  government or other contracts, other industry or related standards, known and suspected breaches, “red flags” and threats, their own, their vendor and business partner and other risk profiles and experience, and other factors likely to be viewed as prudent under the circumstances.

In assessing, designing and administering the cybersecurity processes, organizations and their leaders should give due attention to assessing and addressing the adequacy of their internal and external controls to ensure the adequacy of their systems, processes, oversight and response practices and capabilities as of the time of the assessment and on an ongoing basis.  Beyond establishing required policies and formal controls, organization should ensure that their organizations have in place the necessary policies and practices to monitor and control cyberthreats arising from conduct and risks created by employees and other internal workforce, vendors and other parties interacting with the business and its operations.  As part of these efforts, most organizations will need to evaluate their contractual obligations and requirements for vendors, suppliers and others interacting with their businesses. Beyond general contractual compliance obligations, organizations should weigh requiring contractors, suppliers and other business partners to make specific commitments to maintain and monitor compliance and other risks, to provide timely notice and reports, to cooperate with audits and investigations necessary or advisable to respond to private or government complaints, government or other investigation, reporting or other requirements, their own compliance and risk assessments, audits and investigations and other compliance and risk management efforts.  Organizations also should give careful attention and review the adequacy of protections and responsibilities arising from contractual cybersecurity and breach notice, investigation, cooperation, indemnification,  insurance and other associated protections and cooperation.

Organizations also should consider establishing and administering processes for independent monitoring of regulatory, news, and other reports that could provide early warning of potential cybersecurity weaknesses, threats and breaches.

All processes should include appropriate governance, oversight and reporting to provide for ongoing monitoring and oversight necessary to identify and respond to evolving risks arising in the course of their operations as well as consistent practices for carefully documenting their compliance and risk management compliance efforts.

Because of the frequently high cost of breach investigation, response and mitigation, most organizations will want to consider securing cyber liability or other coverage, require vendors and other business partners to provide cyber liability indemnifications backed up with insurance or other adequate assurance of their ability to fulfill these financial responsibilities.

 More Information

We hope this update is helpful. For more information about or assistance with these or other workforce, internal controls and compliance or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, and author of the “Medical Privacy” Chapter in the BNA/ERISA Litigation Treatise, the “Other Torts Chapter” in the BNA/ABA E-Heath & Other Torts Treatise, “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other highly regarded data privacy and security, workforce and health care change and crisis management and other highly regarded publications and presentations, Ms. Stamer is widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with private and public employer, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  In the course of this work, she has had extensive involvement in the design, administration and defense of payroll, employee benefit, insurance, securities, trade secret and other confidential information and other internal and external record and data systems and processes as well as investigation, reporting, redress and mitigation of cyber and other incidents.

As a part of this work, she has continuously and extensively worked with domestic and international health and other employee benefit plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.  She also has extensive experience dealing with OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, current RPTE Welfare Benefit Committee Co-Chair and former Chair of its Fiduciary Responsibility, Plan Terminations and Distributions and Defined Contribution Plan Committees, a former JCEB Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former SHRM Consultants Board and Region IV Chair, former Texas Association of Business Board, BACPAC Board and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas.

Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE:   These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any situation and does not necessarily address all relevant issues. Because developments could impact the currency and completeness of this discussion, the author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.  Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.  Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2021 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.


FTC Statement Warning To Confirm Health & Fitness Apps & Other Connected Devices Compliant With Applicable Federal Health Breach Notification Rules

October 1, 2021

Vendors and developers of mobile health apps and connected devices (“health apps”) that track or collect fitness or other health information that contain individually identifiable health information created or received by health care providers (“personal health records” or “PHR”) and their service providers (“collectively “PHR Vendors””) should verify their data security and breach notification policies and processes comply with applicable federal data breach rules in light of a September 15, 2021 Federal Trade Commission (“FTC”) policy statement cautioning health app vendors and their service providers that that app providers are responsible for complying with the FTC Health Breach Notification Rule; Final Rule, 16 C.F.R. Part 318 (“Health Breach Rule”) unless the breach is covered by and addressed in accordance with the Health Insurance Portability & Accountability Act (“HIPAA”) Breach Notification for Unsecured Protected Health Information, 45 CFR Parts 160 and 164 (“HIPAA Breach Rule”) applicable to health plans, health care providers, health care clearinghouses and their service provider business associates  (“HIPAA Entities”) experiencing breaches of protected health information (“PHI”).

The HIPAA Breach Notification Rule and the Health Breach Rule implement enhanced health information data security and breach notification requirements added to federal law by the Health Information Technology for Economic and Clinical Health Act (HITECH) enacted by Congress as part of the American Recovery and Reinvestment Act (ARRA) of 2009.  Widely recognized, the HIPAA Breach Rule adopted and enforced by the Department of Health & Human Services Office of Civil Rights (“OCR”) implements breach notification and other requirements for the protection of electronic PHI applicable to HIPAA Covered Entity.  In contrast, the FTC Health Breach Rule implements the HITECH Act’s requirements for breaches not subject to the HIPAA Breach Rule of individually identifiable consumer health information in “personal health records” and falls under the FTC’s jurisdiction to investigate and enforce.

Awareness of the HIIPAA Breach Rule is much more widespread, largely due to OCR’s long and ever-growing list of settlements and prosecutions of violations of its HIPAA Breach Rules.  See e.g., Pennsylvania OCR Settlement Warns Others Against Disability Or Other Civil Rights Discrimination In COVID-19 Resource Allocation & Other Response; Gastroenterology Practices Pays $100K For HIPAA Noncompliance; OCR Warns HIPAA Entities To “Get Serious” About HIPAA Compliance In Announcing Latest Settlement Against Ambulance Company; $1.6M HIPAA Penalty Mostly Due To Inadequate Security Assessment & Oversight. However the FTC’s lack of enforcement or other meaningful action of the Health Breach Rules since its adoption has fostered both a lack of awareness and concern about compliance with its requirements regarding reporting of breaches of PHR.

FTC Health Breach Rule For PHR Breaches

The FTC Health Breach Rule applies to breaches of electronic PHR. For purposes of the Health Breach Rule, “personal health record” or “PHR” generally means an electronic record any information, collected from an individual, that:

  • Is not subject to the HIPAA Breach Notification rules applicable to HIPAA Entities when a breach of electronic PHI happens;
  • Is created or received by a health care provider, health plan, employer, or health care clearinghouse;
  • Relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual; and
  • Either identifies the individual or with respect to which there is a reasonable basis to believe that the information can be used to identify the individual; and
  • Is managed, shared, and controlled by or primarily for the individual.

Where applicable, the Health Breach Notification Rule requires that the Health App vendors or related entities notify consumers, the FTC, and, in some cases, the media when that data in a Personal Health Record is disclosed or acquired without the consumers’ authorization. In addition, a third party service provider of such vendors or entities that experiences a breach must notify such vendors or entities of the breach, so that they can in turn notify their customers.   Beyond requiring notification of breaches of Personal Health Records, the Health Breach Rule also contains specific requirements governing the timing, method, and contents of the breach notice to consumers. In general, it requires entities to provide breach notices by first class mail, or if specified as a preference by the individual, via e-mail “without unreasonable delay,” and in no case later than 60 calendar days after discovering a breach.  Substitute notice, through the media or a web posting, also may be required when there is insufficient contact information for ten or more individuals.

Violations of the Health Breach Rule can be costly.  The HITECH Act authorizes the FTC to seek civil penalties for violations. Companies that fail to comply with the rule could be subject to monetary penalties of up to $43,792 per violation per day.

FTC Signals Health Rule Enforcement Impending

The FTC Commission’s adoption of a Statement of the Commission on Breaches by Health Apps and Other Connected Devices (the”Statement”) at its September 15, 2021 meeting signals the FTC is preparing to begin enforcing the Health Breach Rule after taking no enforcement action in the decade since its adoption. 

Responding to the explosive growth Health Apps and their use, the Statement notes that Health Apps such as wearable fitness tracking devices that collect consumers’ health information are covered by the Health Breach Notification Rule if they can draw data from multiple sources, and are not covered by the HIPAA Breach Rule.  The Statement warns PHR Vendors not covered by HIPAA are responsible for protecting PHRs from unauthorized access and face civil monetary penalties of up to $43,792 per violation per day for failing to provide breach notification in accordance with the Health Breach Notification Rule when their PHRs experience a “breach of security” of PHRs on a Health App.  

The Statement also urges PHR Vendors, health app developers, and others involved with the creation, provision or use of mobile devices collecting or accessing fitness or other individually identifiable health information to examine their obligation and recommends using the Developing a Mobile Health Act Tool (the “Tool”) to help determine what laws apply.  For example, the Statement states a Health App would be covered under the FTC’s Health Breach Rule if it collects health information from a consumer and has the technical capacity to draw information through an API that enables synching with a consumer’s fitness tracker, but cites to cross references to the HIPAA Breach Rule in the Health Breach Rule to explain that a Health App developer is a “health care provider” subject to the HIPAA Breach Rule because it “furnish[es] health care services or supplies.”  

Comments made by FTC Commissioner Lina M. Khan regarding the need for the Statement add weight to the credibility of concerns about impending enforcement. While noting the Health Breach Rule “imposes some measure of accountability on tech firms that abuse our personal information, Ms. Khan identified “the commodification of sensitive health information, where companies can use this data to feed behavioral ads or power user analytics” as an even “more fundamental problem.”  She also stated “Given the growing prevalence of surveillance-based advertising, the Commission should be scrutinizing what data is being collected in the first place and whether particular types of business models create incentives that necessarily place users at risk.”

ALL HEALTH APP VENDERS & PROVIDERS SHOULD VERIFY COMPLIANCE WITH APPLICABLE BREACH REQUIREMENTS

In the face of OCR’s ongoing enforcement of HIPAA and the Statement’s signal of the FTC’s new commitment to the Health Breach Rule enforcement PHR Vendors, HIPAA Covered Entitles, and others involved with the development, provision, use or management of mobile apps or other devices that collect or access individually identifiable health information should take documented steps to evaluate their responsibilities and risks and address potential compliance exposures promptly. As PHI Vendors also could face exposure from service providers, this review should include assessment of those compliance risks and exposures.  PHR Vendors also may wish to consider reviewing and strengthening contractual requirements for compliance, notification, audit and other vendor safeguarads. Given the potential of enforcement based on current or past practices or events and the likely need for candid discussion of issues and concerns associated with past and present noncompliance risks, HIPAA Covered Entities, PHR Vendors and others dealing with health apps or connected devices also should consider engaging legal counsel familiar with the various rules to help guide this evaluation within the scope of attorney-client privilege.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.  

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.  

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. As a significant part of her work, Ms. Stamer has worked extensively on pandemic, business and other crisis planning, preparedness and response for more than 30 years.

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.  

This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EHR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.  

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other health industry matters, workforce and health care change and crisis management and other highly regarded publications and presentations, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.  

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.  

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE:   These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.  Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.  Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein. ©2020 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.


Agencies Release of 3rd Surprise Billing Reminder Time Short For Health Plans To Prepare For 2022 Compliance Deadline; Learn More in 10/17 Briefing

September 30, 2021

Yesterday’s release by the Departments of Labor, Health and Human Services, Treasury and the Office of Personnel Management (“Agencies”) release yesterday (September 30, 2021) an a third interim final rule (“3rd Rule”) implementing requirements applicable to health plans and health care providers enacted under the No Surprises Act (the “Act) warns health plans, their employer and other sponsors, insurers, fiduciaries and service providers time is running out to update their plans, contracts and practices to prepare to meet comply with the Act when its rules take effect in 2022.

The release of the 3rd Rule yesterday follows the Agencies’ issuance of an interim final rule on consumer protections against surprise billing (“1st Rule”) in July and a proposed rule to help collect data on the air ambulance provider industry (“2nd Rule”) earlier in September, both of which take effect on January 1, 2022.The rules implement the Act’s ban on surprise billing for emergency services and ancillary care at in-network facilities, and limit high out-of-network cost sharing for emergency and non-emergency services by prohibiting them from being higher than if such services were provided in-network. In addition to the Act’s requirements implemented by these three rule packages, health plans and health providers also need to begin preparing to comply with new rules regarding prescription drug coverages and various other requirements of the Act, as well as a plethora of regulatory and market changes impacting health plans and their administration that have emerged over the past year.

Solutions Law Press, Inc. is hosting a complimentary briefing by Cynthia Marcotte Stamer on key requirements of the Act expected to impact health plans and their administration on Monday, October 18, 2021 from 11:30 a.m. to 1:00 p.m. Central Time. Registration is limited. Persons interested in attending should e-mail here to request registration as soon as possible.

Act’s Surprise Billing Ban

The Act seeks to protect patients from surprise bills and remove them from the middle of payment disputes between out-of-network providers, facilities, or providers of air ambulance services and health plans or issuers.

The Act seeks to protect patients from surprise bills and remove them from the middle of payment disputes between out-of-network providers, facilities, or providers of air ambulance services and health plans or issuers.

The 1st Rule published on July 1, 2021 states that, beginning in 2022, patients will only be required to pay cost sharing based on in-network rates for certain out-of-network emergency services, out-of-network non-emergency services at in-network facilities and out-of-network air ambulance services.

The 3rd Rule builds on this work and details how the total payment to an out-of-network provider or facility will be determined. In some cases – based on the law – state law or application of a state All-Payer Model Agreement will determine this amount. Where neither applies, the rule sets forth the federal process that will apply for determining the amount. When a payment dispute for items/services that fall under surprise billing protections occur, either a provider, facility, or air ambulance provider or plan/issuer may initiate a 30-day open negotiation period. If open negotiation fails, either party may initiate the federal independent dispute resolution process. This rule details how this process initiates, what is eligible for this process and how independent dispute resolution entities should consider factors when determining a payment amount.

Self Pay Patient’s Good Faith Estimate Requirements

In added consumer protections, today’s 3rd Rule also outlines key requirements related to uninsured (or self-pay) individuals. Self-pay individuals are individuals who have coverage but do not choose to have their care billed to their health plan or issuer. When individuals schedule an item or service with certain providers and facilities, those providers and facilities will be required to inquire about the individual’s health coverage status, and if the individual wants their care billed to their health plan or issuer.

The provider or facility must provide a good faith estimate of expected charges for the care they are scheduling for individuals deemed uninsured (or self-pay). An uninsured (or self-pay) individual may also request a good faith estimate, without scheduling an item or services. The rule also establishes a process for uninsured (or self-pay) individuals to initiate a payment dispute resolution process if they are ultimately billed substantially in excess of the good faith estimate they received.

Time Running Short To Complete Compliance Preparations

The Act’s restrictions on balance billing of out of network and self pay services, along with new rules regarding prescription drug coverage and various other health benefit rules are scheduled to take effect under the Act beginning in January, 2022 as well as a host of other statutory, regulatory and market changes impacting health benefit programs for the upcoming year. Aside from the complexities of meeting the direct requirements of the rules, health plans and their sponsors, fiduciaries, administrators and advisors working to update their plans also will need to determine and decide how to respond to state law regulatory surprise billing and other price transparency and balance billing rules that the Act and its implementing regulations incorporate. Employer and other health plan sponsors, health plan fiduciaries and their service providers need to confirm the necessary arrangement are prepared in a timely fashion to ensure their health plans are designed and administered to comply with these requirements. In addition to updating plan documents, contracts, and processes, health plans, their sponsors, fiduciaries, administrative service providers and others likely need to review budget forecasts, stop loss and other insurance, participant and provider communications, systems, and a host of other operating features of their programs. Given the emerging nature of the guidance, meeting current deadlines are likely to prove challenging. Accordingly health plan sponsors, administrators, fiduciaries, insurers, and advisors should move quickly to begin preparations.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.  

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.  

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. As a significant part of her work, Ms. Stamer has worked extensively on pandemic, business and other crisis planning, preparedness and response for more than 30 years.

Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EHR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.  

This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EHR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.  

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, as well as a multitude of other health industry matters, workforce and health care change and crisis management and other highly regarded publications and presentations, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.  

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.  

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE:   These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.  Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.  Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2021 Cynthia Marcotte Stamer. Limited non-exclusive right to republish granted to Solutions Law Press, Inc.™.


California Medical Privacy Rules Changed 7/1. https://slphealthcareupdate.com/2021/08/03/california-medical-privacy-rules-eased-new-7-1-2021-rules-allow-greater-flexibility-on-disclosures-a-breach-and-give-agency-more-fine-flexibility-https-www-cdph-ca-gov-programs-ols-cdph%20docume/

August 3, 2021

Model Notice & Related Guidance For Complying With COVID Bill COBRA Subsidy Rules Released; Send Notices & Begin Compliance ASAP

April 7, 2021

Group health plans, their plan administrators and fiduciaries, employer or other sponsors, administrative services providers and insurers should act quickly to distribute required notices using the regulatory guidance just released today (April 7, 2021) and take other actions needed to comply with the Consolidated Omnibus Reconciliation Act of 1985 (“COBRA”) coverage and premium subsidy notification, enrollment and coverage continuation requirements created by Section 9501 (the “COBRA Premium Assistance Rules”) of the American Rescue Plan Act of 2021 (“ARP ”) enacted last month.

The guidance package released today by the Employee Benefit Security Administration includes model notices and other preliminary guidance on the COBRA Premium Assistance Rules, which among other things require group health plans to notify “assistance eligible individuals” no later than May 31, 2021 of right under ARP Section 9501 to enroll in free COBRA Coverage during the ARP Premium Subsidy Period that began April 1, 2021.

As the deadline for providing notification to qualified beneficiaries is May 31, 2021 and the 60 day period for enrolling in COBRA coverage under the ARP COBRA Subsidy Rules does not begin until proper notification is provided, group health plan should move quickly to prepare and distribute the notifications and make other necessary plan arrangements.

This article provides an general overview of the ARP COBRA Premium Subsidy Rules and the Model Notices published by the Department of Labor Employee Benefit Security Administration (“EBSA”) on April 7, 2021 to assist group health plans and their administrators to comply with their notification obligations under these Rules.  For a more comprehensive discussion of these requirements, see here.

New COVID COBRA Premium Subsidy Rules Overview

Section 9501 of the ARP seeks to help “assistance eligible individuals” continue their health benefits by providing assistance to maintain enrollment in covered group health plans by allowing them to enroll and maintain COBRA coverage under those plans without paying their COBRA continuation coverage premiums.  

Covered group health plans generally include all group health plans sponsored by private-sector employers or employee organizations (unions) subject to the COBRA rules under the Employee Retirement Income Security Act of 1974 (ERISA); group health plans sponsored by State or local governments subject to the continuation provisions under the Public Health Service Act and group health insurance required to comply with state mini-COBRA laws.

In addition to mandating the provision of COBRA Coverage at no cost, no later than May 31, 2021, the ARP requires covered group health plans to notify certain former covered employees or dependents that qualify to enroll in COBRA coverage as “assistance eligible individuals” of their right within 60 days of notification to enroll in COBRA Coverage under the group health plan at no cost from April 1, 2021 through September 30, 2021 or, if earlier, the date their COBRA eligibility otherwise end (the “Premium Subsidy Period”). 

From April 1 to September 31, 2021, group health plans cannot require an assistance eligible individual to pay any premiums for COBRA Coverage during his Premium Subsidy Period. ARP requires group health plans to provide COBRA Coverage without charge to assistance eligible individuals who qualify for and elect to enroll in COBRA Coverage with premium subsidy unless individual’s eligibility for COBRA or COBRA premium assistance ends before that date.  Specific notifications to qualified beneficiaries also are required.  

To implement these rules, ARP also requires that no later than May 31, 2021, covered group health plan administrators notify eligible qualified beneficiaries eligible to obtain COBRA coverage with premium assistance by applying for enrollment within the 60 day period following notification.

Assistance eligible individuals who timely enroll in COBRA Coverage with premium assistance generally must receive COBRA Coverage free of charge from the group health plan for any coverage period during the period that begins on or after April 1, 2021 until the earliest of the following dates (the “Premium Subsidy Period”):[1]

  • The date the qualified beneficiary is eligible[2] for coverage under any other group health plan (other than coverage consisting of only excepted benefits,[3] coverage under a health flexible spending arrangement under Code Section 106(c)(2), coverage under a qualified small employer health reimbursement arrangement under Code Section 9831(d)(2) or eligible for benefits under the Medicare program under title XVIII of the Social Security Act;
  • The date of the expiration of the otherwise applicable maximum period of COBRA continuation coverage under Code Section 4980B (other than due to a failure to elect or discontinuation of coverage for nonpayment of COBRA premium that occurred before April 1, 2021).

Assistance eligible individuals generally are qualified beneficiaries who lost coverage under the group health plan due to an involuntary reduction in hours or termination of employment enrolled in COBRA Coverage between April 1, 2021 and September 31, 2021 including those qualifying event was an involuntary employment loss occurring during the 18-month period (29-months for individuals qualifying for extended COBRA eligibility due to disability) prior to April 1, 2021 not enrolled in COBRA as of April 1, 2021.  This generally includes COBRA qualified beneficiaries whose loss of group health coverage results from an involuntary employment reduction or loss for a reason other than gross misconduct after  ARP’s enactment on March 11, 2021 as well as qualified beneficiaries whose involuntary employment loss happened before the effective date who but for their previous failure to elect COBRA or to maintain COBRA Coverage would still be entitled to COBRA Coverage because less than 18 months (29 months for qualified beneficiaries disabled on the date of coverage loss who qualify for extension of the disability coverage period) has elapsed since their employment loss and an event has not occurred following the coverage termination that would terminate their COBRA eligibility before the end of such otherwise applicable maximum COBRA eligibility period.  Group health plans must offer a second opportunity to enroll in COBRA Coverage with COBRA premium assistance to qualified beneficiaries eligible for premium assistance not enrolled in COBRA Coverage as of April 1, 2021.

Sponsoring employers or other plan sponsors may qualify to claim an employment tax credit for COBRA premiums paid on behalf of assistance eligible individuals.  Guidance on these tax rules is pending.

Required Group Health Plan Notifications To Assistance Eligible Individuals

ARP requires group health plans to provide certain written notifications to qualified beneficiaries entitled to qualify to enroll in COBRA coverage with premium assistance.  This generally includes a requirement to provide an initial notification of the availability of premium assistance for COBRA coverage to assistance eligible individuals by the later of May 31, 2021 and subsequently to provide notice of the impending termination of eligibility for the COBRA Premium Subsidy during the 30 day period that begins 45 days before eligibility for COBRA Premium Subsidy ends. ARP dictates the minimum required content of such notices.  Failure to provide the required notification is a failure to meet the notice requirements under the applicable COBRA continuation provision that subjects the group health plan administer and its sponsor to liability.

While ARP allows plan administrators the option of designing their own notices and forms to fulfill this requirement, it also directed the Department of Labor in consultation with the Secretary of the Treasury and the Secretary of Health and Human Services to develop model notices for plans to use for this purpose.  In response to this directive, the Department of Labor EBSA on April 7, 2021 published the following model notices and forms for group health plans to use to fulfill their ARP COBRA Premium Subsidy Rule notification requirements:

More Information

The ARP COBRA Premium Subsidy Rules are only one of a plethora of COVID health care emergency driven regulatory and enforcement changes impacting employers and their employee benefit plans.  If you need assistance or would like additional information about these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. also invites you receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns. 

Most widely recognized for her work with workforce, health care, life sciences, insurance and data and technology organizations, she also has worked extensively with health plan and insurance, employee benefits, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders.

Ms. Stamer has extensive experience advising, representing, defending and training domestic and international public and private business, charitable, community and governmental organizations and their leaders, employee benefit plans, their fiduciaries and service providers, insurers, and others has published and spoken extensively on these concerns. As part of these involvements, she has worked, published and spoken extensively on these and other federal and state wage and hour and other compensation, discrimination, performance management, and other related human resources, employee benefits and other workforce and services; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress;  and many other risk management, compliance, public policy and performance concerns.

A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member,  past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. 

©2021 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™

Group health plans, their plan administrators and fiduciaries, employer or other sponsors, administrative services providers and insurers should act quickly to distribute required notices using the regulatory guidance just released today (April 7, 2021) and take other actions needed to comply with the Consolidated Omnibus Reconciliation Act of 1985 (“COBRA”) coverage and premium subsidy notification, enrollment and coverage continuation requirements created by Section 9501 (the “COBRA Premium Assistance Rules”) of the American Rescue Plan Act of 2021 (“ARP ”) enacted last month.

The guidance package released today by the Employee Benefit Security Administration includes model notices and other preliminary guidance on the COBRA Premium Assistance Rules, which among other things require group health plans to notify “assistance eligible individuals” no later than May 31, 2021 of right under ARP Section 9501 to enroll in free COBRA Coverage during the ARP Premium Subsidy Period that began April 1, 2021.

As the deadline for providing notification to qualified beneficiaries is May 31, 2021 and the 60 day period for enrolling in COBRA coverage under the ARP COBRA Subsidy Rules does not begin until proper notification is provided, group health plan should move quickly to prepare and distribute the notifications and make other necessary plan arrangements.

This article provides an general overview of the ARP COBRA Premium Subsidy Rules and the Model Notices published by the Department of Labor Employee Benefit Security Administration (“EBSA”) on April 7, 2021 to assist group health plans and their administrators to comply with their notification obligations under these Rules.  For a more comprehensive discussion of these requirements, see here.

New COVID COBRA Premium Subsidy Rules Overview

Section 9501 of the ARP seeks to help “assistance eligible individuals” continue their health benefits by providing assistance to maintain enrollment in covered group health plans by allowing them to enroll and maintain COBRA coverage under those plans without paying their COBRA continuation coverage premiums.  

Covered group health plans generally include all group health plans sponsored by private-sector employers or employee organizations (unions) subject to the COBRA rules under the Employee Retirement Income Security Act of 1974 (ERISA); group health plans sponsored by State or local governments subject to the continuation provisions under the Public Health Service Act and group health insurance required to comply with state mini-COBRA laws.

In addition to mandating the provision of COBRA Coverage at no cost, no later than May 31, 2021, the ARP requires covered group health plans to notify certain former covered employees or dependents that qualify to enroll in COBRA coverage as “assistance eligible individuals” of their right within 60 days of notification to enroll in COBRA Coverage under the group health plan at no cost from April 1, 2021 through September 30, 2021 or, if earlier, the date their COBRA eligibility otherwise end (the “Premium Subsidy Period”). 

From April 1 to September 31, 2021, group health plans cannot require an assistance eligible individual to pay any premiums for COBRA Coverage during his Premium Subsidy Period. ARP requires group health plans to provide COBRA Coverage without charge to assistance eligible individuals who qualify for and elect to enroll in COBRA Coverage with premium subsidy unless individual’s eligibility for COBRA or COBRA premium assistance ends before that date.  Specific notifications to qualified beneficiaries also are required.  

To implement these rules, ARP also requires that no later than May 31, 2021, covered group health plan administrators notify eligible qualified beneficiaries eligible to obtain COBRA coverage with premium assistance by applying for enrollment within the 60 day period following notification.

Assistance eligible individuals who timely enroll in COBRA Coverage with premium assistance generally must receive COBRA Coverage free of charge from the group health plan for any coverage period during the period that begins on or after April 1, 2021 until the earliest of the following dates (the “Premium Subsidy Period”):[1]

  • The date the qualified beneficiary is eligible[2] for coverage under any other group health plan (other than coverage consisting of only excepted benefits,[3] coverage under a health flexible spending arrangement under Code Section 106(c)(2), coverage under a qualified small employer health reimbursement arrangement under Code Section 9831(d)(2) or eligible for benefits under the Medicare program under title XVIII of the Social Security Act;
  • The date of the expiration of the otherwise applicable maximum period of COBRA continuation coverage under Code Section 4980B (other than due to a failure to elect or discontinuation of coverage for nonpayment of COBRA premium that occurred before April 1, 2021).

Assistance eligible individuals generally are qualified beneficiaries who lost coverage under the group health plan due to an involuntary reduction in hours or termination of employment enrolled in COBRA Coverage between April 1, 2021 and September 31, 2021 including those qualifying event was an involuntary employment loss occurring during the 18-month period (29-months for individuals qualifying for extended COBRA eligibility due to disability) prior to April 1, 2021 not enrolled in COBRA as of April 1, 2021.  This generally includes COBRA qualified beneficiaries whose loss of group health coverage results from an involuntary employment reduction or loss for a reason other than gross misconduct after  ARP’s enactment on March 11, 2021 as well as qualified beneficiaries whose involuntary employment loss happened before the effective date who but for their previous failure to elect COBRA or to maintain COBRA Coverage would still be entitled to COBRA Coverage because less than 18 months (29 months for qualified beneficiaries disabled on the date of coverage loss who qualify for extension of the disability coverage period) has elapsed since their employment loss and an event has not occurred following the coverage termination that would terminate their COBRA eligibility before the end of such otherwise applicable maximum COBRA eligibility period.  Group health plans must offer a second opportunity to enroll in COBRA Coverage with COBRA premium assistance to qualified beneficiaries eligible for premium assistance not enrolled in COBRA Coverage as of April 1, 2021.

Sponsoring employers or other plan sponsors may qualify to claim an employment tax credit for COBRA premiums paid on behalf of assistance eligible individuals.  Guidance on these tax rules is pending.

Required Group Health Plan Notifications To Assistance Eligible Individuals

ARP requires group health plans to provide certain written notifications to qualified beneficiaries entitled to qualify to enroll in COBRA coverage with premium assistance.  This generally includes a requirement to provide an initial notification of the availability of premium assistance for COBRA coverage to assistance eligible individuals by the later of May 31, 2021 and subsequently to provide notice of the impending termination of eligibility for the COBRA Premium Subsidy during the 30 day period that begins 45 days before eligibility for COBRA Premium Subsidy ends. ARP dictates the minimum required content of such notices.  Failure to provide the required notification is a failure to meet the notice requirements under the applicable COBRA continuation provision that subjects the group health plan administer and its sponsor to liability.

While ARP allows plan administrators the option of designing their own notices and forms to fulfill this requirement, it also directed the Department of Labor in consultation with the Secretary of the Treasury and the Secretary of Health and Human Services to develop model notices for plans to use for this purpose.  In response to this directive, the Department of Labor EBSA on April 7, 2021 published the following model notices and forms for group health plans to use to fulfill their ARP COBRA Premium Subsidy Rule notification requirements:

More Information

The ARP COBRA Premium Subsidy Rules are only one of a plethora of COVID health care emergency driven regulatory and enforcement changes impacting employers and their employee benefit plans.  If you need assistance or would like additional information about these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. also invites you receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns. 

Most widely recognized for her work with workforce, health care, life sciences, insurance and data and technology organizations, she also has worked extensively with health plan and insurance, employee benefits, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders.

Ms. Stamer has extensive experience advising, representing, defending and training domestic and international public and private business, charitable, community and governmental organizations and their leaders, employee benefit plans, their fiduciaries and service providers, insurers, and others has published and spoken extensively on these concerns. As part of these involvements, she has worked, published and spoken extensively on these and other federal and state wage and hour and other compensation, discrimination, performance management, and other related human resources, employee benefits and other workforce and services; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress;  and many other risk management, compliance, public policy and performance concerns.

A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member,  past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. 

©2021 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™


Businesses Face Increased Wage Costs & Risks From American Rescue Plan Act Of 2021 FLSA Minimum Wage Changes

March 2, 2021

U.S businesses will face sharply increased wage costs if Senate Democrats succeed in their plan to pass as soon as this week the American Rescue Plan Act of 2021 (the “Act”) passed by the House of Representatives on Friday, February 24, 2021.    

One of many provisions impacting employers and their employee benefit plans in the Act that Congressional Democrats are pushing through as a COVID-19 relief package, Section 2101 of the Act amends the Fair Labor Standards Act of 1938 (“FLSA”) to increase immediately upon enactment the federal minimum wage employers covered by the FLSA must pay to most non-exempt employees (“regular rate”) by $2.25 per hour from the current rate of $7.25 to $9.50 per hour, then provides for  additional annual increases the gradual increase of the federal minimum wage that will raise the regular rate to $15.00 per hour over the next four years.  Beginning in 2026, the Act also provides for annual increases in the regular rate based on the median hourly wage of all employees as determined by the Bureau of Labor Statistics rounded up to the nearest multiple of $0.05.  This means the regular minimum wage employers must pay most hourly employees would more than double by 2025 and continue to increase thereafter.

In addition, the Act also phases out current rules allowing employers to pay tipped employees, new employees under age 20 and handicapped employees less than the regular minimum wage over the next five years and raises the minimum wage the FLSA allows employers to pay those employees gradually over the intervening period, with the initial increases slated to take effect upon enactment.  

As Senate Majority Leader Chuck Schumer has announced plans to bring the Act before the Senate for a vote as early as this week and President Biden committed to promptly sign the Act that is the centerpiece of the Democrats latest COVID-19 relief package, businesses are likely to feel the impact of the increased minimum wage and other mandates within days if not by month’s end.

These amendments will directly and immediately increase labor costs for non-exempt workers as well as employee benefit and fringe benefit costs and obligations tied to compensation or based on FLSA classifications. Other Biden-Harris Administration policies expanding the scope of the FLSA and other federal laws through revisions and enforcement of rules for characterizing workers as employees rather than independent contractors and enforcing expansive joint employer liability rules as well as other announced or expected Biden-Harris Administration proworker regulatory and enforcement changes almost certainly will expand the reach and implications of these changes.  The Biden-Harris Administration’s January 20, 2021 Memorandum on Regulatory Freeze Pending Review suspended the implementation of the Trump Administration led Labor Department’s Final Rule: Independent Contractor Status under the Fair Labor Standards Act slated to take effect on March 8, 2021, which sought to restore and clarify historical more employer friendly policies for distinguishing employee versus independent contractor relationships for purposes of the FLSA, the WHD’s withdrawal of previously issued Trump Administration era opinions that applied that Administration’s more expansive view of independent contractor status, and  WHD’s issuance of new opinions articulating and apply applying significantly narrower definitions of independent contractor and broader definitions of employees. 

Based on the agenda announced by the Biden-Harris Administration, businesses also should expect the Biden-Harris Administration and private plaintiffs to use these more employee friendly interpretation and enforcement policies to attack employer characterizations of workers as contractors to justify nonpayment of minimum wage and overtime to those workers.  Along with being forced to pay unpaid wages and overtime with interest, businesses unsuccessful in defending their worker classification characterizations can expect to face liquidated damage awards to private litigants equal to two times the amount of the back pay liability or in the case of WHD enforcement for repeated or willful violations, civil monetary penalties.

In assessing and managing these risks, businesses should evaluate their potential joint employer exposure to liability for unpaid minimum wage and overtime violations by other businesses providing labor or other services as the Biden-Harris Administration also is expected to seek to apply the much more expansive interpretation of joint employment applied during the Obama Administration abandoned during the Trump Administration.

These misclassification mistakes can be particularly costly.  FLSA liabilities arising from misclassification of workers as independent contractors carry significant risk both because businesses often fail to pay required minimum wages or overtime as well as don’t keep required time records.  The Biden-Harris Administration has made clear that it plans to move quickly to reimplement the regulatory and enforcement practices used during the Obama Administration to aggressively challenge employers’ characterization of workers as exempt from the FLSA’s minimum wage and overtime rules as independent contractors.

Considering these developments, all U.S. businesses and business leaders are well-advised both to begin preparing to comply with anticipated increases in federal minimum wage rates, as well as well as assess and take appropriate steps to mitigate their exposure to anticipated aggressive efforts to reclassify service providers considered to perform work as independent contractors, as contractors or employees of subcontractors or other businesses or both. 

More Information

The FLSA reforms are only one of a number of provisions of the Act impacting employers and their employee benefit plans. For more a more comprehensive discussion of the FLSA amendments included in the Act, see here.

Solutions Law Press, Inc. also invites you receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. For specific information about the these or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns. 

Most widely recognized for her work with workforce, health care, life sciences, insurance and data and technology organizations, she also has worked extensively with health plan and insurance, employee benefits, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders.

Ms. Stamer has extensive experience advising, representing, defending and training domestic and international public and private business, charitable, community and governmental organizations and their leaders, employee benefit plans, their fiduciaries and service providers, insurers, and others has published and spoken extensively on these concerns. As part of these involvements, she has worked, published and spoken extensively on these and other federal and state wage and hour and other compensation, discrimination, performance management, and other related human resources, employee benefits and other workforce and services; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress;  and many other risk management, compliance, public policy and performance concerns.

A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member,  past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. 

©2021 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™


To 2/18 Complimentary Update On Proposed COVID Relief Provisions Impacting Employers & Employee Benefit Plans

February 12, 2021
Register for 2/18 Complimentary Zoom Briefing

Solutions Law Press, Inc.™ invites employers, employee benefit plan fiduciaries and vendors and other impacted business leaders participate in a complimentary briefing on the employer and employee benefit requirements of the H.R. 6379, Take Responsibility for Workers and Families Act as approved by the Ways & Means Committee as of February 12, 2021. The live Zoom briefing now will begin at 9:00 a.m. Central Time on Thursday, February 18, 2021 to avoid potential weather-related power and other disruptions associated with winter storms at its originally scheduled presentation time on Monday, February 15.

Employers and employee benefit plan fiduciaries and vendors should get up to speed on a new mandate to subsidize health coverage continuation and other requirements of the Act that the House Ways & Means Committee voted on February 11, 2021 to include in the lasted COVID-19 relief package the Democrat Majority plans to fast track through Congress.  By the end of February if not before, Congress is expected to pass a final COVID-19 relief package including these employer and employee benefit plan mandates in substantially the same form as approved by the Ways and Means Committee. As these provisions will require quick action by employers and plans, employers, employee benefit plans, their fiduciaries and plan vendors should begin preparing now to comply with the anticipated new requirements

Registration & Program Details

Solutions Law Press, Inc. will host the 30-minute Zoom briefing beginning at 9:00 a.m. Central Time on Thursday, February 18, 2021 on the current provisions of the Act. The briefing will be conducted attorney Cynthia Marcotte Stamer. Participation is complimentary, but space is limited. Accordingly, registration is required and registration and participation will be granted on a first come, first serve basis here.

About Presenter Cynthia Marcotte Stamer

A Fellow in the American College of Employee Benefits Counsel, Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization and recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney, 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, employee benefit plan, health care, insurance, financial service, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce, employee benefits and compensation, performance management, internal controls, governance, regulatory and operational compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns.  Best known for her leading edge work and thought leadership on workforce management and reengineering and health and other employee benefits concerns, Ms. Stamer regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.  Along with advising and representing management organizations, Ms. Stamer also has worked continuously throughout her career internationally and domestically as an advisor to business, community and government leaders on health care, savings and retirement, workforce, and other legislative and regulatory design, drafting, interpretation, enforcement and other domestic and international public policy.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member,  past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mailhere.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy Group.


Ways & Means Committee Approves New COVID Relief Employer COBRA Subsidy Mandate

February 11, 2021

Register For 2/15 Zoom Briefing

Register For 2/15 Zoom Briefing

Employers and employee benefit plan fiduciaries and vendors should prepare to face a new mandate to subsidize health coverage continuation and other requirements included in the H.R. 6379, Take Responsibility for Workers and Families Act that the House Ways & Means Committee approved for inclusion in the COVID-19  relief package the Democrat Majority plans to fast track to enactment.

The proposed COBRA subsidy mandate is one of several COVID-19 relief provisions impacting employers and their benefit programs the Ways & Means Committee marked up and reported out of committee the week ending February 12, 2021.  Other provisions include:

  • Additional direct assistance that would increase the COVID direct payment for qualifying working families by an additional direct payment of $1,400 per person, bringing their total relief to $2,000 per person;
  • Extend temporary federal unemployment and benefits with increased weekly benefits;
  • Significantly enhanced Earned Income Tax Credits for workers without children;
  • Raising the Child Tax Credit to $3,000 per child ($3,600 for children under 6), and makes it fully refundable and advanceable;
  • Expanding the Child and Dependent Tax Credit (CDCTC) to allow families to claim up to half of their child care expenses;
  • Reducing health care premiums for low- and middle-income families by increasing the Affordable Care Act’s (ACA) premium tax credits for 2021 and 2022;
  • Creating health care subsidies for unemployed workers who are ineligible for COBRA;
  • A program to bail out insolvent and distressed multiemployer (union) pension plans; and
  • More.

Revised legislative language of these and other proposals before the Ways and Means Committee markup this week is emerging and could face further changes as Congressional Democrats continue to work to enact their latest COVID-Relief package. Employers and employee benefit leaders and advisors should monitor carefully and begin preparing to respond to these proposals.

Register & Attend Complimentary 2/15  Briefing

Solutions Law Press, Inc. will host the 30-minute Zoom briefing beginning at 9:00 a.m. Central Time on Monday, February 15, 2020 on the current provisions of the Act.  The briefing will be conducted attorney Cynthia Marcotte Stamer.  Participation is complimentary, but space is limited.  Accordingly, registration is required and registration and participation will be granted on a first come, first serve basis here.

For more information contact the author of this update, Texas Board of Legal Specialization Board Certified Labor and Employment Lawyer, Cynthia Marcotte Stamer here.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years working as an on demand, special project, consulting, general counsel or other basis with domestic and international business, charitable, community and government organizations of all types, sizes and industries and their leaders on labor and employment and other workforce compliance, performance management, internal controls and governance, compensation and benefits, regulatory compliance, investigations and audits, change management and restructuring, disaster preparedness and response and other operational, risk management and tactical concerns. 

Most widely recognized for her work with health care, life sciences, insurance and data and technology organizations, she also has worked extensively with health plan and insurance, employee benefits, financial, transportation, manufacturing, energy, real estate, accounting and other services, public and private academic and other education, hospitality, charitable, civic and other business, government and community organizations. and their leaders.

Ms. Stamer has extensive experience advising, representing, defending and training domestic and international public and private business, charitable, community and governmental organizations and their leaders, employee benefit plans, their fiduciaries and service providers, insurers, and others has published and spoken extensively on these concerns. As part of these involvements, she has worked, published and spoken extensively on these and federal and state discrimination, affirmative action and accommodation and other related human resources, employee benefits and other workforce and services; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress;  and many other risk management and compliance concerns.

A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member,  past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. 

Solutions Law Press, Inc. invites you receive future updates by registering here and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  ©2021 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™


Prepare To Respond To Biden-Harris Plan To Beat COVID-19 & Other Administration Policy & Enforcement Priorities

January 21, 2021

Newly sworn in President Joe Biden chose to make an executive order outlining the core principles for his Administration’s policy for fighting COVID-19 the first signed in his new Administration shortly after he was sworn in as President as well as made public the Biden-Harris Administration’s other key policy priorities upon taking office which promise to significantly impact business and other organizations, taxpayers and others. As the Administration and new Congress get to work on these and other policies, American businesses and citizens should stay informed and provide clear and consistent input to the Administration and members of Congress about the policy and enforcement proposals and actions to help shape the law and prepare to deal with the new rules and priorities.

Key Biden-Harris Administration Policy Priorities

President Biden will deliver bold action and immediate relief for American families as the country grapples with converging crises. This will include actions to control the COVID-19 pandemic, provide economic relief, tackle climate change, and advance racial equity and civil rights, as well as immediate actions to reform our immigration system and restore America’s standing in the world. 

COVID-19

President Biden will move quickly to contain the COVID-19 crisis by expanding testing, safely reopening schools and businesses, and taking science-driven steps to address the communities — especially communities of color — who have been hardest hit by this virus. And, President Biden will launch a national vaccination program to inoculate the U.S. population efficiently and equitably.

Read more about the Biden-Harris plan to beat COVID-19 [See below].

Climate

President Biden will take swift action to tackle the climate emergency. The Biden Administration will ensure we meet the demands of science, while empowering American workers and businesses to lead a clean energy revolution. 

Racial Equity

The promise of our nation is that every American has an equal chance to get ahead, yet persistent systemic racism and barriers to opportunity have denied this promise for so many. President Biden is putting equity at the center of the agenda with a whole of government approach to embed racial justice across Federal agencies, policies, and programs. And President Biden will take bold action to advance a comprehensive equity agenda to deliver criminal justice reform, end disparities in healthcare access and education, strengthen fair housing, and restore Federal respect for Tribal sovereignty, among other actions, so that everyone across America has the opportunity to fulfill their potential.

Economy 

President Biden will take bold steps to address the inequities in our economy and provide relief to those who are struggling during the COVID-19 pandemic. The President will also work with Congress to pass the American Rescue Plan to change the course of the pandemic, build a bridge towards economic recovery, and invest in racial justice. And, he will build our economy back better from the pandemic and create millions of jobs by strengthening small businesses and investing in the jobs of the future. 

Health Care

President Biden will make a renewed commitment to protect and expand Americans’ access to quality, affordable health care. He will build on the Affordable Care Act to meet the health care needs created by the pandemic, reduce health care costs, and make our health care system less complex to navigate.

Immigration

President Biden will reform our long-broken and chaotic immigration system. President Biden’s strategy is centered on the basic premise that our country is safer, stronger, and more prosperous with a fair and orderly immigration system that welcomes immigrants, keeps families together, and allows people across the country—both newly arrived immigrants and people who have lived here for generations—to more fully contribute to our country. 

Restoring America’s Global Standing

President Biden will take steps to restore America’s standing in the world, strengthening the U.S. national security workforce, rebuilding democratic alliances across the globe, championing America’s values and human rights, and equipping the American middle class to succeed in a global economy.

COVID-19 Plan To Beat COVID-19

The first Executive Order signed by President Biden in furtherance of these initiatives was his COVID-19: The Biden-Harris plan to beat COVID-19 Executive Oder, the text of which reads as follows:

The American people deserve an urgent, robust, and professional response to the growing public health and economic crisis caused by the coronavirus (COVID-19) outbreak. President Biden believes that the federal government must act swiftly and aggressively to help protect and support our families, small businesses, first responders, and caregivers essential to help us face this challenge, those who are most vulnerable to health and economic impacts, and our broader communities – not to blame others or bail out corporations.

The Biden-Harris administration will always:

Listen to science
Ensure public health decisions are informed by public health professionals
Promote trust, transparency, common purpose, and accountability in our government
President Biden and Vice President Harris have a seven-point plan to beat COVID-19.

Ensure all Americans have access to regular, reliable, and free testing.

Double the number of drive-through testing sites.
Invest in next-generation testing, including at home tests and instant tests, so we can scale up our testing capacity by orders of magnitude.
Stand up a Pandemic Testing Board like Roosevelt’s War Production Board. It’s how we produced tanks, planes, uniforms, and supplies in record time, and it’s how we will produce and distribute tens of millions of tests.
Establish a U.S. Public Health Jobs Corps to mobilize at least 100,000 Americans across the country with support from trusted local organizations in communities most at risk to perform culturally competent approaches to contact tracing and protecting at-risk populations.
Fix personal protective equipment (PPE) problems for good.

President Biden is taking responsibility and giving states, cities, tribes, and territories the critical supplies they need.

Fully use the Defense Production Act to ramp up production of masks, face shields, and other PPE so that the national supply of personal protective equipment exceeds demand and our stores and stockpiles — especially in hard-hit areas that serve disproportionately vulnerable populations — are fully replenished.
Build immediately toward a future, flexible American-sourced and manufactured capability to ensure we are not dependent on other countries in a crisis.
Provide clear, consistent, evidence-based guidance for how communities should navigate the pandemic – and the resources for schools, small businesses, and families to make it through.

Social distancing is not a light switch. It is a dial. President Biden will direct the CDC to provide specific evidence-based guidance for how to turn the dial up or down relative to the level of risk and degree of viral spread in a community, including when to open or close certain businesses, bars, restaurants, and other spaces; when to open or close schools, and what steps they need to take to make classrooms and facilities safe; appropriate restrictions on size of gatherings; when to issue stay-at-home restrictions.
Establish a renewable fund for state and local governments to help prevent budget shortfalls, which may cause states to face steep cuts to teachers and first responders.
Call on Congress to pass an emergency package to ensure schools have the additional resources they need to adapt effectively to COVID-19.
Provide a “restart package” that helps small businesses cover the costs of operating safely, including things like plexiglass and PPE.

Plan for the effective, equitable distribution of treatments and vaccines — because development isn’t enough if they aren’t effectively distributed.

Invest $25 billion in a vaccine manufacturing and distribution plan that will guarantee it gets to every American, cost-free.
Ensure that politics plays no role in determining the safety and efficacy of any vaccine. The following 3 principles will guide the Biden-Harris administration: Put scientists in charge of all decisions on safety and efficacy; publicly release clinical data for any vaccine the FDA approves; and authorize career staff to write a written report for public review and permit them to appear before Congress and speak publicly uncensored.
Ensure everyone — not just the wealthy and well-connected — in America receives the protection and care they deserve, and consumers are not price gouged as new drugs and therapies come to market.

Protect older Americans and others at high risk.

President Biden understands that older Americans and others at high-risk are most vulnerable to COVID-19.

Establish a COVID-19 Racial and Ethnic Disparities Task Force, as proposed by Vice President Harris, to provide recommendations and oversight on disparities in the public health and economic response. At the end of this health crisis, it will transition to a permanent Infectious Disease Racial Disparities Task Force.
Create the Nationwide Pandemic Dashboard that Americans can check in real-time to help them gauge whether local transmission is actively occurring in their zip codes. This information is critical to helping all individuals, but especially older Americans and others at high risk, understand what level of precaution to take.
Rebuild and expand defenses to predict, prevent, and mitigate pandemic threats, including those coming from China.

Immediately restore the White House National Security Council Directorate for Global Health Security and Biodefense, originally established by the Obama-Biden administration.
Immediately restore our relationship with the World Health Organization, which — while not perfect — is essential to coordinating a global response during a pandemic.
Re-launch and strengthen U.S. Agency for International Development’s pathogen-tracking program called PREDICT.
Expand the number of CDC’s deployed disease detectives so we have eyes and ears on the ground, including rebuilding the office in Beijing.
Implement mask mandates nationwide by working with governors and mayors and by asking the American people to do what they do best: step up in a time of crisis.

Experts agree that tens of thousands of lives can be saved if Americans wear masks. President Biden will continue to call on:

Every American to wear a mask when they are around people outside their household.
Every Governor to make that mandatory in their state.
Local authorities to also make it mandatory to buttress their state orders.
Once we succeed in getting beyond this pandemic, we must ensure that the millions of Americans who suffer long-term side effects from COVID don’t face higher premiums or denial of health insurance because of this new pre-existing condition. The Biden-Harris Administration will work to ensure that the protections for those with pre-existing conditions that were won with Obamacare are protected. And, they will work to lower health care costs and expand access to quality, affordable health care through a Medicare-like public option.

Monitor & Respond To Emerging Developments & Proposals

As the new Administration and Congress get down to work, all U.S. organizations and communities, their leaders, and individual employees and citizens should carefully follow, and share their input to the Administration, members of Congress, and other federal, state and local officials on the actions and proposals taken to implement this and other policy that impact their interests.  

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.  

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is nationally recognized for her work and thought leadership on health and other health and employee benefit issues. 

An attorney board certified in labor and employment law by the Texas Board of Legal Specialization and Fellow in the American College of Employee Benefit Counsel, Ms. Stamer has worked as an on demand, special project, consulting, general counsel or other basis with health and other employee benefit plans, their sponsors, insurers, administrators, providers and others and others has published and spoken extensively on these concerns. 

A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor and advocate for employer and other plan sponsors, fiduciaries, administrators, insurers, technology and other service providers, managed care organizations, direct primary care and other health care providers and others  on these and other legislative, regulatory and other legislative and regulatory design, drafting, interpretation and enforcement, as well as regularly advises and represents organizations on the design, administration and defense of workforce, employee benefit and compensation, safety, discipline, reengineering, regulatory and operational compliance and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and provides insights and thought leadership through her extensive publications, public speaking and volunteer service with a diverse range of organizations including as Chair of the American Bar Association (“ABA”) Intellectual Property Section Law Practice Management Committee, Vice Chair of the International Section Life Sciences and Health Committee, Past ABA RPTE Employee Benefits & Other Compensation Group Chair and Council Representative and current Welfare Benefit Committee Co-Chair, Past Chair of the ABA Managed Care & Insurance Interest Group, past Region IV Chair and national Society of Human Resources Management Consultant Forum Board Member,  past Texas Association of Business BACPAC Chair, Regional Chair and Dallas Chapter Chair, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation and many others.

For more information about these concerns or Ms. Stamer’s work, experience, involvements, other publications, or programs, see www.cynthiastamer.com or contact Ms. Stamer via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  ©2021 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™


Businesses Should Confirm Using Benefits, Meeting Mandates Of Special COVID-19 Tax Rules

June 26, 2020

Earlier this week, the Internal Revenue Service (“IRS”) announced that employee benefit plan participants that already took a required minimum distribution (RMD) in 2020 from certain retirement accounts now has the opportunity through August 31, 2020 to roll those funds back into a retirement account following the Coronavirus Aid, Relief, and Economic Security (CARES) Act RMD waiver for 2020.  The announcement of this relief covers one of a long and growing list of special tax and other COVID-19 responsive special rules and requirements that may change requirements, provide special relief or both for businesses and individuals that every business leader and individual should carefully monitor and respond to appropriately.

Retirement Plan Rollover Relief

On July 23, 2020, the IRS announced its extension of the 60-day rollover period for any RMDs already taken this year to August 31, 2020 to give taxpayers time to take advantage of this opportunity in Notice 2020-51 (PDF).  The Notice also answers questions regarding the waiver of RMDs for 2020 under the Coronavirus Aid, Relief, and Economic Security Act, known as the CARES Act.

The CARES Act enabled any taxpayer with an RMD due in 2020 from a defined-contribution retirement plan, including a 401(k) or 403(b) plan, or an IRA, to skip those RMDs this year. This includes anyone who turned age 70 1/2 in 2019 and would have had to take the first RMD by April 1, 2020. This waiver does not apply to defined-benefit plans.

In addition to the rollover opportunity, an IRA owner or beneficiary who has already received a distribution from an IRA of an amount that would have been an RMD in 2020 can repay the distribution to the IRA by August 31, 2020. The notice provides that this repayment is not subject to the one rollover per 12-month period limitation and the restriction on rollovers for inherited IRAs.

The notice provides two sample amendments that employers may adopt to give plan participants and beneficiaries whose RMDs are waived a choice as to whether or not to receive the waived RMD.

Other COVID-19 Tax Rules & Relief

The guidance and relief in Notice 2020-51 highlights only one of a long list of special COVID-19 associated tax rules and relief that could apply to a business, its employees or employee benefit plan participants or both including the following:

Along with these tax rules, businesses and their employees also may be impacted by a broad range of special federal and state labor and employment and other rules adopted in response to the continuing COVID-19 health care emergency and its fallout.  Businesses and their leaders should carefully review and monitor these and other COVID-19 specific rules to ensure that their businesses don’t trigger unanticipated liability by failing to meet critical requirements or to ensure that they take full advantage of all available relief.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years legal and operational management work, coaching, public policy and regulatory affairs leadership and advocacy, training and public speaking and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally on an demand, special project and ongoing basis with health industry, health plan and insurance and other businesses of all types, government and community organizations and their leaders, spoken and published extensively on workforce and other services, compensation and benefits, and related tax; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress;  and many other management concerns.

Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has extensive experience advising, representing, defending and training health care providers, health plans and insurers, employers, community organizations and others about HIPAA and other privacy concerns and has published and spoken extensively on these concerns.

Her involvement with HIPAA and other privacy and data concerns has taken place as part of her more than 30 years involvement working with with public and private health industry, health insurance and other employers and organizations of all sizes, employee benefit plans, insurance and financial services, health industry and a broad range of public and private domestic and international business, community and government organizations and leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on crisis preparedness and response, privacy and data security, workforce, health care and other policy and enforcement, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and shares insights and thought leadership through her extensive publications and public speaking. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  ©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.


Ezekiel Elliott COVID-19 Diagnosis Disclosure Outrage Highlights Need To Handle COVID-19 & Other Medical Information With Care

June 16, 2020

While most COVID-19 test results won’t draw the widespread coverage and public interest that Elliott’s diagnosis did, businesses generally and health care providers, health plans, health care clearinghouses specifically need to recognize that coverage of the Elliott outrage will heighten awareness and therefore their need to properly handle and protect COVID-19 or other infectious disease and other testing, diagnosis, treatment and other medical and disability information collected or encountered in the course of their operation through the current COVID-19 health care emergency and otherwise in their own organizations.

ADA Responsibilities of Employers In Handling Medical Information

Protecting COVID-19 testing and other medical information isn’t just a concern for covered entities and their business associates, however.  Businesses that are not covered entities also generally should use care in their collection, use, protection and disclosure of COVID-19 testing and other medical information to mitigate their potential liability under the disability discrimination requirements of the ADA, the Rehabilitation Act  and other laws.   For instance, along with prohibiting employers covered by the ADA from discriminating against qualified individuals with disabilities and requiring those employers to provide reasonable accommodations to such employees, the ADA also regulates the ability of covered employers to perform or require medical testing and imposes specific medical confidentiality requirements on all covered employers.  See e.g., What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws.

The ADA’s medical confidentiality requirements dictate that covered employers maintain medical information and records about employees and applicants in separate, confidential files.  Covered employers are responsible for maintaining the confidentiality of medical information and records and cannot disclose it without authorization from the subject employee except under the specific conditions allowed by the ADA.

EEOC guidance provided in its publication entitled Pandemic Preparedness in the Workplace and the Americans With Disabilities Act as updated as of March 19, 2020 emphasizes that covered employers remain accountable for complying with the requirements of the ADA and Rehabilitation Act during the current COVID-19 health care emergency and other pandemics.

While the EEOC Technical Assistance Questions and Answers in its publication What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws
Technical Assistance Questions and Answers as updated on June 11, 2020 recognizes temperature checks and certain other COVID-19 inquiries to screen for COVID-19 exposure or infection might be permitted under the safety exception to the ADA during the current COVID-19 health care emergency, that and other EEOC guidance makes clear that covered employers remain responsible for ensuring that the ADA medical confidentiality requirements are met with regarding to testing and related medical information.  As a result, all ADA-covered employers generally and health care employers specifically are urged to use care both in the administration and collection of information regarding COVID-19 testing and diagnosis, and the protection of the confidentiality of COVID-19 and other medical information and records collected in the course of administering employment, safety, medical leave or other absence or other operations throughout the COVID-19 health care emergency.

Added HIPAA & Texas HIPAA Concerns For Health Plans & Other HIPAA Covered Entities

Assuming that the disclosure of Elliott’s information is traced to a testing provider, laboratory or other health care provider, health plan or insurer, health care clearing house subject to HIPAA (“covered entity”), a service provider acting as a business associate to a covered entity, or a member of their workforce, the unauthorized release of Elliott’s test results, that he underwent the testing, or other medical information, Elliott’s complaint about a possible HIPAA violation could be well-founded as both HIPAA and the somewhat broader provisions of the Texas Medical Privacy Act (“Tex-HIPAA”) (hereafter collectively the “HIPAA Laws”) both generally prohibit unauthorized disclosure of protected medical information such as his COVID-19 test or test results to the media.

The COVID-19 test results and of “individually identifiable personal health information” about Elliott and his encounter created, used, access or disclosed by the testing facility or other health care provider, a health plan, health care clearinghouse (“covered entity”) or a member of its workforce or a subcontractor acting as a business associated qualify as “protected health information subject to HIPAA’s privacy, security, breach and privacy rights protections of HIPAA and Tex-HIPAA.

The HIPAA and Tex-HIPAA prohibition against unauthorized disclosure of protected health information to the media stem from the HIPAA Laws’ broader requirement that covered entities and business associates affirmatively safeguard protected health information against unauthorized use, access or disclosure and sweeping prohibition against their disclosing or allowing the disclosure of protected health information without a HIPAA-compliant authorization except under the narrow and specifically delineated exceptions identified in the rule, none of which appear relevant to the media disclosure objected to by Elliott from the currently available public information.

Both HIPAA Laws expressly prohibit unauthorized disclosure of protected health information by covered entities or their business associates except under the specifically detailed conditions specified in one or more exceptions to this general rule.  Assuming all relevant conditions to qualify for the exception are met, HIPAA does allow covered entities and business associates treatment, payment, operations, public health activities or another situation meeting all applicable requirements of an express exception to the HIPAA prohibition against disclosure.

The federal agency primarily responsible for the implementation and enforcement of HIPAA, the Department of Health & Human Services Office of Civil Rights (“OCR”) regulatory guidance and enforcement history clearly communicates OCR’s view that covered entities or business associates violate HIPAA by disclosing protected health information to the media or other third parties without first obtaining a HIPAA-compliant authorization from the subject of the information except under the specific circumstances described in an applicable Privacy Rule exception.

In its May 5, 2020 Guidance on Covered Health Care Providers and Restrictions on Media Access to Protected Health Information about Individuals in Their Facilities (“5/5 Guidance”), for instance, OCR specifically reminded HIPAA covered health care providers that the HIPAA Privacy Rule does not permit them to give media and film crews access to protected health information including access to facilities where patients’ protected health information will be accessible without the patients’ prior authorization. has made clear that testing facilities and other health care providers generally remain accountable for complying with the HIPAA Privacy Rule that prohibits unauthorized use, access or disclosure of test results and other protected health information except   as specifically allowed in the applicable HIPAA Law.

The 5/5 Guidance specifically states, “The COVID-19 public health emergency does not alter the HIPAA Privacy Rule’s existing restrictions on disclosures of protected health information (PHI) to the media.’  Additionally, it states confirmed that even during the current COVID-19 public health emergency, covered health care providers remain required to obtain a valid HIPAA authorization from each patient whose PHI will be accessible to the media before the media is given access to that PHI. In this regard, the 5/5 Guidance states, As explained in prior guidance,1 HIPAA does not permit covered health care providers to give the media, including film crews, access to any areas of their facilities where patients’ PHI will be accessible in any form (e.g., written, electronic, oral, or other visual or audio form), without first obtaining a written HIPAA authorization from each patient whose PHI would be accessible to the media. 2 Additionally, covered health care providers may not require a patient to sign a HIPAA authorization as a condition of receiving treatment.  The guidance clarifies that masking or obscuring patients’ faces or identifying information before broadcasting a recording of a patient is not sufficient, as a valid HIPAA authorization is still required before giving the media such access.  Additionally, the guidance describes reasonable safeguards that should be used to protect the privacy of patients whenever the media is granted access to facilities.

OCR’s positions on disclosures to the media in the 5/5 Guidance reaffirm OCR’s longstanding interpretation and enforcement of HIPAA as prohibiting disclosures of PHI and media access to areas where patients or their protected health information might be visible or accessible is long standing.

In June, 2013, for instance, OCR sent a clear message to covered entities and business associates not to make unconsented disclosures of protected health information to or allow media access to areas where patients or their protected health information could be accessed or observed when it required Shasta Regional Medical Center (SRMC) to pay $275,000 to resolve OCR HIPAA charges stemming from SRMC’s unauthorized disclosure of protected health information to multiple media outlets as part of a public relations effort to mitigate damage from fraud and misconduct allegations made against it by the patient.  See HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce.

OCR subsequently reinforced its warning to covered entities and business associates about  unauthorized disclosures of protected health information in a 2016 Frequently Asked Question (Media FAQ) that discussed covered entities HIPAA responsibilities when dealing with the media.  The Media FAQ was issued in conjunction with OCR’s collection of its $2.2 million settlement with New York-Presbyterian Hospital and a series of other settlements totaling $999,000 from three other health care providers accused of violating HIPAA by allowing media personnel into treatment or other areas where patients or patient protected health information was accessible without first obtaining a HIPAA compliant written authorization from each patient or other subject present or whose protected health information otherwise would be accessible to the media.  See $999K Price Hospitals Pay To Settle HIPAA Privacy Charges From Allowing ABC To Film Patients Without Authorization.

In the Media FAQ, OCR stated HIPAA required covered entities to obtain prior written authorization before disclosing protected health information to the media or allowing media to film or access exam rooms or other areas where patients or protected health information could be observed or accessed.  The Media FAQ also stated that masking or blurring the identity of the patient or their specific information was not an adequate substitute for written authorization and that covered entities also were responsible for ensuring that reasonable safeguards were in place to protect against impermissible disclosures or to limit incidental disclosures of other PHI in areas where media is allowed access where prior authorization has not been obtained.  While stressing the importance of compliance with these requirements, however, the Media FAQ clarified that the HIPAA Privacy Rule does not require health care providers to prevent members of the media from entering areas of their facilities that are otherwise generally accessible to the public like public waiting areas or areas where the public enters or exits the facility In addition, the Media FAQ states a health care provider or other Covered Entity also highlighted certain other limited circumstances where HIPAA might allow limited disclosure of protected health information to the media in accordance with specific provisions of the Privacy Rule about an incapacitated patient when in the patient’s best interest; or disclose a patient’s location in the facility and condition in general terms that do not communicate specific medical information about the individual to the media or any other person any person where the individual has not objected to his information being included in the facility directory and the media representative or other person asks for the individual by name.

In the intervening years, OCR periodically has issued additional reminders to covered entities about HIPAA’s general prohibition against unconsented disclosures to the media as well as sanctioned harshly various covered entities for violating these prohibitions.  In 2017, OCR required the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS), to pay OCR $2.4 million to settle charges it violated HIPAA by issuing a press release to the media that shared the name and other protected health information about a patient suspected of using a fraudulent insurance card to obtain care at a clinic without the patient’s prior HIPAA-compliant authorization. While OCR concluded a report made MHHS made to law enforcement about the patient was allowable under the Privacy Rule, OCR found MHHS violated the Privacy Rule by issuing the press release disclosing the patient’s name and other PHI without authorization from the patient and also by failing to timely document the sanctioning of its workforce members for impermissibly disclosing the patient’s information.  See $2.4M HIPAA Settlement Warns Providers About Media Disclosures Of PHI.

While OCR has announced certain temporary enforcement relief from a narrow set of HIPAA requirements during the COVID-19 health care emergency as applied to certain qualifying testing facilities, telemedicine providers and other specific health care providers engaging in certain  types of health care during the COVID-19 health care emergency, OCR consistently has made clear that its COVID-19 HIPAA relief is very limited in scope, applicability and duration and in no way waives the prohibition against unauthorized disclosure to the media or other third parties not generally permitted under HIPAA.  See e.g., 5/5 Guidance; OCR Issues Guidance on How Health Care Providers Can Contact Former COVID-19 Patients About Blood and Plasma Donation Opportunities; OCR Announces Notification of Enforcement Discretion for Community-Based Testing Sites During the COVID-19 Nationwide Public Health EmergencyOCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency; OCR Issues Bulletin on Civil Rights Laws and HIPAA Flexibilities That Apply During the COVID-19 Emergency; OCR Issues Guidance to Help Ensure First Responders and Others Receive Protected Health Information about Individuals Exposed to COVID-19; OCR Issues Guidance on Telehealth Remote Communications Following Its Notification of Enforcement Discretion; OCR Announces Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency.  To the contrary, OCR’s announcement of the 5/5 guidance quotes OCR Director Roger Severino, as stating “Hospitals and health care providers must get authorization from patients before giving the media access to their medical information; obscuring faces after the fact just doesn’t cut it,” Severino added.

Minimize Exposures By Preventing Unauthorized Media & Other Disclosures

Even without Mr. Elliott’s outrage heightening awareness about HIPAA’s prohibitions against unauthorized disclosures of protected health information to the media, the recent warning about HIPAA’s restrictions on media disclosure and access to protected health information and patient treatment areas in OCR’s 5/5 Guidance alone should serve as a strong incentive for covered entities and business associate promptly to reverify that the adequacy of their current policies, practices and training to prevent inappropriate media disclosures of protected health information and otherwise defend their compliance with OCR’s interpretation of HIPAA’s requirements for dealing with the media.  Predictable heightened patient and public awareness and expectations about these and other HIPAA responsibilities fueled by the widespread media coverage of Mr. Elliott’s COVID-19 test results and his outrage about the unauthorized disclosure of his test results makes it more important than ever that health care providers and other covered entities and business associates take steps to prepare to respond to foreseeable complaints and questions by other patients, their families and others.

As part of these efforts, most covered entities and business associates may want to consider, at minimum, reconfirming the adequacy and understanding of their current media and other disclosure policies and practices, as well as sending strategic communications to their business associates and members of their workforce reminding them of the covered entity’s policies regarding media access and disclosures.

As part of these activities, covered entities should consider conducting a well-documented assessment of their current policies, practices and workforce training on disclosure of information to the media and other parties generally, as well as policies on allowing media or other parties to enter, film, photograph or record within their facilities or otherwise disclosing or allowing media access to their facilities.  Along with these efforts, most covered entities also may want to consider also reminding workforce members that their patient privacy responsibilities also requires that they not share or discuss patient protected health information, film, photograph, or otherwise record, patients or areas where patients or patient protected health information is or might be present without prior written consent of the patient and the consent of their organization.

Since covered entities and members of their workforce also are likely to be subject to other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by the HIPAA Laws such as medical confidentiality duties applicable to physicians and other health care providers under medical ethics, professional licensure or other similar rules, contractual responsibilities, as well as common law or statutory privacy, theft of likeness or other statutory or common law tort claims and exposures.  Covered entities and business associates generally should consider whether other steps are advisable to manage these exposures along with managing their HIPAA Law compliance.

Given the high incidence of COVID-19 exposure and infection within their workplace, covered entities, business associates and other employers should use care fulfill their HIPAA Law relevant employment law confidentiality responsibilities when dealing with testing or other medical information about employees.  In this respect, along with any HIPAA Law obligations that a covered entity or business associate has in handling medical information about a patient who also is an employee or family member of an employee, covered entities also should use care to ensure that medical confidentiality requirements of the Americans With Disabilities Act (“ADA”) and other applicable employment laws are met.

Since this analysis and review in most cases will result in the uncovering or discussion of potentially legally or politically sensitive information, Covered Entities should consider consulting with or engaging experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.

Finally, covered entities should keep in mind that HIPAA and other medical privacy compliance and risk management is an ongoing process requiring constant awareness and diligence.  Consequently, covered entities and business associates also should use care both to monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years legal and operational management work, coaching, public policy and regulatory affairs leadership and advocacy, training and public speaking and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally on an demand, special project and ongoing basis with health industry, health plan and insurance and other business, government and community organizations and their leaders, spoken and published extensively on HIPAA and other privacy and data security concerns, as well as other health care and health benefits;  human resources, employee benefits and other workforce and services; insurance; workers’ compensation and occupational disease; business reengineering, disaster and distress;  and many other management concerns.

Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer has extensive experience advising, representing, defending and training health care providers, health plans and insurers, employers, community organizations and others about HIPAA and other privacy concerns and has published and spoken extensively on these concerns.

Her involvement with HIPAA and other privacy and data concerns has taken place as part of her more than 30 years involvement working with with public and private health industry, health insurance and other employers and organizations of all sizes, employee benefit plans, insurance and financial services, health industry and a broad range of public and private domestic and international business, community and government organizations and leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension  project, Ms. Stamer also has worked internationally and domestically as an advisor to business, community and government leaders on crisis preparedness and response, privacy and data security, workforce, health care and other policy and enforcement, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.

Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and shares insights and thought leadership through her extensive publications and public speaking. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  ©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.


Wish Tax Guidance Were Clearer? Tell IRS/Treasury Your Suggested Topics For 2020-2021 Treasury Priority Guidance Plan

June 11, 2020

Lack of clarity in current tax regulations or guidance creating headaches?  The Department of the Treasury (“Treasury Department”) and the Internal Revenue Service (“IRS”) are inviting businesses and individuals to submit recommendations about what issues the 2020-2021 Priority Guidance Plan should include.  Businesses and individuals with ideas about tax guidance needed to solve vexing issues should consider submitting their proposed guidance to the the Treasury Department and IRS in response to this invitation.

The Treasury Department’s Office of Tax Policy and the Service uses the Priority Guidance Plan each year to identify and prioritize the tax issues that tax regulations, revenue rulings, revenue procedures, notices, and other published administrative guidance should address during the year.

The 2020-2021 Priority Guidance Plan will identify guidance projects that the Treasury Department and the Service intend to actively work on as priorities during the period from July 1, 2020, through June 30, 2021.

In reviewing recommendations and selecting additional projects for inclusion on the 2020-2021 Priority Guidance Plan, the Treasury Department and the Service will consider the following:

  • Whether the recommended guidance resolves significant issues relevant to a broad class of taxpayers;
  • Whether the recommended guidance reduces controversy and lessens the burden on taxpayers or the Service;
  • Whether the recommended guidance relates to recently enacted legislation;
  • Whether the recommendation involves existing regulations or other guidance that is outdated, unnecessary, ineffective, insufficient, or unnecessarily burdensome and that should be modified, streamlined, expanded, replaced, or withdrawn;
  • Whether the recommended guidance would be in accordance with Executive Order 13771 (82 FR 9339), Executive Order 13777 (82 FR 12285), Executive Order 13789 (82 FR 19317), or other executive orders.
  • Whether the recommended guidance promotes sound tax administration;
  • Whether the Service can administer the recommended guidance on a uniform basis; and
  • Whether the recommended guidance can be drafted in a manner that will enable taxpayers to easily understand and apply the guidance.

While suggestions are submitted throughout the year, Notice 2020-47 encourages individuals or businesses desiring to propose issues or other content to be included in the 2020-2021 Priority Guidance to submit their recommendations for guidance by Wednesday, July 22, 2020, for possible inclusion on the original 2020-2021 Priority Guidance Plan.  Taxpayers are not required to submit recommendations for guidance in any particular format. Taxpayers should, however, briefly describe the recommended guidance and explain the need for the guidance. In addition, taxpayers may include an analysis of how the issue should be resolved. For recommendations to modify, streamline, or withdraw existing regulations or other guidance, taxpayers should explain

how the changes would reduce taxpayer cost and/or burden or benefit tax administration.

Notice 20-47 also states that taxpayers suggesting more than one guidance project prioritize the projects by order of importance. If a large number of projects are being suggested, it would be helpful if the projects were grouped by subject matter and then in terms of high, medium, or low priority. Requests for guidance in the form of petitions for rulemaking will be considered with other recommendations for guidance in accordance with the considerations described in Notice 2020-47.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years legal and operational management work, coaching, public policy and regulatory affairs leadership and advocacy, training and public speaking and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally on an demand, special project and ongoing basis with business, government and community organizations and their leaders, spoken and published extensively on human resources, employee benefits and other workforce and services, tax, health care and health benefits, insurance, workers’ compensation and occupational disease, business disaster and distress and many other management topics, As a key focus of this work, Ms. Stamer has worked with public and private employers of all sizes, employee benefit plans, insurance and financial services, health industry and a broad range of public and private domestic and international business, community and government organizations and leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension    project, Ms. Stamer also has worked internationally as an advisor to business, community and government leaders on crisis preparedness and response, workforce, health care and other reform, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.

Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and shares insights and thought leadership through her extensive publications and public speaking. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  ©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. 

 


New IRS Increased Health FSA Carryover, Gives COVID Health FSA Election Relief

June 11, 2020

IRS Notice 2020-33 released indexing the permissible health FSA carryover. As a consequence, the permissible amount immediately increases from $500 to $550.

IRS Notice 2020-29 released to provide temporary flexibility under cafeteria plans for new or changed health coverage and dependent care and health FSA elections, and extensions in certain circumstances of claims periods before use-or-lose must be applied, in response to the changed circumstances many have experienced with respect to availability of childcare and availability of elective health procedures. And a few other HDHP nuggets in there as well.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.  

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.  

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years legal and operational management work, coaching, public policy and regulatory affairs leadership and advocacy, training and public speaking and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally on an demand, special project and ongoing basis with business, government and community organizations and their leaders, spoken and published extensively on human resources, employee benefits and other workforce and services, tax, health care and health benefits, insurance, workers’ compensation and occupational disease, business disaster and distress and many other management topics, As a key focus of this work, Ms. Stamer has worked with public and private employers of all sizes, employee benefit plans, insurance and financial services, health industry and a broad range of public and private domestic and international business, community and government organizations and leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension    project, Ms. Stamer also has worked internationally as an advisor to business, community and government leaders on crisis preparedness and response, workforce, health care and other reform, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.

Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and shares insights and thought leadership through her extensive publications and public speaking. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.  

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as: 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  ©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. 

 

.


Employer Sponsors & Health Plans Face Rising Risk From Mental Health & Substance Abuse Coverage Violations

March 20, 2020

Employer and union-sponsored health plans, their sponsors, fiduciaries and administrators should heed the reminder of the importance of ensuring their health plans properly comply in form and operation with the mental health and substance abuse parity mandes of the Mental Health Parity and Addiction Equity Act (MHPAEA)  in when the  U.S. Department of Labor (“DOL”) Employee Benefit Security Administration (“EBSA”) released its 2020 Report to Congress: Parity Partnerships: Working Together (the”2020 Report”) available for review here.

In addition to exposing the health plan administrators and othr fiduciaries to potential claims denial or fiduciary responsibility claims brought by participants or beneficiaries, the Department of Labor or both, administrative penalties by the EBSA, or both, the MHPAEA mental health and substance abuse parity rules are among 40 federal mandates that when violated can rigger the automatic $100 per violation per day employer excise tax penalty under Internal Revenue Code Section 6039D.  As a consequence, violations of the MHPAEA are particularly risky and potentially expensive for private employers, their health plans and the plan administrators and fiduciaries that administer it.

To avoid violation of the MHPAEA, covered health plans generally must cover mental health and substance abuse care and treatment on the same terms in form and in operation as other similar benefits, as well as comply with special notice and claims administration requirements.  Comparability of mental health and substance abuse coverage is determined in accordance with complicated federal regulations,  Meeting these requirements in operations is often tricky, particularly when health plans attempt to apply tools to manage hospitalization or other treatments.  For additional information about MHPAEA, C. Stamer, What Should I Know About the MHPAEA and 21st Century Cures Act (2018).

Along with the 2020 Report, Along with releasing the report, EBSA also is continuing its efforts to educate plan sponsors, fiduciaries, administrators about the importance of compliance with the federally imposed group health plan mental health and substance abuse coverage mandates of the Mental Health Parity and Addiction Equity Act  (“MHPAEA”). Consequently, along with its release of the 2020 Report, EBSA reminded plans, employers and other interested parties of the following previously published EBSA guidance about the MHPAEA mandates:

MHPAEA Enforcement Authority

MHPAEA enforcement is split between the EBSA and the Department of Health & Human Services Centers for Medicare & Medicaid Services (“CMS”) depending on the nature and sponsorship of the health program. 

Pursuant to its enforcement authority under Title I of the Employee Retirement Income Security Act of 1974 (ERISA), EBSA is responsible for enforcement of the MHPAEA with respect to approximately 2.4 million private employment-based group health plans.  In contrast, CMSenforces MHPAEA and other applicable provisions of Title XXVII of the Public Health Service Act (PHS Act) with respect to non-federal governmental group health plans, such as plans for employees of state and local governments. Sponsors of self-funded, nonfederal governmental plans may elect to exempt those plans from (opt out of) certain requirements of Title XXVII of the PHS Act, including MHPAEA.  In addition, CMS enforces MHPAEA with respect to health insurance issuers selling products in the individual and fully insured group markets in states that elect not to enforce or fail to substantially enforce MHPAEA. Currently, CMS is responsible for enforcement of MHPAEA with regard to issuers in four states: Missouri, Oklahoma, Texas and Wyoming. In these states, CMS reviews health insurance policy forms of issuers in the individual and group markets for compliance with MHPAEA prior to the products being offered for sale. In addition, CMS has collaborative enforcement agreements with five states: Alabama, Florida, Louisiana, Montana, and Wisconsin. These states perform state regulatory and oversight functions with respect to the federal requirements, including MHPAEA. However, if the state finds a potential violation and is unable to obtain compliance by an issuer, the state will refer the matter to CMS for possible enforcement action. CMS also performs market conduct examinations, where issuers are audited for compliance with applicable federal requirements, including MHPAEA, in states where CMS is responsible for enforcement and in states with a collaborative enforcement agreement when the state requests assistance.

EBSA FY 2019 Enforcement Against Private Employment Based Health Plans

The Fiscal Year (“FY”) 2019 Fact Sheet reports that in FY 2019, EBSA investigated and closed 186 health plan investigations in FY 2019 (and 3,758 health plan investigations since FY 2011). Of these:

  • 71 investigations involved fully-insured plans, 91 investigations involved self-insured plans, and
  • 24 investigations involved plans of both types (the plan or service provider offered both fully-insured and self-insured options).
  • 183 of these closed investigations involved plans subject to MHPAEA, which were reviewed for MHPAEA compliance. Of these, 68 investigations involved fully-insured plans, 91 investigations involved self-insured plans, and 24 investigations involved plans of both types (the plan or service provider offered both fully-insured and self-insured options).
  • EBSA cited 12 MHPAEA violations in 9 of these investigations.
  • Of these 9 investigations, 1 investigation involved a fully-insured group health plan, 3 investigations involved self-funded group health plans, 2 investigations involved partially self-funded group health plans and 3 were service provider investigations.
  • EBSA benefits advisors answered 90 public inquiries, including 62 complaints, in FY 2019 related to MHPAEA (and answered 1,445 inquiries related to MHPAEA since FY 2011)

Concerning the focus of the EBSA investigated MHPAEA violations, EBSA reports the investigations focused on the following categories:

  • Annual dollar limits: dollar limitations on the total amount of specified benefits that may be paid in a 12-month period under a group health plan or health insurance coverage for any coverage unit (such as self-only or family coverage).
  • Aggregate lifetime dollar limits: dollar limitations on the total amount of specified benefits that may be paid under a group health plan or health insurance coverage for any coverage unit.
  • Benefits in all classifications: requirement that if a plan or issuer provides mental health or substance use disorder benefits in any classification described in the MHPAEA final regulation, mental health or substance use disorder benefits must be provided in every classification in which medical/surgical benefits are provided.
  • Financial requirements: deductibles, copayments, coinsurance, or out-of-pocket maximums.
  • Treatment limitations: includes limits on benefits based on the frequency of treatment, number of visits, days of coverage, days in a waiting period, or other similar limits on the scope or duration of treatment. Treatment limitations include both quantitative treatment limitations (QTLs), which are expressed numerically (such as 50 outpatient visits per year), and nonquantitative treatment limitations (NQTLs), which otherwise limit the scope or duration of benefits for treatment under a plan or coverage.
  • Cumulative financial requirements and QTLs: financial requirements and treatment limitations that determine whether or to what extent benefits are provided based on certain accumulated amounts including deductibles, out-of-pocket maximums and annual or lifetime day or visit limits.
  • Other ERISA violations (such as claims processing and disclosure violations) affecting mental health and substance use disorder benefits.

Along with the EBSA enforcement, private participants and beneficiaries of private employer sponsored health plans also can bring lawsuits to recover benefits and other relief for violatons of MHPAEA.  Along with the actual damages, attorneys’ fees and other costs of enforcement, a successful MHPAEA enforcement also typically will reveal the sponsoring employer or union’s failure to make the required self-disclosure and excise tax payments mandated for violations under Internal Revenue Code Section 6039D, triggering added penalties beyond the initial penalties triggered by the uncorrected violation.  Furthermore, delayed discovery of these violations also makes correction particularly costly for self-insured plans and their sponsors as deadlines for submitting expenses to qualify for stop loss reimbursement often will have passed by the time the liability comes to light.  Accordingly, employer and other health plan sponsors, their fiduciaries and adminstrators generally will want to audit and monitor their health plan’s compliance with the MHPAEA throught the calendar year and as plan year or stop loss filing deadlines approach to mitigate these exposures.  

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.  

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.  

About the Author


Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally with business, government and community leaders to prepare for and deal with pandemic and other health and safety, financial, workforce and other organizational crisis, change and workforce, employee benefit, health care and other operations planning, preparedness and response for more than 30 years.  As a part of this work, she regularly advises businesses and government leaders on an an  demand and ongoing basis about preparation of workforce, health care and other business and government policies and practices to deal with management in a wide range of contexts ranging from day to day operations, through times of change and in response to operational, health care, natural disaster, economic and other crisis and change.

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, “How to Conduct A Reduction In Force,” and a multitude of other highly regarded publications and presentations on workforce, compliance, health care and health benefits, pandemic and other health crisis, workers’ compensation and occupational disease, business disaster and distress and many other topics, Ms. Stamer has worked with employers, insurers, health industry organizations and providers and domestic and international community and government leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension privaitization project, Ms. Stamer also has worked internationally as an advisor to business, community and government leaders on crisis preparedness and response, workforce, health care and other reform, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.

Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.  

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as: 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.


Use Prudent Process To Manage Workforce & Other Business Changes To Help Minimize Business & Management Liabilities & Protect Future Recovery

March 16, 2020

The financial effects of the COVID-19 pandemic and containment efforts has many businesses flailing to reconfigure their staffing and other business models even as Congress is preparing to impose paid COVID related leave mandate on employers with less than 500 employees.   With the sharp falloff in business threatening their current liquidity and operations, many business leaders understandably feel pressure to substantially reduce their workforces or make other radical changes in business operations to stem their business’ resulting COVID-19 created financial crisis.  When choosing and implementing their options, however, business leaders should carefully weigh all of their options and use care when designing and implementing their workforce and other business adjustments strategically to best position their businesses to survive the current crisis without triggering unanticipated employment, employee benefit, compensation or other liabilities as well as to best position their organizations and its leaders to retain the trust and respect their business will need to regain the customer, vendor, workforce and other business respect and loyalty their business will need to recover once the crisis has past.

Many business owners and leaders understandably feel the COVID-driven economic downturn forces them to act quickly to implement workforce reductions, close plants, or shut down all or portions of their business operations.  Where a distressed business contemplates a plant closing,  mass layoff or other substantial change, however, the business and its leaders need to fully understand the various financial and legal effects and costs of the proposed workforce and other business changes and act strategically to manage their resulting obligations and obligations.   Businesses owners and leaders dealing with these issues are invited to check out the COVID-19 Workforce Change Planning & Implementation Process Flow tool and other resources available here.

While financial and other business exigencies unquestionably makes speedy action critical for many businesses, owners and management need to recognize that poorly chosen or improperly implemented strategies or actions raises significant risks that unanticipated costs and liabilities will undermine or wipe out anticipated benefits of the contemplated actions, undermine, the business future recovery opportunities, expose the business, its ownership and management to substantial liability and other risks.

While the current economic freefall may tempt many business leaders to see shutting down their operations or other mass layoffs as the best option for protecting their businesses, it is important to keep in mind that layoffs and other employment terminations as well as early terminations of other services contracts typically trigger legal and finanncial exposures.  Businesses leaders need to recognize and account for these obligations and their financial and operational costs when weighing their options and plan to manage the obligations and costs and other liabilities when implementing the strategy chosen by their business.  This can be particularly important where a realistic likelihood exists that the business may file for bankrutpcy protection and/or fail to meet certain of these obligations as some obligations may create personal liability for business owners or leaders if not fulfilled by the company.

When anticipating or executing potential employment terminations, businesses and their leaders should recognize and address properly the employment, unemployment, employee benefit, compensation and other responsibilities attendant to any employment termination. Whether planning to furlow workers for a short period or planning a longer term layoff or shutdown, businesses leaders must fully understand their probable fixed obligations including any accellerated or added liabilities and costs likely to be triggered by the workforce action. Accordingly businesses should prepare to handle the fallout from COVID-19 impacts to their workforce and other business operations by on their existing or contemplated voluntarily imposed and legally mandated employment, compensation, benefit, safety, contractual and other related obligations obligations.

While planning for workforce or other actions, businesses and leaders also should are urged to confirm the availability of their cash flow to meet current requirements to timely fund payroll and associated taxes, health, disability and defined benefit pension, and other costs where nonpayment or untimely payment carries substantial entity and/or personal exposure to penalties or other liabilities likely to survive bankruptcy or other restructuring.  In the case of health and pension benefit liabilities, for instance, nonpayment of premiums and other required funding could carry fiduciary liability for business owners, board members and other management with responsibility or discretion over these programs and their funding.  Accordingly, if a business anticipates any risk of inability to fund already accrued or impending funding obligations, management should contact experienced legal counsel for immediate assistance with addressing these potential risks.

Additionally, businesses and their leaders contemplating offering special leave to workers absent or furloughed during leave need to take into account and handle properly both applicable federal, state and local mandated benefits and other rights, the legal requirements for adopting and implementing paid or other voluntarily provided leave, the benefit benefit, recall and other rights of workers terminated, furloughed or absent due COVID-related illness or other events.

COVID-19 Related Since Leave Or Other Absences  From Ongoing Workforce

Regardless of whether a business plans additional workforce changes, all businesses need to be prepared to deal with absences resulting from contractions or exposures of COVID-19 by employees or their families or other COVID-19 associated absences.

Employees taking voluntary or involuntary leave likely already are entitled to certain paid or unpaid leave and associated benefit, reinstatement and other rights under a hodgepodge of voluntarily established company policies and other federal, state and even local regulations.  Beyond any existing accrued rights to paid or unpaid leave due an employee under voluntary company policies and/or federal, state or local mandates, businesses need to understand and be prepared to meet their obligations to provide continued health benefit coverage and reinstatement to benefits as mandated by the Family & Medical Leave Act (“FMLA”) for FMLA covered workers, health plan continuation coverage rights for employees experiencing reductions in hours triggering losses of health plan eligibility as required by the Consolidated Omnibusiness Budget Reconciliation Act (“COBRA”).  These obligations are expected to be expanded later this week if the “Families First Coronavirus Response Act,” (H.R. 6201) passed by the House of Representatives last week passes the Senate and is signed into law by President Trump as expeted later this week as part of efforts to mitigate impacts of disruptions of the COVID-19 containment disruptions. While H.R. 6201 is expected to include tax credits for employers to help mitigate the financial effects of its paid leave mandates for covered employers, employers will want to understand and take into account these requirements and the potential tax credits when deciding what leave to offer beyond the mandated paid leave and properly plan for, anticipate costs of and integrate those obligations with their other leave obligations.

Aside from the likely increase in the frequency of the occurence of these usual employment absence, termination, unemployment, compensation, and benefit liabilities and costs, businesses planning or contemplating some or all of their employees will termiinate employment due to long-term illnesses, employer  layoffs or other COVID-related events need to anticipate and prepare to deal with other likely additional consequences. For instance:

  • Illness and other absences generally trigger added potential exposure for discrimination, retaliation, privacy and other employment claims and risks if not properly recognized and managed;
  • The selection and implementation of workers to be affected by furloughs, layoffs and other workforce actions should be conducted carefully to manage potential Relatively small declines in the size of a business’ workforce can trigger pricing changes or even termination rights for vendors providing coverage or services for group health or other insurance, stop-loss insurance coverage on self-insured health plans or other human resources, payroll, benefits or other related services or coverage;
  • Changes in workforce size and compensation can affect whether an employer sponsored health, 401(k) or other savings or retirement plan or other benefit program fulfills applicable coverage, participation and nondiscrimination requirements resulting in tax consequences for the employer and in some instances, key or highly compensated employees, obigations for the business to make additional funding contributions, in the case of employers with health plans covered by Internal Revenue Code Section 4980H, mandatory contributions for health insurance exchange coverage for uncovered employees or other consequences.
  • Reductions in hours or terminations of employment that reduce participation in 401(k) and other savings or retirement programs by 20 percent or more generally trigger obligations to fully vest and for retirement plans, accellerate funding of benefts of terminating workers under the “partial termination” rules applicable to those programs.
  • Severance, paid or unpaid leave, and other arrangements voluntarily adopted in response to the COVID-19 disruptions or covered by other voluntarily adopted programs or practices need to be appropriately documented and administered in accordance with the Employee Retirement Income Security Act (“ERISA”) or other applicable federal law as well as properly integrated with other federal, state, and local leave or other mandates to manage unanticipated costs and avoid unanticipated fiduciary and financial liability for the business, its management or both.
  • Financial disruptions that prevent a business from timely making required contributions to fund defined benefit or other pension plans insured by the Pension Benefit Guarantee Corporation can trigger funding notice, excise tax penalty and other obligations for the employer and its fiduciaries.
  • For certain employers, reductiions of all or a significant portion of a workforce companywide or at certain locations by a distressed or other business usually triggers a host of special obligations and attendant costs for businesses.  Businesses anticipating these changes need to take into account the financial costs and legal obligations and expossures of proposed workforce or other actions and where applicable, make appropriate arrangements to comply or implement their workforce and other business restructurings to restructuring to minimize and meet these obligations.

Of course, For instance, layoffs and other reductions in force or closings by businesses often trigger a host of legal and financial obligations.  at certain businesses or business locations often trigger obligations to provide advance notifications under the Worker Adjustment and Retraining Notification Act (WARN) or other statutes or contracts.  Where these obligations are triggered, the business not only will need to arrange to provide required notitications  but also needs to take into account their business’ likely financial exposure for payment of pay in lieu of notice or other costs and liability arising from the employment.  WARN, business contemplating or implementing a plan closing, mass layoff or other reductions in force also should evaluate and make appropriate arrangements to address potential obligations under state plant closing laws, the ARRA Stimulus Bill Extension Rules amended and extended earlier this month and other requirements of COBRA, voluntary or contractually obligated termination pay or other severance obligations, employee benefit, unemployment, and other laws.

The COVID-19 Workforce Change Planning & Implementation Process Flow tool  provides an overview of the type of process flow tthat business owners and  leaders dealing with these issues may find useful to help guide their process for planning their business’ workforce management response to the unexpected business exigencies created by the ongoing COVID-19 outbreak.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Law and Labor and Employment Law and Health Care; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services, construction, manufacturing, staffing and workforce and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has continuously and extensively worked with domestic and international employer and other management, employee benefit and other clients to assess, manage and defend joint employer and other worker classifications and practices under the FLSA and other federal and state laws including both advising and and assisting employers to minimize joint employer and other FLSA liability and defending a multitude of employers against joint employer and other FLSA and other worker classification liability. She also has been heavily involved in advocating for the Trump Administration’s restoration of more historical principles for determining and enforcing joint employer liability over the past several years.

Author of hundreds of highly regarded books, articles and other publications, Ms. Stamer also is widely recognized for her scholarship, coaching, legislative and regulatory advocacy, leadership and mentorship on wage and hour, worker classification and a diverse range of other labor and employment, employee benefits, health and safety, education, performance management, privacy and data security, leadership and governance, and other management concerns within the American Bar Association (ABA), the International Information Security Association, the Southwest Benefits Association, and a variety of other international, national and local professional, business and civic organizations including highly regarded works on worker reclassification and joint employment liability under the FLSA and other laws published by the Bureau of National Affairs and others.  Examples of these involvements include her service as the ABA Intellectual Property Law Section Law Practice Management Committee; the ABA International Section Life Sciences and Health Committee Vice Chair-Policy; a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former JCEB Council Representative and Marketing Chair; Past Chair of the ABA RPTE Employee Benefits and Other Compensation Group and Vice Chair of its Law Practice Management Committee; Past Chair of the ABA Managed Care & Insurance Interest Group; former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Southwest Benefits Association Board member; past Texas Association of Business State Board Member, BACPAC Committee Meeting, Regional and Dallas Chapter Chair; past Dallas Bar Association Employee Benefits Committee Executive Committee; former SHRM Region IV Chair and National Consultants Forum Board Member; for WEB Network of Benefit Professionals National Board Member and Dallas Chapter Chair; former Dallas World Affairs Council Board Member; founding Board Member, past President and Patient Empowerment and Health Care Heroes founder for the Alliance for Health Care Excellence; former Gulf States TEGE Council Exempt Organizations Coordinator and Board member; past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Self Insured Plan & Contract Amendments Likely Required To Waive Deductibles, Expand Other Coronavirus Coverage

March 11, 2020

Following up on the White House’s announcement yesterday that by major health insurers, Medicare and Medicaid to cover medically necessary testing and expand coverage for treatment of 2019 Novel Coronavirus (“coronavirus), without applying deductibles or coinsurance and offer expanded telemedicine and other coverage for coronavirus care, the Internal Revenue Service (“IRS”) today issued guidance giving health plans confirming health plans waiving deductibles won’t violate the Internal Revenue Code health savings account high deductible health plan rules.  However many employer or other sponsors of self-insured health plans may need to amend their health plans and take other steps if they want their health plans to provide similar coverage.  Meanwhile the Centers for Disease Control (“CDC”) released updated guidance to help businesses, schools, and other organizations to operate safely during the current outbreak.

Coronavirus Testing & Other Health Coverage

Major health insurers agreed in a Whitehouse Coronavirus Taskforce meeting yesterday to cover medically necessary testing and extend coverage to medically necessary treatment. The agreement only technically binds Medicare, Medicaid and other government programs  and private insurers participating in the meeting. It does not automatically extend coverage or waive deductibles for self-insured employer or union sponsored health plans which provide coverage for an estimated 61 percent of covered U.S. worker and their families. Self-insured plan sponsors wishing to provide similar coverage and waive deductibles generally will need to take specific action to amend their plans and related contractracts and communications.

Vice President Pence announced the agreement with insurers yesterday saying among other things:

I’m pleased to report, as you requested, Mr. President, that all the insurance companies here — either today or before today — have agreed to waive all copays on coronavirus testing and extend coverage for coronavirus treatment in all of their benefit plans.

And, at your direction, Medicare and Medicaid, last week, already made it clear to Medicare and Medicaid beneficiaries that coronavirus testing and treatment would be covered. These private insurance carriers have extended that as well.

They’ve also agreed to cover telemedicine so that anyone, particularly among the vulnerable senior population, would not feel it necessary to go to a hospital or go to their doctor. They’ll know that telemedicine is covered.

While the announcement indicates that insurers involved in the meeting plan to expand coverage and waive deductibles,  self-insured employer and union sponsored plans aren’t technically covered by the agreement.  While  many employers sponsoring self-insured health plans will want their health plan to provide similar coverage as part of their risk management response to the coronavirus outbreak. Self-insured plan sponsors and fiduciaries should confirm appropriate plan language is adopted and that their stop loss insurance carriers are on board or other arrangements are made to plan for and cover costs, and that other plan vendors are on board to handle responsibilities. This is particularly critical as failing to make the necessary amendments could result in an absence of stoploss insurance to cover additional cost. And relatively small workforce is with few people seeking the care, this might not make a material difference in plan costs. If several workers seek treatment, however, the absence of stoploss insurance coverage for the claims could both impact coverage for those particular items if the deductible under the policy has been met as well as could affect whether those claims count overall aggregate coverage losses. The bottom line is, make sure that your documentation matches your Promise or your extension of coverage will likely be truly 100% self insured. Likewise employers and other plan sponsors in the plan administrators of these plans are reminded that the law generally requires that they provide written notice of the changes to plan members in a timely fashion. Having plan administration services and other vendors on board also is important to ensure that the claims are appropriately and timely processed to avoid violation of plan terms and other rules.

In the meantime, the widespread lack of understanding among plan members about the distinction between insured and self-insured plans coupled with the breadth of the unqualified announcement by the White House is likely to fuel confusion by covered individuals and their providers.  Not only will covered persons and providers need to know whether the program is insured or self-insured, they also will need to confirm how each of these programs implements the expanded coverage.

IRS Guidance Clears Way For High Deductible Health Plans To Raise Deductibles

Employers and health plans wishing to waive deductibles for coronavirus testing will not have to worry that waiving the deductible will violate IRS high deductible health plan (“HDHP”) rules, however.  Earlier today, the IRS provided relief allowing high deductible health plans to pay these expenses without disqualifying their programs for high deductible health plan treatment under the Code in Notice 2020-15. The Notice provides that, until further guidance is issued, a health plan that otherwise satisfies the requirements to be a HDHP under Code section 223(c)(2)(A) will not fail to be an HDHP under section 223(c)(2)(A) merely because the health plan provides health benefits associated with testing for and treatment of COVID-19 without a deductible, or with a deductible below the minimum deductible (self only or family) for an HDHP.  Also due to this guidance, an individual covered by the HDHP will not be disqualified from being an eligible individual under section 223(c)(1) who may make tax-favored contributions to a health savings account (HSA).

Business & Other Disruptions Response

Government, healthcare and other leaders are urging businesses and individuals to limit contact and care to guard against the virus because of its strength and ability to spread quickly. The U.S.’s top infectious-disease specialist told lawmakers the pathogen “is 10 times more deadly than the seasonal flu.”

Accordingly, health and government officials are urging all segments of society to take precautions. CDC, for instance has published the resources to help businesses, schools and others keep their people and locations safe here.

Unfortunately the strategy for ending the pandemic brings its own draconian side effects. Along with dealing with the threat of the disease itself, the efforts to manage the disease outbreak, many businesses also are forced to deal with demand losses, supply and business interruptions, staffing shortages, unanticipated expenses and a wide range of other operational and financial disruptions that are side effects of the outbreak and its management.

The outbreak has and continues to prompt the cancellation of a plethora of business, trade, government, school, and sports and entertainment events.  Notable for its involvement in heath care and related insurance matters, the National Association of Insurance Commissioners (“NAIC”) is one of a growing number of event sponsors that are allowing workers to work from home, are cancelling or banning participation in   live meetings and other events and/or are converting from live to virtual formats in response to the outbreak.   Trade and business associations, entertainment and sports and otehr venures also are impacted.  For instance, the NAIC announced its decision to move its meetings to a purely virtual format today.  According to the announcement, the National Spring Meeting that had been scheduled to take place in Phoenix next week is cancelled.  Instead, the NAIC announced the following tentative schedule:

A revised schedule with dates, times and call-in numbers will be available on Naic.org next week. 

Concerning the reasons for its decision, the NAIC explained:

Recently, the number of confirmed cases of COVID-19 has exceeded 100,000 worldwide, including over 1000 confirmed U.S. cases in 36 jurisdictions. Given rapidly changing information and out of an abundance of caution for the safety of our members, guests and staff, the NAIC officers, in consultation with NAIC members, have decided to hold the Spring National Meeting in a virtual-only format. 

The NAIC is only one of a multitude of events cancelled or converted to a virtual format in the wake of fears of the coronavirus outbreak as US officials try to stem the spread of the virus.  See e.g., Coronavirus updates in Texas: Community spread, school cancellations and more; Colleges and Universities Cancel Classes and Move Online Amid Coronavirus Fears; Coronavirus and sports: Seattle Mariners will move their home games, Golden State Warriors will play without fans and CBI is canceled.  

Along with limiting contact, for instance, many businesses and organizations are “deep cleaning” their facilities to address potential virus contamination. Some biological experts point out however that this deep cleaning involves substantial expenditures which do little to guard against new exposures brought by others coming into a business, school or other workplace. Some biological contamination experts suggest that organizations should consider investing in resources specified ultraviolet lights or other tools that could help control exposures on a longer-term and more recurrent basis. Experts emphasize that remediation and prevention efforts need to recognize that exposures are likely to occur recurrently over a period of time across the life of this and future virus outbreaks.

The financial consequences of staffing or supply shortages, declines in product or services demands, event cancellations, cleaning and other costs and a host of other side effects present such a widespread risk to many businesses that many are facing layoffs or even bankruptcy or other restrucuring.  While President Trump and other federal and state leaders are promising employment tax holidays and other relief to try to mitigate some of these financial effects, businesses impacted by these disruptions should begin assessing and planning to execute options to mitigate losses and manage these risks as soon as possible to maximize their potential ability to take advantage of options to restructure debt or contractual obligations, adjust workforce staffing, and make other adjustments successfully to weather the pandemic storm and fallout.  When considering these options, businesses will want to understand the relative complete costs of reductions in hours, furloughs, contractual adjustments and other options to make and execute their choices as well as possible.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.  

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.  

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally with business, government and community leaders to prepare for and deal with pandemic and other health and safety, financial, workforce and other organizational crisis, change and workforce, employee benefit, health care and other operations planning, preparedness and response for more than 30 years.  As a part of this work, she regularly advises businesses and government leaders on an an  demand and ongoing basis about preparation of workforce, health care and other business and government policies and practices to deal with management in a wide range of contexts ranging from day to day operations, through times of change and in response to operational, health care, natural disaster, economic and other crisis and change.

Author of “Privacy and the Pandemic Workshop” for the Association of State and Territorial Health Plans, “How to Conduct A Reduction In Force,” and a multitude of other highly regarded publications and presentations on workforce, compliance, health care and health benefits, pandemic and other health crisis, workers’ compensation and occupational disease, business disaster and distress and many other topics, Ms. Stamer has worked with employers, insurers, health industry organizations and providers and domestic and international community and government leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension privaitization project, Ms. Stamer also has worked internationally as an advisor to business, community and government leaders on crisis preparedness and response, workforce, health care and other reform, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.

Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.  

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as: 

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.


Health Plans, Providers & PBM Face Pressure To Prepare For Health Transparency As Trump Transparency Reforms March Foward

March 2, 2020

Today (March 2, 2020) is the deadline for employers and other health benefit program sponsors, insurers, plan administrators and fiduciaries, health care providers, PBMs and other interested persons to comment on proposed federal rule change that would require insured health plans to count drug rebates and price concessions retained by pharmacy benefit managers (PBMs) as administrative expenses for purposes of determining if the issuing insurer is required to rebate premiums under the medical loss ratio (MLR) rules of the Patient Protection & Affordable Care Act (“ACA”).  With the comment period on the package of health care transparency regulations published by the Trump Administration to implement the transparency reform it hopes will fuel better quality and cost effectiveness in the U.S. health care system, health plan sponsors, fiduciaries, administrators, insurers, heath care providers, PBMs, and other participants in the system need to start preparing to deal with their own responsibilities under the new rules, and to help plan members, patients and their caregivers, and other consumers to understand and use the new information the rules will make available.

2/06/20 Proposed Rule Pressures Insurers To Require PBMs To Disclose & Pass Through Manufacturer Rebates

Issued as part of the proposed “Patient Protection and Affordable Care Act; HHS Notice of Benefit and Payment Parameters for 2021; Notice Requirement for Non-Federal Governmental Plans Proposed Rule” (“2/6/20 Proposed Rule”) published by the Department of Health & Human Services (“HHS”)  on February 6. 2020, the as part of a series of Trump Administration health care reform initiatives seeking to use competition and transparency to improve health care quality, choice and affordability, in furtherance of the Trump Administration “health plan transparency” initiative HHS predicts this change included in the  could generate $18.2 million more per year in the MLR rebate payments to consumers covered under insure health plans subject to the MLR and other insurance market reform provisions of the ACA. See also Remarks by President Trump on Honesty and Transparency in Healthcare Prices (November 15, 2019).  For a more detailed summary of the 2/06/20 Proposed Rule, see here.Most health plans contract with PBMs to decide the prescription drug formularies, copays, and other coverage design for their health plans, to administer their pharmacy benefits and to negotiate discounts and rebates from drug manufacturers in exchange for placing their drugs on a health plan’s formulary. PBMs are supposed to work on behalf of health plans to secure drug rebates, refunds, discounts, coupons, and direct or indirect remuneration, among other discounts. Health plans compensate PBMs in a variety of ways, including:

  • Paying administrative fees;
  • Allowing a PBM to retain the difference between the amount a PBM charges the health plan for a drug and the amount a PBM pays the pharmacy (called “spread pricing”); or
  • Allowing a PBM to retain all or a portion of any negotiated discounts from manufacturers, including rebates.

Currently, insured plans covered by the MLR rule as well as the PBM arrangements of many self-insured, employer or union sponsored health plans, do not require PBMs to disclose, account for, or pass through to the health plan they are engaged by the prescription drug rebates and certain other amounts that PBMs receive and retain from prescription drug manufacturers that the PBM selects for inclusion on the health plan formulary.

The current federal ACA MLR rule requires insured health plans subject to the MLR rule to deduct from their prescription drug claims both rebates they receive from manufacturers and any payments the PBM retains from the spread, but does not address situations in which the PBM retains rebates or other price concessions negotiated on behalf of the plans.  Consequently, the MLR reporting or calculation of insurers typically does not reflect any rebates PBMs retain that are not passed through to the insurer even though the PBM is supposed to be working on behalf of the health plan.

In recent years, these arrangements have come under widespread criticism as creating conflicts of interests that compromise the loyalty of the PBM to act in the best interest of its health plan clients and their plan members because when PBMs don’t report and pass through all pricing concessions negotiated by PBMs, health plans and health plan members don’t receive the benefit of those price discounts and the decisions that the PBM makes in choosing the highest quality and most cost effective medications for the formulary may lead the PBM to choose and price drugs on the plan formulary to maximize the PBM’s profits rather than the best interests of the plan and its members.

The 2/06/20 Proposed Rule would classify the portion of premium revenue that an insured health plan subject to the MLR rule expends on pharmacy costs as the actual reimbursement to pharmacies – minus any rebates or price concessions from manufacturers – no matter if the plan or its contracted PBM receives the price concession.  Requiring health insurers covered by the MLR rule to include rebates retained by their PBMs an administrative expense would make it difficult for most health insurers to keep all administrative expenses within 15 or 20 percent the MLR rules.  Since health insurers whose administrative expenses exceed the MLS ratio must rebate premiums under the ACA, HHS anticipates that finalizing the 2/06/20 Proposed Rule as proposed would prompt insured health plans covered by the MLR rule that use PBMs to administer pharmacy benefits to change the compensation provisions of their PBM contracts to eliminate or restructure those payments.

Since self-insured health plans generally are not subject to the ACA MLR rule, however, those plans generally need to pursue contracting or other strategies to address this concern.  Increasingly, many self-insured health plan sponsors, fiduciaries and administrators already are changing their PBM contracting and selection strategies to require disclosure and pass through of rebate and other compensation received by PBMs from manufacturers such as including administrative-fee-only compensation and a guarantee of 100 percent pass-through of rebates and manufacturer-derived revenue from the PBM to the health plan in their PBM contracts.

With the official comment deadline set to expire on March 2, 2020, employer and other insured and self-insured health plan sponsors of health plans using PBMs, fiduciaries and advisors should turn their attention to evaluating the likely implications of the 02/06/20 Proposed Rule on their health plan arrangements as well as  more generally evaluating their pharmacy benefit designs, PBM contracts and compensation arrangements, and associated arrangements and practices for potential conflicts of interest, hidden cost savings and other opportunities for improvement. As part of this efforts, employer sponsors, plan fiduciaries, administrators, and vendors of self-insured plans should keep in mind that the fiduciary responsibility rules of the Employee Retirement Income Security Act generally require plan fiduciaries to prudently evaluate compensation and other arrangements with plan vendors as well as to take action to identify and protect the plan against breaches of loyalty by plan vendors or fiduciaries from conflicts of interests or prohibited transactions.  Plan administrators also should conduct due diligence to confirm that PBM and other vendors properly including all compensation for purposes of Form 5500 and other reporting.  Along with assisting their health plan clients with these activities, brokers, consultants, TPAs, and other plan vendors also should evaluate the potential implications of the reforms in the 02/06/20 Proposed Rule as well as any relevant state law reforms on the advice and services they provide to their clients, as well as their potential responsibilities and exposures in light of the evolving state health and PBM transparency rules.

Other Health Plan Transparency Reforms

The 2/06/20 Proposed Rule is one in a series of federal health rule changes the Trump Administration is pursuing as part of its initiative seeking to use health care transparency to improve the price, quality and choice in the U.S. health care system.  In addition to the changes proposed in the 2/06/20 Proposed Rule,  in response to President Trump’s  July 24, 2020 Executive Order on Improving Price and Quality Transparency in American Healthcare to Put Patients First, HHS on November 14, 2019 also undertook two other regulatory actions intended to increase price transparency to empower patients and increase competition among all hospitals, group health plans and health insurance issuers in the individual and group markets:

Both the final and proposed rules require that pricing information be made publicly available.

  • Proposed Coverage Transparency Rule

The Proposed Coverage Transparency Rule would require most employer-based group health plans and health insurance issuers offering group and individual coverage to disclose price and cost-sharing information to participants, beneficiaries, and enrollees up front. With this information, patients will have accurate estimates of any out-of-pocket costs they must pay to meet their plan’s deductible, co-pay, or co-insurance requirements.  This will make previously unavailable price information accessible to patients and other stakeholders in a standardized way, allowing for easy comparisons.

If finalized, the Proposed Transparency in Coverage Rule will require non-grandfathered health plans and health insurance issuers to make certain health care price information more accessible to consumers and other stakeholders by requiring each non-grandfathered group health plan[2] or health insurance issuer offering non-grandfathered health insurance coverage in the individual and group markets to make available:

  • To participants, beneficiaries and enrollees (or their authorized representative) personalized out-of-pocket cost information for all covered health care items and services through an internet-based self-service tool and in paper form upon request. For the first time, most consumers would be able to get estimates of their cost-sharing liability for health care for different providers, allowing them to both understand how costs for covered health care items and services are determined by their plan, and shop and compare costs for health care before receiving care; and
  • To the public, including stakeholders such as consumers, researchers, employers, and third-party developers the in-network negotiated rates with their network providers and historical payments of  allowed amounts to out-of-network providers through standardized, regularly updated machine-readable files.

The Trump Administration believes these changes will provide opportunities for innovation to drive price comparison and consumerism in the health care market. In addition, the Transparency In Coverage Rule also proposes to allow issuers that empower and incentivize consumers through the introduction of plans that include provisions that encourage consumers to shop for services from lower-cost, higher-value providers, and that share the resulting savings with consumers, to take credit for such “shared savings” payments in their medical loss ratio (MLR) calculations. HHS says it made this proposal to ensure, should the proposal be finalized as proposed, that issuers would not be required to pay MLR rebates based on a plan design that would provide a benefit to consumers that is not currently captured in any existing MLR revenue or expense category.  HHS believes this proposal would preserve the statutorily-required value that consumers receive for coverage under the MLR program, while encouraging issuers to offer new or different value-based plan designs that support competition and consumer engagement in health care.  See also Transparency in Coverage Proposed Rule (CMS-9915-P) Fact Sheet.   The official comment period on the Proposed Transparency in Coverage Rule has not expired.  In January, HHS extended the comment period on the Transparency in Coverage Rule from January 14, 2020 to January 29, 2020.

  • Final Hospital Transparency Rule

Concurrent with its release of the Proposed Coverage Transparency Rule, HHS also finalized the Hospital Transparency Rule that will require hospitals to provide patients with clear, accessible information about their “standard charges” for the items and services they provide in two ways beginning in 2021:

  • Comprehensive Machine-Readable File: Hospitals will be required to make public all hospital standard charges (including the gross charges, payer-specific negotiated charges, the amount the hospital is willing to accept in cash from a patient, and the minimum and maximum negotiated charges) for all items and services on the Internet in a single data file that can be read by other computer systems. The file must include additional information such as common billing or accounting codes used by the hospital (such as Healthcare Common Procedure Coding System (HCPCS) codes) and a description of the item or service to provide common elements for consumers to compare standard charges from hospital to hospital.
  • Display of Shoppable Services in a Consumer-Friendly Manner: Hospitals will be required to make public payer-specific negotiated charges, the amount the hospital is willing to accept in cash from a patient for an item or service, and the minimum and maximum negotiated charges for 300 common shoppable services in a manner that is consumer-friendly and update the information at least annually.
  • Shoppable services are services that can be scheduled by a healthcare consumer in advance such as x-rays, outpatient visits, imaging and laboratory tests or bundled services like a cesarean delivery, including pre- and post-delivery care.
  • The requirements for the consumer-friendly file are that the information must be made public in a prominent location online that is easily accessible, without barriers, and it must also be searchable. Item and service descriptions must be in ‘plain language’ and the shoppable service charges must be displayed and grouped with charges for any ancillary services the hospital customarily provides with the primary shoppable service.

In order to ensure that hospitals comply with the requirements, the Hospital Transparency Rule also provides CMS with new enforcement tools including monitoring, auditing, corrective action plans, and the ability to impose civil monetary penalties of $300 per day. In response to public comments, CMS is finalizing that the effective date of the final rule will be January 1, 2021 to ensure that hospitals have the time to be compliant with these policies.  See also

Calendar Year (CY) 2020 Outpatient Prospective Payment System (OPPS) & Ambulatory Surgical Center (ASC) Price Transparency Requirements for Hospitals to Make Standard Charges Public final rule (CMS-1717-F2) Fact Sheet.

Start Preparing For New Transparency Requirements, Effects & Opportunities

With the comment periods on the Proposed Transparency in Coverage Rule already past and the deadline for comment on the 2/6/20 Proposed Rule set to expire today, employer and other health benefit plan sponsors, insurers, fiduciaries, administrators, heath care providers, insurers, plan members and other stakeholders should turn their attention to evaluating the potential opportunities, burdens, and impacts of these transparency reforms.

More Information

We hope this update is helpful. For more information about the  or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

The author of this update, Cynthia Marcotte Stamer, will speak about these and other health care cost and transparency reforms as a panelist on the program on Impact of Governmental Policy on Pricing and Access to Prescription Medical Products in the US and International Marketplace scheduled to take place at the American Bar Association International Section Annual Meeting in New York City on April 23, 2020.

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications including more than 30 years’ leading edge work on PBM and other insured and self-insured contracting and related matters.  .

Author of numerous highly regarded works on PBM and other health plan contracting and design,  Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems and other health care providers, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of publications on “Transparent PBM Contracting,” “ACOs, Direct Contracting: Legal & Practical Challenges For Employers, Providers & TPAs,” “The Medicare Advantage Contracting Manual,” “Third Party Administrator (TPA) Contracting Principles and Strategies and a multitude of other highly regarded publications and presentations,  Stamer is widely recognized for her thought leadership on PBM and other managed care and health plan contracting and design, and a multitude of other health care, health plan and other health industry matters.  In addition, Ms. Stamer contributes her time and leadership to numerous policy, professional, civil and other organizations including service as the, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at the particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone of any  fact or law specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

 


Proposed HHS Rule Making PBM Expenses Part of MLS Administrative Expense, Other Changes To ACA Helath Plan Rules Comment Deadline 5 P.M. Today

March 2, 2020

Today (March 2, 2020) is the last day to submit comments on Department of Health and Human Services (“HHS”) “Patient Protection and Affordable Care Act; HHS Notice of Benefit and Payment Parameters for 2021; Notice Requirement for Non-Federal Governmental Plans Proposed Rule” (“Proposed Rule”) published by HHS on February 6. 2020. 

Among other things, the Proposed Rule, if adopted as proposed, would:

  • Repeal regulations relating to the Early Retiree Reinsurance Program;
  • Require health plans in state insurance markets to count drug rebates and price concessions retained by pharmacy benefit managers (PBMs) as administrative expenses. HHS predicts this change could generate $18.2 million more per year in medical loss ratio (MLR) rebate payments to consumers;.
  • Establish payment parameters and provisions related to the risk adjustment and risk adjustment data validation programs; cost-sharing parameters and cost-sharing reductions; and user fees for federally-facilitated Exchanges and State-based Exchanges on the Federal platform;
  • Modify requirements for “essential health benefits” to allow states greater flexibility and add an annual state reporting of state-required benefits that are in addition to essential health benefits (EHB) for which states are required to defray the costs;
  • Amend rules to give states with additional flexibility in the operation and establishment of Exchanges concerning cost-sharing for prescription drugs; excepted benefit health reimbursement arrangements offered by non-Federal governmental plan sponsors; the medical loss ratio program; Exchange eligibility and enrollment; exemptions from the requirement to maintain coverage; quality rating information display standards for Exchanges; and other related topics.

For a more detailed summary of the Proposed Rule, see here.

Employer and other health benefit plan sponsors, insurers, fiduciaries, administrators, heath care providers and other stakeholders desiring to comment on the Proposed Rule must submit their comments electronically no later than 5 p.m. Eastern today (March 2, 2020) by following the submit comments instructions here.

More Information

We hope this update is helpful. For more information about the this or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone of any  fact or law specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


Revise Health Plan HIPAA Records Access Rules & Procedures To Use Newly Flexibility On Charging, Responding To Third Party PHI Requests

January 28, 2020

Health plans and their health plan records providers and other business associates should review and update their existing policies and practices concerning providing and charging individuals for access to protected health information in response to modifications in the Department of Health & Human Service (“HHS”) Office of Civil Rights (“OCR”) rules implementing the Health Insurance Portability & Accountability Act (“HIPAA”) requirements regarding patient’s rights to access their protected health information (“PHI”) from health plans, health care providers, health care clearinghouses (“”Covered Entities”) and their business associates (“HIPAA entities”) to comply with a January 23, 2020 court order (the “Coix Order”) in Coix Health, LLC v. Azar, et al, No 18 –CV-0040 (D>D.C. January 23, 2020).  Utilizing the flexibility resulting from the Coix Order could help reduce health plan costs of compliance with the HIPAA right of access rule by allowing the health plan and its records providers more freedom to determine the charges and format for delivering PHI in response to records requests received from other insurers, lawyers and other third parties.

Coix Order  Invalidates Pieces of OCR HIPAA Rules On PHI Record  Rules

The new flexibility is the result of the Coix Order entered by a Federal District Court in response to a lawsuit brought by Coix Health, LLC (“”Coix”).  Coix brought the lawsuit challenging the “Patient Rate” restrictions on the amounts that HIPAA entities can charge for providing records containing PHI the “third party directive” requirements in the rules implementing HIPAA’s right of access requirements under 45 C.F.R. §164.524 as adopted by OCR as part of its final rule entitled “Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act, and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules.”  (The “2013 Omnibus Rule”) on January 25, 2013.   In particular, the 2013 Omnibus Rule includes a “Patient Rate” rule that limits the charges that Covered Entities can make for delivering PHI requested by patients and third parties to prevent patient access to PHI from being thwarted by excessive fees.  As part of the Patient Rate rule, OCR restricted what Covered Entities and their records providers can charge to provide copies of protected health information.  The Patient Rate rule restricts charges that can be imposed to provide protected health information, restricts the methods for calculating these charges and limits the type and amount of labor costs that can be included when calculating the Patient Rate. The Patient Rate rule in the 201 Omnibus Rule also requires that Covered Entities and their records companies provide the requested PHI directly to the patient or to a third party designed by the patient and in the format requested by the patient regardless of the format in which the Covered Entity or its medical provider maintains the PHI within its record.

When originally implemented, the medical records industry generally understood that the Patient Rate limitations applied only to requests for PHI made by the patient for use by the patient.  Before 2016, however, Covered Entities and their medical records providers generally understood that this Patient Rate rule did not apply to or limit fees that Covered Entities or their medical records providers could charge commercial entities or other third parties like insurance companies and law firms to fill requests for PHI.  That understanding changed, in 2016, however, when HHS issued guidance that stated that the Patient Rate applies even to requests to deliver PHI to third parties.

A specialized medical-records provider that contracts with healthcare suppliers nationwide to maintain, retrieve, and produce individuals’ PHI, Cox handles tens of millions of requests for records containing PHI annually including demands by healthcare providers for treatment purposes, patients asking for their own PHI, and third parties, such as life insurance companies and law firms, seeking a patient’s PHI for commercial or legal reasons.  According to Cox, OCR’s interpretation of the Patient Rate rule as applicable to third party requests as well as direct patient requests cost it and other medical records companies millions of dollars in revenue. Accordingly, Coix filed the Coix Health, LLC v. Azar, et al lawsuit challenging OCR’s 2016 application of the Patient Rate to third party requests as violating the procedural and substantive protections of the Administrative Procedure Act (“APA”). In addition to this challenge to the scope of the Patient Rate, Coix also contested OCR pronouncements in the 2016 guidance document on (1) the types of labor costs that are recoverable under the Patient Rate; and (2) the three alternative methods identified for calculating the Patient Rate as violating the APA’s procedural and substantive provisions. Finally, Coix also challenged the requirement in the Patient Rate rule that records companies to send PHI to third parties regardless of the format in which the PHI is contained and in the format specified by the patient. According to Coix, Congress required only that certain types of electronic health records be delivered to third parties, not all records regardless of their format, as HHS’s regulations now command.

In its January 23, 2020 ruling on HHS’s motion to dismiss and the parties’ cross-motions for summary judgment, the D.C. District Court agreed with OCR that OCR’s rule requiring the use of one of three methods for calculating the Patient Rate was unreviewable as a final agency action and dismissed Coix’ challenge to that requirement. Concerning Coax’s other challenges, the Court sided with Coix.  It ruled that:

  • OCR’s 2013 rule compelling delivery of PHI to third parties regardless of the records’ format is arbitrary and capricious insofar as it goes beyond the statutory requirements set by Congress;
  • OCR’s broadening of the Patient 3 Rate in 2016 is a legislative rule that the agency failed to subject to notice and comment in violation of the APA; and
  • OCR’s 2016 explanation concerning what labor costs can be recovered under the Patient Rate is an interpretative rule that OCR was not required to subject to notice and comment.

Accordingly, District Court in the Coix Order declares unlawful and vacates (1) the 2016 Patient Rate expansion and (2) the 2013 mandate broadening PHI delivery to third parties regardless of format within the individual right of access” set forth in the provisions of 45 C.F.R. §164.524 of the 2013 Omnibus Rule insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to protected health information of an individual in an electronic format.” Additionally, the federal court ordered that the fee limitation set forth at 45 C.F.R. § 164.524(c)(4) only apply to an individual’s request for access to their own records, and does not apply to an individual’s request to transmit records to a third party.

As a result of the Coix Order, Covered Entities and their medical records providers still must calculate the Patient Rate in accordance with one of the three allowed methodologies when providing a patient with records containing PHI in response to a patient request.  However, Covered Entities and their medical records provider now may exercise greater flexibility when determining the format and charges when responding to requests from third parties other than the patient for records containing PHI.  Before doing so, however, most Covered Entities and business associates will want to update their HIPAA policies and procedures to reflect the new practices consistent with the new HIPAA and other relevant requirements.  Updating the policies first is important because the 2013 Omnibus Rule states Covered Entities violate HIPAA by failing to follow their own HIPAA privacy and security policies when those practices are more restrictive than those mandated by OCR’s 2013 Omnibus Rule.  Consequently however, Covered Entities and their medical records companies desiring to exercise this newly available flexibility should revise their existing policies and procedures to authorize their exercise of this new flexibility consistent with the Coix Order and associated OCR guidance.

OCR Plans To Comply With Coix Order In Applying Patient Record Rule

In an “Important Notice Regarding Individuals’ Right of Access to Health Records” released January 28, 2020, OCR announced that that it will comply with the Coix Order vacating the “third-party directive” within the individual right of access “insofar as it expands the HITECH Act’s third-party directive beyond requests for a copy of an electronic health record with respect to [protected health information] of an individual  . . . in an electronic format.” Additionally, OCR stated that the fee limitation set forth at 45 C.F.R. § 164.524(c)(4) will apply only to an individual’s request for access to their own records, and not apply to an individual’s request to transmit records to a third party.   However, OCR also added that the right of individuals to access their own records and the fee limitations that apply when exercising this right are undisturbed and remain in effect.  OCR will continue to enforce the right of access provisions in 45 C.F.R. § 164.524 that are not restricted by the court order.

More Information

We hope this update is helpful. For more information about the Coix Order or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone of any  fact or law specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2020 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


2019 OCR Enforcement Shows Getting Defensibly HIPAA Compliant Necessary In 2020!

January 1, 2020

The $65,000 payment and corrective action plan commitments West Georgia Ambulance, Inc. (“West Georgia”) is making to settle Department of Health & Human Services Office for Civil Rights (“OCR”) charges it recurrently violated the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule and other 2019 HIPAA enforcement sends a clear warning to other HIPAA-covered health plans, health care providers, health care clearighouses and their business associates (“covered entities”) to maintain and be prepared to defend their own HIPAA compliance.

The Western Georgia Resolution Agreement and Corrective Action Plan (“Resolution Agreement”) OCR announced on December 30, 2019 resolves charges resulting from an OCR investigation initiated in response to a HIPAA breach report the Georgia based ambulance company filed in 2013 in which the company, which provides emergency and non-emergency ambulance services in Carroll County, Georgia,  disclosed the loss of an unencrypted laptop containing the protected health information (PHI) of 500 individuals. The breach occurred when an unencrypted laptop fell off the back bumper of an ambulance. The laptop was not recovered.  West Georgia reported that exactly 500 individuals were affected by the breach.

In the course of its investigation of the breach report, OCR’s investigation uncovered long-standing noncompliance with the HIPAA Rules, including failures to conduct a risk analysis, provide a security awareness and training program, and implement HIPAA Security Rule policies and procedures. Specifically, the Resolution Agreement states that West Georgia:

  • Did not conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI. See 45 C.F.R. § 164.308(a)(1)(ii)(A);
  • Failed to have a HIPAA security training program, and failed to provide security training to its employees. See 45 C.F.R. § 164.308(a)(5);
  • Failed to implement Security Rule policies or procedures. See 45 C.F.R. § 164.316; and
  • Despite OCR’s investigation and technical assistance, “did not take meaningful steps to address their systemic failures.”

To resolve its exposure to the substantially higher civil monetary penalties that OCR could impose for violations of this nature, West Georgia agreed to pay a $65,000 resolution payment to OCR and implement and comply with a corrective action plan that in addition to requiring West Georgia to correct the compliance deficiencies, also subjects West Georgia to two years of OCR monitoring and oversight.

The Resolution Agreement and corrective action plan carry a number of important messages for other health care providers and other Covered Entities.  First, the OCR enforcement action against West Georgia coming at the end of yet another heavy HIPAA enforcement year by OCR reminds Covered Entities that OCR is serious about HIPAA enforcement on the heels of its 2018 HIPAA record setting collection of $28.7 million in civil monetary penalties and resolution payments including the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc. See OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement.  While not topping this record, OCR during 2019 now has collected civil monetary penalties and resolution payments totaling more than $15 million from HIPAA Covered Entities and their business associates including:

Second, the Resolution Agreement and various other smaller settlements during the year show HIPAA compliance and enforcement is a concern for smaller provideres and other covered entities, not juswt the huge ones.  While the $65,000 settlement payment required by the Resolution Agreement is substantially smaller than the amounts of the civil monetary penalties and many of resolution payments OCR collected in its other 2019 enforcement actions, the West Georgia and other 2019 enforcement actions demonstrate the teeth behind the warning in the OCR Press Release announcing the West Georgia Resolution Agreement from OCR Director Roger Severino that“All providers, large and small, need to take their HIPAA obligations seriously.”  With OCR promises to keep up its vigorous investigation and enforcement of the HIPAA requirements, every Covered Entity and business associate should take the necessary steps to verify and maintain their HIPAA compliance and to be prepared to defend their compliance under the Privacy, Security, Breach Notification and HIPAA access and other individual rights mandates of HIPAA.

Third, OCR’s statement in the Resolution Agreement about the failure by West Georgia to meaningfully act to correct compliance deficiencies and cooperate in other corrective action during the period following the breach report highlights the importance for covered entities involved in a breach or other dealings with OCR on a potential compliance concern to behave appropriately to  express and exhibit the necessary concern OCR expects regarding the compliance issue to position themselves to request and receive the clemency OCR is empowered under HIPAA to extend when deciding the sanctions for any noncompliance.

Of course meeting the requirements of HIPAA is not the only concern that covered entities should consider as they review and tightened their HIPAA and other privacy and data security procedures.  Health care providers and other covered entities also should keep in mind their other obligations to protect patient and other confidential information under other federal laws, the requirements of which also are ever-evolving.  For instance, on January 1, 2020 Texas providers like other Texas businesses will become subject to a shortened deadline for providing notice of data breaches under a new law enacted by the Texas Legislature in its last session.  Arrangements should be designed to fulfill all of these requirements as well as any ethical or contractual.

Covered entities also should keep in mind that violations of HIPAA can have implications well beyond HIPAA.ramifications beyond HIPAA itself.  For instance, heath care providers can face disqualification from federal program participation, licensing and ethics discipline and other professional consequences.  Health plans and their fiduciaries also may face Department of Labor and other fiduciary claims, while insurers can face licensing and other regulatory consequences. The Labor Department followed up on previous warnings that health plan fiduciaries duties include a fiduciary duty to protect health plan data by adding HIPAA compliance to certain health plan audits. Insurers, third of art administrators and others also can face duties and liabilities under state insurance and data privacy laws from regulator or private litigant actions.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with the Department of Health & Human Services Office of Civil Rights, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer has extensive legal, operational, and public policy experience advising and representing health care, health care and other entities about HIPAA and other privacy, data security, confidentiality and other matters.

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services, public and private primary, secondary, and other educational institutions, and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has recurrently worked extensively with public school districts and public and private primary and secondary schools, colleges and universities, academic medical, and other educational institutions, insured and self-insured health plans; domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, employers; and federal and state legislative, regulatory, investigatory and enforcement bodies and agencies on health care, education, and other data privacy, security, use, protection and disclosure; disability and other educational rights; workforce, and a host of other risk management and compliance concerns.

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


DOJ Omnicare/CVS Suit Highlights Potential Pharmacy Benefit Claims Abuse Exposure For Health Plans, Member Safety Risk

December 18, 2019

A civil health care fraud lawsuit filed by the Department of Justice (“DOJ”) in the U.S. District Court for the Southern District of New York today (December 17, 2019) against the nation’s largest long term care pharmacy provider, Omnicare, and its parent, CVS Healthcare Corporation may signal the advisability for insurers, fiduciaries, administrators and sponsors of insured and self-insured health and other benefit plans providing pharmacy benefits to tighten claims and audit past claims payments for prescription drug claims submitted by Omnicare and other CVS pharmacy providers as well as other pharmacy claims to the pharmacy possessed a valid, current prescription to dispense the drug.

Omnicare Complaint Highlights Potential Prescription Drug Fraud By Billing For Filling Expired Prescriptions

In its U.S. ex rel Bassan complaint in intervention (Omnicare and CVS) complaint DOJ joined by 29 states and the District of Colombia filed suit against Omnicare, and its parent company, CVS Healthcare Corporation for damages and civil penalties under the False Claims Act for fraudulently billing federal healthcare programs for hundreds of thousands of non-controlled prescription drugs that DOJ claims Omnicare illegally dispensed to elderly and disabled individuals in assisted living facilities, group homes, independent living communities, and other non-skilled residential long-term care facilities (“LTC facilities”) without a valid, current prescription..  The States of California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Indiana, Iowa, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nevada, New Jersey, New Mexico, New York, North Carolina, Oklahoma, Rhode Island, Tennessee, Texas, Vermont, Virginia, Washington, Wisconsin, and the District Of Columbia are joining the DOJ in the complaint as co-plaintiffs.

Omnicare is the country’s largest provider of pharmacy services to LTC facilities.  It currently operates approximately 160 pharmacies in 47 states across the United States, which dispense tens of millions of prescription drugs to LTC facilities that serve elderly and disabled individuals.  CVS acquired Omnicare in May 2015, and shortly thereafter assumed an active role in overseeing Omnicare’s operations, including pharmacy dispensing practices and systems.

The DOJ complaint in the Federal District Court in Manhattan, New York charges that Omnicare illegally dispensed and billed the federal government and patients for antipsychotics, anticonvulsants, and antidepressants Omnicare dispensed to elderly and disabled residents in LTC facilities without proper prescriptions.   According to the DOJ complaint from 2010 until 2018, Omnicare and CVS allowed Omnicare pharmacies to dispense non-controlled prescription drugs to tens of thousands of elderly and disabled individuals living in LTC facilities based on prescriptions that had expired, were out of refills, or were otherwise invalid.  Omnicare repeatedly disregarded prescription refill limitations and expiration dates that required doctor visits to reevaluate whether the drug should be renewed.  Instead of requesting new prescriptions when old ones expired, Omnicare allowed prescriptions to “roll over.”  At Omnicare, “rolling over” a prescription meant that when a prescription expired, Omnicare’s computer systems would assign the old prescription a new number and the pharmacy would continue to dispense the drug indefinitely without the need for a prescription renewal.  Depending on the computer system used, DOJ claims Omnicare also sometimes assigned a fake number of authorized refills to a prescription – usually 99 allowable refills for Medicare patients – to allow for continuous refilling.  DOJ claims that Omnicare pharmacies “rolled over” prescriptions for elderly and disabled individuals living in more than 3,000 residential long-term care facilities, including assisted living facilities operated by the largest long-term care providers in the country, such as Brookdale Senior Living, Atria Senior Living, Sunrise Senior Living Services, and Five Star Senior Living. DOJ charges that Omnicare used these practices to refill prescriptions for patients after the required prescription for refill expired for months, and sometimes years, after the prescriptions expired.   The complaint alleged that Omnicare internally referred to these renumbered expired prescriptions as “rollover” prescriptions.

Many of the prescription drugs dispensed by Omnicare without valid prescriptions treat serious, chronic conditions, such as dementia, depression, and heart disease.  They include antipsychotics, anticonvulsants, cardiovascular medications, anti-depressants, and other drugs that can have dangerous side effects and need to be closely monitored by doctors, particularly when taken in combination with other drugs by elderly patients.

DOJ says these Omnicare practices of illegally dispensing drugs to elderly and disabled individuals living in LTC facilities exposed these vulnerable individuals to a significant risk of harm.  In contrast to traditional skilled nursing homes, where residents have access to 24-hour medical care supervised by doctors, assisted living and other non-skilled residential facilities offer more limited medical care, or none at all.  In particular, these LTC facilities generally do not have doctors on staff to oversee and monitor residents’ drug therapy.  By repeatedly dispensing potent drugs without current and valid prescriptions, Omnicare jeopardized the health and safety of tens of thousands of individuals who continued to take the same drugs for months, and sometimes years, without consulting their doctors to determine whether the medications were still clinically appropriate.

A large percentage of the long-term care residents served by Omnicare are beneficiaries of federal healthcare programs. The complaint charges that along with illegally filling the expired prescriptions, Omnicare knowingly transmitted false information to these federal healthcare programs that made it appear that drug dispensations were supported by current, valid prescriptions from physicians when in fact they were not.   By dispensing drugs without valid prescriptions, Omnicare presented, or caused to be presented, hundreds of thousands of false claims to Medicare, Medicaid, and TRICARE that were ineligible for payment in violation of the False Claims Act.  In fact, the complaint charges that Omnicare managers exerted pressure on overwhelmed pharmacy staff to fill prescriptions quickly so that Omnicare could submit claims and collect payments on these rollover claims.

Moreover, DOJ says that it possesses evidence that senior management at Omnicare and CVS knew of the practices.  The DOJ complaint charges among other things that the Omnicare’s Compliance Department succinctly acknowledged the problem in an internal April 2015 email in which one Regional Compliance Officer stated:  “An issue that I am running into more and more in multiple states concerns the ability of our systems to allow prescriptions to continue to roll after a year to a new prescription number without any documentation or pharmacist intervention.”  A compliance officer then forwarded the email to the head of Omnicare’s Third Party Audit group, who responded that she had a “potential solution (programmed last year) but no one is rolling it out now.”

In today’s announcement of the lawsuit, Manhattan U.S. Attorney Geoffrey S. Berman said:  “As alleged, Omnicare put at risk the health of tens of thousands of elderly and disabled individuals living in assisted living and other residential long-term care facilities by dispensing drugs for months, and sometimes years, without obtaining current, valid prescriptions from doctors.  A pharmacy’s fundamental obligation is to ensure that drugs are dispensed only under the supervision of treating doctors who monitor patients’ drug therapies.  Omnicare blatantly ignored this obligation in favor of pushing drugs out the door as quickly as possible to make more money.  This Office will continue to hold accountable those who put at risk people’s health and safety just to turn a profit.”

Meanwhile, HHS-OIG Special Agent in Charge Scott J. Lampert said:  “Failing to consult doctors as to whether prescriptions should be refilled places patients’ health and medical care at serious risk.  These automatic rollover refills could have significant consequences for vulnerable people in long term-care facilities.  We will continue working with law enforcement partners to protect people depending on these taxpayer-funded government health programs.”

Charges Suggest Potential Advisability For Plan Audit of Prescription Drug Charges To Confirm Supported By Valid Prescription For Dispensed Drugs

The charges made in the complaint filed against Omnicare highlight an area of claims payment eligibility not regularly verified by many pharmacy benefit and other health claims administrators when administering pharmacy benefit claims- the existence of a current valid prescription to support the dispensation of the billed prescription medication.  Except for pain management and certain other medications flagged by regulators or benefit systems as subject to heightened abuse risks, many plan administrators regularly take for granted existence of a current, valid script for many common, frequently issued and renewed, low cost prescriptions issued within frequency and other guidelines based upon the assumption that legal and ethical obligations of pharmacists and pharmacies under licensing, Drug Enforcement Agency and other rules generally provides adequate deterrence against abuses like those the DOJ accuses Omnicare of engaging in its complaint.  However, growing corporate or other nonprofessional ownership or management of pharmacies and their management coupled with very limited, virtually all complaint driven oversight of federal and state regulatory and ethical agencies is diminishing the frequency and effectiveness of such oversight.  As evidenced by the Omnicare complaint, scrupulous pharmacies may leverage opportunities allowed by this limited oversight to dispense and bill for commonly renewed prescription medication without proper orders in a manner that potentially places patients at risk at the expense of plans and their participants, beneficiaries, sponsors and insurers.  Plans, insurers, fiduciaries, plan sponsors and administrators concerned about these risks may want to use the Omnicare lawsuit announcement as an opportunity to educate plan members and their caregivers about the importance of monitoring prescriptions, their refills and claims for abuse; audit and encourage plan members and their caregivers of members with claims paid with respect to Omnicare and other pharmacy claims’ and take other steps to assess the adequacy and tighten as appropriate their existing pharmacy benefit review procedures for verification of the existence of a current, valid prescription to mitigate these exposures.  These exposures are further heightened by the widespread practice of outsourcing of pharmacy claims to prescription benefit management or other speciality pharmacy claims providers in many health plan designs including vendoirsand service providers owned or managed by parents or related companies of the pharmacy filling and billing for the scripts.

Health plan fiduciaries, administrators and sponsors that discover potential deficiencies in the validity of a prescription or other elements of a received or previously paid prescription benefit or other claim are cautioned to review and follow the applicable ERISA and for insured plans, state insurance, Patient Protection and Affordable Care Act (“ACA”) and contractual claims and appeals timelines and processes.  Failure to follow these requirements can undermine the enforceability of plan remedies as well as expose the plan, its insurer or fiduciary to administrative penalties and other liabilities.  Additionally, violations of the ACA mandated procedures also  in the case of employment based plans also could expose  the sponsoring employer or ubnion to liability for self reporting, self-assessment and payment of penalties under Internal Revenue Code Section 6039D.  Where relevant regulatory or contractual time periods for  denial have already expired either because the claim already was paid or the analysis otherwise was not timely completed in time to meet the deadline, plans may need to rely upon filing health care fraud or other avenues of relief in lieu of attempting to retroactively deny and recoup the questioned amounts in order to avoid violating the ACA and other rules.  Plan fiduciaries and administrators also may need to consider the applicability of offering  review by an independent medical review organization to fulfill ACA or other similar mandatesfor medical judgement based determinations.

More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations GroupHR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

 


$1.6M HIPAA Penalty Largely Caused By Inadequate Security Assessments & Oversight

December 16, 2019

The $1.6 million civil monetary penalty (“CMP”) assessed against the Texas Health and Human Services Commission (“TX HHSC”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules between 2013 and 2017 committed by a predecessor agency, the Department of Aging and Disability Services (“DADS”) illustrates the critical need for health plans and insurers and all other HIPAA covered entities and business associates to confirm the adequacy of their enterprise wide security assessment, oversight, and other HIPAA Privacy and Security compliance and risk management including documentation of the reassessment and updating of these materials and assessments in connection with any update or change in software, systems or other system and security relevant developments.

OCR imposed the CMPs against TX HHSC for violations of HIPAA OCR found DADS committed from 2015 to 2017, before it was reorganized into TX HHSC in September 2017.  Like most other large HIPAA CMPs and settlements paid to avoid CMPs, a review of the TX HSSC CMP events makes clear that the large penalty resulted mostly because of inadequate assessment and oversight of security, rather than the actual breach itself that prompted the investigation leading to the CMP assessment. Beyond the substantial HIPAA CMPs assessed, health plans, insurers, their fiduciaries and administrative or other service providers serving as business associates need to keep in mind their likely exposure to liability and expenses from fiduciary  responsibility breaches under the Employee Retirement Income Security Act of 1974, state insurance and other data security and breach requireents, contracts and other pbligations.

Before its merger into TX HHSC, DADS was the Texas agency primarily responsible for providing and administering the state’s long-term care services for aging and intellectually and physically disabled people.  TX HHSC now administers and provides the services previously provided by DADS as part of its broader operation of state supported living centers; provision of mental health and substance use services; regulation of child care and nursing facilities; and administration of hundreds of other programs for people needing supplemental nutrition benefits, Medicaid and certain other assistance including those previously provided by DADS.

DADS Breaches & Violations

The $1.6 million CMPs assessment against TX HHSC resulted after OCR investigated a 2015 breach report made by DADS.  On June 11, 2015, DADS submitted a Breach Notification Report (“Report”) notifying OCR that on April 21, 2015 names, addresses, social security numbers, treatment information and other electronic protected health information (“ePHI”) of 6,617 individuals was viewable over the internet when a software coding flaw allowed prohibited access to ePHI with access credentials when DADS moved an internal application from a private, secure server to a public server.  OCR’s investigation determined that, in addition to that impermissible disclosure, DADS violated the HIPAA Security Rule by failing to conduct an enterprise-wide risk analysis and implement access and audit controls on Community Living Assistance and Support Services and Deaf Blind with Multiple Disabilities (“CLASS/DBMD”) program information systems and applications intended to collect and report information about “Utilization Management and Review” activities to the Centers for Medicare & Medicaid Services (“CMS”) for the CLASS/DBMD waiver programs.. The CMS waiver programs required DADS to collect and report to CMS applicant and enrollee community and institutional service choice, Level of Care, Plan of Care, waiver provider choice  and other waiver program performance data for CLASS and DBMD as part of a required evidentiary report on all §1915(c) waiver programs.  The CLASS/DBMD application glitch compromised the ePHI by allowing an undetermined number of unauthorized users to view the ePHI without verifying user credentials. TX HHSC learned of the breach from an unauthorized user who accessed ePHI in the application without being required to input user credentials. Because of inadequate audit controls, DADS was unable to determine how many unauthorized persons accessed individuals’ ePHI.

OCR initiated a compliance review of DADS on June 23, 2015 in response to the breach notification. As HIPAA Security Rule at 45 C.F.R. ·§ 164.312(a)(l) requires a covered entity to implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons or software programs properly granted access rights under HIPAA Security Rule § 164.308(a)(4), OCR found that by placing the CLASS/DBMD application on their public server without requiring users to provide access credentials, TX HHSC violated HIPAA by failing to implement access controls on all of its systems and applications throughout its enterprise in violation of 45 C.F.R. § 164.312(a)(l).

The HIPAA Security Rule at 45 C.F.R. § 164.312(b) requires a covered entity to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.  In the course of its investigation, OCR requested in its June 23, 2015 Data Request that DADS provide a copy of its current HIPAA administrative and technical policies and procedures.  As DADS provided no evidence that the application was capable of auditing user access after it was moved to the unsecure public server as required by 45 C.F.R. § 164.312(b) with its response, OCR also concluded from its investigation that TX HHSC failed to implement audit controls to all of its systems and applications, like the application involved in the breach, as required by 45 C.F.R. § 164.312(b).

Beyond these violations, OCR also found that DADS also violated the HIPAA Security Rule by failing to conduct the required accurate and thorough enterprise wised risk analysis required by the HIPAA Security Rule.  In this respect, the HIPAA Security Rule at 45 C.F.R. § 164.308(a)(1)(ii)(A) requires a covered entity to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI it holds.  In its August 31, 2015 response to OCR’s Data Request dated July 23, 2015, DADS acknowledged that, while it had performed ”risk assessment activities” on individual applications and servers, it never performed an “agency-wide” security risk analysis.   On July 28, 2017, OCR received the documentation that DADS represented to be the documentation of its risk analysis.  After reviewing this evidence, OCR additionally found DADS violated the HIPAA Security Rule by failing to conduct an enterprise-wide risk analysis and implement access and audit controls.

Calculation & Assessment CMPs Totaling $1.6 Million

On May 23, 2018, OCR issued a Letter of Opportunity and informed TX HHSC that OCR’s investigation indicated that TX HHSC failed to comply with the Privacy and Security Rules, which remained unresolved despite OCR’s attempts to do so. The letter stated that pursuant to 45 C.F.R. § 160.312(a)(3), OCR was informing TX HHSC of the preliminary indications of non-compliance and providing TX HHSC with an opportunity to submit written evidence of mitigating factors under 45 C.F.R. § 160.408 or affirmative defenses under 45 C.F.R. § 160.410 for OCR’s consideration in making a CMP determination under 45 C.F.R. § 160.404. The letter identified each area of noncompliance.  It also stated that TX HHSC also could submit written evidence to support a waiver of a CMP for the indicated areas of non-compliance.

Although the designated representative for TX HHSC as DADS successor received the Letter of Opportunity on May 24, 2018, . TX HHSC did not provide any written evidence of mitigating factors under 45 C.F.R. § 160.408 or affirmative defenses under 4S C.F.R. § 160.410 for OCR’s consideration in making the CMP determination or submit any written evidence to support a waiver of a CMP for the indicated areas of non-compliance.  Accordingly, after securing the requisite approval from the Justice Department, OCR issued a Notice of Proposed Determination of Civil Monetary Penalties (“Proposed CMP”) on July 29, 2019.

As explained by the Proposed CMP, as amended by the HITECH Act, Section 13410, 42 U.S.C. § 1320d-5(a)(3), HIPAA authorizes OCR as the designated representative of the Secretary of HHS to impose CMPs against a covered entity for post-February 18, 2009 HIPAA Privacy or Security Rule violations.  These current CMP provisions provide the following rules for the assessment of CMPs for such violations:

  • A minimum of$100 for each violation where the covered entity or business associate did not know and, by exercising reasonable diligence, would not have known that the covered entity or business associate violated such provision, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000.
  • A minimum of$1,000 for each violation due to reasonable cause and not to willful neglect, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $100,000. Reasonable cause means an act or omission in which a covered. entity or business associate knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the covered entity or business associate did not act with willful neglect.
  • A minimum of $10,000 for each violation due to willful neglect and corrected within 30 days, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $250,000.
  • A minimum of$50,000 for each violation due to willful neglect and uncorrected within 30 days, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $1,500,000.

By law, OCR adjusts the CMP ranges and calendar year cap for each penalty tier for inflation.  The adjusted amounts are applicable only to CMPs whose violations occurred after November 2, 2015.

The Proposed CMP included notice of the CMPs OCR intended to impose CMPs totaling $1.6 million for the violations.  Characterizing each of the violations as due to reasonable cause and not willful neglect, the Proposed CMP Notice made note that OCR was authorized by statute to assess penalties of up to $50,000 per day for each day of the identified violations due for reasonable cause, rather than willful neglect, but authorized OCR to adjust the penalties in light of aggravating and mitigating factors.  The Proposed CMP stated that in arriving at the lesser daily penalty amount, OCR considered as mitigating factors that:

  • The violations did not result in any known physical, financial, or reputational harm to any individuals nor did it hinder any individual’s ability to obtain health care;  and
  • TX HHSC immediately removed the application once it received a report that unauthorized users could access the ePHI of individual beneficiaries.

However, OCR also took note that it viewed DADS failure to act promptly to remediate the breach and to keep a commitment made to OCR in August, 2015 timely to conduct and complete the agency wide risk analysis by August 31, 2016 as an aggravating factor.  Considering these factors, the Proposed CMP notified TX HHSC that OCR intended to assess a daily penalty amount of$1,000 per day ($1,141 after November 2, 2015) per violation capped at $100,000 per calendar year per violation. Applying these amounts, the CMP notified TX HHSC that OCR intended to impose CMPs totaling $1.6 million, as follows:

  • Impermissible disclosures in violation of 45 C.F.R. § 164.502(a), a $100,000 CMP
  • Inadequate access controls in violation of 45 C.F .R. § 164.312(a)(l), a $500,000 CMP
  • Inadequate audit controls in violation of 45 C.F.R. § 164.312(b), a $500,000 CMP
  • Failure to perform required enterprise wide risk analysis in violation of 45 C.F.R. § 164.308(a)(l)(ii)(a), a $500,000.

After TX HHSC , as successor to DADS, did not file a request for hearing before an administrative law judge within the 90 days, OCR imposed the $1.6 million CMP in dated  October 25, 2019 made public on November 7, 2019.

Lessons For Other Health Plans, Insurers & Other HIPAA Exposed Entities

The latest in a growing series of multimillion dollar CMPs and Resolution Payments assessed and collected by OCR, the TX HHSC CMP illustrates the critical necessity for all covered entities and business both to take appropriate, well-documented action to prevent, timely discover and redress, and report ePHI breaches and otherwise comply with the otherwise applicable requirements of the HIPAA Privacy, Security and Breach Notification Rules including the conduct and continuous maintenance of appropriate enterprise wide security assessments, audits, and oversight.  With OCR promising to continue its enforcement, all covered entities and business associates should verify the existence and adequacy of their existing enterprise wide risk assessments and safeguards and procedures for monitoring, investigating potential security risks and other breaches and other HIPAA compliance oversight.  Beyond these compliance efforts, the TX HHSC and other CMP actions also drive home the strong advisability for covered entities or business associates that experience a known or potential breach or other violation promptly to investigate and mitigate potential breaches and other violations.

Beyond the direct HIPAA exposure, health plans and their fiduciaries also need to keep in mind that these violations also can create fiduciary liability risks for ERISA fiduciaries, state insurance and identity theft exposures for brokers and other service providers, contractual exposures for vendors, and other risks.  The Department of Labor recently has begun making inquiries about data security and privacy as part of its plan audits according to recent reports.

When managing HIPAA and other compliance and risks, health plans and other covered entities and business associates should seek assistance in conducting their assessments as well as responding to any preexisting and emergent breach or other compliance concerns within the scope of attorney-client privilege from qualified legal counsel with the necessary knowledge and experience of HIPAA and other federal and state laws, regulations and administrative and judicial decisions that define and shape their exposure.  In the event of a breach or other compliance concern, timely guidance and representation by legal counsel with both experience of these requirements and with dealing with OCR and other agencies may help mitigate exposures by expediting timely and appropriate response.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation GroupMs. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.  As a part of this work, she has continuously and extensively worked with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.  This  involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve  sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology,  data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


10 Former NFL Payers Charged With Defrauding NFL Retiree Health Fund

December 13, 2019

Ten former National Football League (NFL) players face prosecution for their alleged roles in a nationwide health care fraud scam that Justice Department prosecutors allegedly defrauded the Gene Upshaw NFL Player Health Reimbursement Account Plan (the “Plan)” by submitting more than $3.9 million in false and fraudulent claims between June 2017 and December 2018.

According to the charges brought in two separated indictments filed December 12, 2019 in the Eastern District of Kentucky, the charged players participated in a nationwide conspiracy that resulted in the submission of more than $3.9 million in false claims to the Plan, for which the Plan paid out over $3.4 million between June 2017 and December 2018.  See Buckhalter and Rogers Indictment; McCune et al Indictment.  The Plan established pursuant to the 2006 collective bargaining agreement between the NFL and payers provides a health care reimbursement account to reimburse up to a maximum of $350,000 per player of out-of-pocket medical care expenses a former player, his wife or dependents incurs not covered by insurance.

The indictments charge that the scheme to defraud involved the submission of false and fraudulent claims to the Plan for expensive medical equipment – typically between $40,000 and $50,000 for each claim never purchased or received.  The expensive medical equipment described on the false and fraudulent claims included hyperbaric oxygen chambers, cryotherapy machines, ultrasound machines designed for use by a doctor’s office to conduct women’s health examinations and electromagnetic therapy devices designed for use on horses.   The indictments reflect that no health care providers participated in the scheme.  Rather the players submitted these allegedly false charges without any health care provider participation.

Charged in the two separated indictments include the following former NFL players including five former Washington Redskins.  Those charged and the charges brought include the following:

  • Charges of one count of conspiracy to commit wire fraud and health care fraud, nine counts of wire fraud and nine counts of health care fraud brought against former NFL linebacker Robert McCune, McCune’s career included stints with the Washington Redskins, Miami Dolphins, Baltimore Ravens and Cleveland Browns between 2005 and 2009;
  • Charges of one count of conspiracy to commit wire fraud and health care fraud, two counts of wire fraud and two counts of health care fraud made against:
    • Former Washington Redskins cornerback  John Eubanks who was draft but only played as a practice squad player with the Washington Redskins in 2006-2017 season before going on to play in the Canadian Football League between 2009 and 20011;
    • Tamarick Vanover, a former NFL wide receiver the Kanas City Chiefs, San Diego Chargers and Las Vegas Posse  who was the Atlantic Coast Conference Rookie of the Year while playing for Florida State in 1992; and
    • Carlos Rogers, a former NFL cornerback drafted by the Washington Redskins, who also played for the San Francisco 49ers and Oakland Raiders;
  • Charges of one count of conspiracy to commit wire fraud and health care fraud, one count of wire fraud and one count of health care fraud against:
    • Clinton Portis, a former NFL running back best known for his years as a starting running back for the Washington Redskins, for seven seasons, who also played with the Denver Broncos during his 10 year NFL career;
    • Ceandris “C.C.” Brown, a former safety drafted by the Houston Texans in 2005 who after three seasons with Houston was signed by the New York Giants, Detroit Lions and Jacksonville Jaguars;;
    • James Butler, a former NFL safety for the New York Giants from 2005-2008 Seasons and with the St. Louis Rams from 2009-2012; and
    • Fredrick Bennett, a grid iron defensive back drafted by the Houston Texans in 2007 before being traded to the San Diego Chargers in 2010, the Cincinnati Bengals in 2010, and the Arizona Cardinals in 2011 before going on to play in the Canadian Football League from 2012 to 2016.  Bennett is currently a NFL free agent; and
  • Charges of one count of conspiracy to commit wire fraud and health care fraud against:
    • Correll Buckhalter, a former NFL running back who played with the Philadelphia Eagles from 2001 to 2008 and the Denver Broncos from 2009 to 2010;
    • Etric Pruitt, a former NFL special teams and safety who after having little playing time for most of his NFL career played a major role in Super Bowl XII while signed to the Seattle Seahawks.  In addition to his Seahawks stink in 2005, Pruitt also was signed with the Atlanta Falcons and Detroit Lions during his NFL career.

In addition to the charges brought Thursday, the Justice Department also has filed notice that it intends to file criminal charges alleging conspiracy to commit health care fraud in the Eastern District of Kentucky against the following individuals:

  • Joseph “Joe” Horn, a former NFL wide receiver who played with the Kansas City Chiefs, New Orleans Saints, and Atlanta Falcons between 1996 and 2007.  Horn made the Pro Bowl team four times and is a member of the New Orleans Saints Hall of Fame.  In 2001, Horn made headlines when he and 11 other former NFL plays sued the NFL alleging it failed to properly diagnose and treat head injuries that led to changes in the NFL policies regarding diagnosis and treatment of players for potential brain injuries and the establishment of a traumatic brain injury fund; ;and
  • Donald “Reche” Caldwell a former NFL wide receiver who during his six seasons in the NFL played with the Sand Diego Chargers, New England Patriots, Washington Redskins and St. Louis Rams.

According to allegations in the indictments, McCune, Eubanks, Vanover, Buckhalter, Rogers and others recruited other players into the scheme by offering to submit or cause the submission of these false and fraudulent claims in exchange for kickbacks and bribes that ranged from a few thousand dollars to $10,000 or more per claim submitted.  As part of the scheme, the defendants allegedly fabricated supporting documentation for the claims, including invoices, prescriptions and letters of medical necessity.  After the claims were submitted, McCune and Buckhalter allegedly called the telephone number provided by the Plan and impersonated certain other players in order to check on the status of the false and fraudulent claims.

The indictments reflect the Justice Department’s continuing commitment to investigate and prosecute health care fraud, including fraudulent dealings by plan members and others.of private employeer or union sponsored health plans. If convicted, the defendants could face significant prison sentences and probation and fines.

The Justice Department press release concerning the indictments quotes U.S. Attorney  for the Eastern District of Kentucky Robert M. Duncan Jr.,the Justice Department has “prioritized the investigation and prosecution of health care fraud in our office.” Meanwhile, FBI Special Agent in Charge  of the Miami Field Office George L. Piro is quoted as stating that “This investigation serves as an illustration of the rampant and deliberate scams against health care plans occurring daily throughout the country…”  in this case, these fraudsters pocketed money from the Gene Upshaw National Football League Health Reimbursement Account Plan that was intended for former NFL players who are ill or infirm.  Over 20 FBI field offices participated in this investigation which demonstrates the level of commitment we have to rooting out this type of fraud.”

In addition to the additional costs that employers can incur to fund health plan liabilities, taking prudent steps to detect, prevent and redress fraudulent health plan claims is considered part of the fiduciary duies of heatlh plan fiduciaries under the Employee Retirement Income Security Act.  Fiduciaries found to have failed to take such prudent actions risk personal liability fo rplan losses resulting from fraud committed against their health plans.

The NFL player indictments show taht prosecutions Alone or coupled with the hundreds of other fraud investigations and prosecuations that the Department of Justice and other federal and state agencies pursue each year, send a strong message that the Justice Department and other fedederal agencies stand ready to investigate nad prosecute health care fraud against private employer or union sponsored health plans, as well as fraud against Medicare, Mdicaid and other government programs.

More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press Health Care Risk Management & Operations Group and registering for updates on our Solutions Law Press Website.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, as a primary focus of this work, Ms. Stamer has worked extensively with employer and union sponsored health and other employee benefit plans, insurers, third party administrators, plan fiduciaries and other health and other insured and self insured welfare plan, severance plans, defined contribution and other savings plans, defined benefit and other pension plans, incentive pay and deferred compensation programs and other employee benefit industry clients, employers and other plan sponsors, domestic and international health care providers, and as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, the ABA RPTE Employee Benefits & Other Compensation Group and its Welfare Benefits, Fiduciary Responsibiity and other Commitees, Ms. Stamer is noted for her decades-long leading edge work, scholarship and thought leadership on health,care, managed care and insurance, employee benefits, human resources and other workforce and related compliance and internal controls, policy and regulatory affairs, design and operations, and defense including 30 plus years experience working with clients on ERISA, insurance,  STARK, antikickback, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care;  internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Department of Justice, Department of Labor, Department of Health and Human Services, Department of Insurane, Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement;  and other strategic and operational concerns.

Author of a multitude of highly regarded publications and programs on health and managed care fraud,and  other health care, health plan and other health benefit, health care, employee benefits and other related matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

 

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly


2018 US National Health Expenditures Grew Again

December 10, 2019

Total U.S. national healthcare spending in 2018 grew 4.6 percent according to a study conducted by the Office of the Actuary at the Centers for Medicare & Medicaid Services (CMS). CMS reports this growth rate was slower than the 5.4 percent overall economic growth as measured by Gross Domestic Product (GDP). Consequently, the share of the economy devoted to health spending decreased from 17.9 percent in 2017 to 17.7 percent in 2018. 

Growth in overall healthcare spending has averaged 4.5 percent for 2016-2018, slower than the 5.5 percent average growth for 2014-2015, that was affected by expanded Medicaid and private insurance coverage and increased spending for prescription drugs, particularly for drugs used to treat hepatitis C. 

The growth in total national healthcare expenditures was approximately 0.4 percentage point higher than the rate in 2017 and reached $3.6 trillion in 2018, or $11,172 per person.

According to the report, private health insurance, Medicare, and Medicaid experienced faster growth in 2018.  The faster growth for these payers was influenced by the reinstatement of the health insurance tax which was applied to private health insurance, Medicare Advantage, and Medicaid Managed care plans. The health insurance tax was a fee imposed on all health insurance providers beginning in 2014 as a part of the funding for the Affordable Care Act (ACA) and was subsequently amended to institute a one-year moratorium on the fee for 2017.

  • Private health insurance spending(34 percent of total health care spending) increased 5.8 percent to $1.2 trillion in 2018, which was faster than the 4.9 percent growth in 2017.  The acceleration was driven in part by an increase in the net cost of private health insurance, which was a result of the reinstatement of the health insurance tax in 2018 following a one-year moratorium in 2017.
  • Medicare spending (21 percent of total health care spending) grew 6.4 percent to $750.2 billion in 2018, which was faster than the 4.2 percent growth in 2017. The faster growth in Medicare spending in 2018 was influenced by faster growth in the net cost of insurance of Medicare private health plans (mostly Medicare Advantage plans) due to the reinstatement of the health insurance tax in 2018, faster growth in Medicare spending for medical goods and services, and an increase in government administration spending after a reduction in 2017.
  • Medicaid spending (16 percent of total health care spending) increased 3.0 percent to $597.4 billion in 2018.  This was faster than the rate of growth in 2017 of 2.6 percent.  The faster rate of growth in 2018 was driven by faster growth in the net cost of insurance for Medicaid managed care plans, also due in part to the reinstatement of the health insurance tax.  
  • Out-of-pocket spending (10 percent of total health care spending) includes direct consumer payments such as copayments, deductibles, and spending not covered by insurance.  Out-of-pocket spending grew 2.8 percent to $375.6 billion in 2018, which was faster than the 2.2 percent growth in 2017. Faster out-of-pocket spending growth for retail prescription drugs, durable medical equipment, and dental services more than offset a slowdown in out-of-pocket spending for hospital care.

Health care spending growth was mixed in 2018 for the three largest goods and service categories – hospital care, physician and clinical services, and retail prescription drugs.

  • Hospital spending (33 percent of total healthcare spending) increased at about the same rate in 2018 as in 2017, growing 4.5 percent and 4.7 percent, respectively, to reach $1.2 trillion in 2018.  The steady growth in 2018 was driven by an acceleration in hospital price growth that was offset by slower growth in the use and intensity of hospital services.
  • Physician and clinical services spending (20 percent of total healthcare spending) increased 4.1 percent to reach $725.6 billion in 2018.  This was slower than the rate of growth in 2017 of 4.7 percent.  The deceleration in 2018 was driven by slower growth in the use and intensity of physician and clinical services, as physician and clinical price growth accelerated in 2018. 
  • Retail prescription drug spending(9 percent of total healthcare spending) grew 2.5 percent in 2018 to $335.0 billion following slower growth of 1.4 percent in 2017.  This faster rate of growth was driven by non-price factors, such as the use and mix of drugs consumed, which more than offset a decline of 1.0 percent in prices for retail prescription drugs.

Additional highlights from the report include:

  • Sponsors of Healthcare. In 2018, the federal government’s spending on health care increased 5.6 percent, accelerating from growth of 2.8 percent in 2017, and was driven by faster growth in the federally-funded portions of Medicare and Medicaid expenditures.  Private businesses’ health care spending increased 6.2 percent in 2018 due primarily to faster growth in employer-sponsored private health insurance premiums. The federal government and households accounted for the largest shares of spending (28 percent each), followed by private businesses (20 percent), state and local governments (17 percent), and other private revenues (7 percent).

The National Health Expenditure estimates have been revised to reflect the most recent and up-to-date source data that is available (and may not have been available for last year’s vintage of the National Health Expenditure Accounts).

The 2018 National Health Expenditures data and supporting information will appear here.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our LinkedIn Solutions Law Groups and registering for updates on our Solutions Law Press Website.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

As a primary focus of this work, Ms. Stamer has worked extensively with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers, health industry advocacy and other service providers and groups and other health industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is noted for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility for the suitability, completeness, accuracy or other content or to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


ONC Patient Matching for Prescription Drug Monitoring Program Slides Available

December 7, 2019

Slides from the presentations made at Office of the National Coordinator for Health Information Technology (ONC) September 6, 2019 symposium on Patient Matching for Prescription Drug Monitoring Programs (PDMPs) are now available on line. This one-day symposium brought together PDMP administrators, standards development groups, health IT developers, representatives from pharmacies, and a number of other stakeholders to discuss patient matching challenges and opportunities to support the interoperability of prescription data.Access that data here.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our LinkedIn Solutions Law Groups and registering for updates on our Solutions Law Press Website.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

As a primary focus of this work, Ms. Stamer has worked extensively with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers, health industry advocacy and other service providers and groups and other health industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.

Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is noted for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

IAbout Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility for the suitability, completeness, accuracy or other content or to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


SBA Hosts Employee Benefits Roundtable 11/21

November 18, 2019

The Small Business Administration (“SBA”) Advocacy Office will is host an Employee Benefits Roundtable on Thursday, Nov. 21 from 10:00 AM until 12:00 noon at the SBA Headquarters in Washington, D.C. with the following agenda:

Welcome and Introductions (10:00 am – 10:15 am)

  • Charles G. Jeane, Assistant Chief Counsel, SBA Office of Advocacy

Discussion of Small Business Use of Cafeteria Plans (10:15 am – 10:45 am)

  • Gary Kushner, President and CEO of Kushner & Company

Discussion of MEPs and Open MEPs (10:45 am – 11:15 am)

  • Sandra Turner, President of Retirement Plan Specialists, Inc.

Discussion of Adding Annuities as An Option for Plan Participants (11:15 am – 11:45 am)

  • Chantel Sheaks, Executive Director, Retirement Policy, U.S. Chamber of Commerce

Open Discussion/Other Small Business Issues (11:45 am – 12:00 pm).  

The purpose of these roundtable meetings is to exchange opinions, facts, and information and to obtain the attendees’ individual views and opinions regarding small business concerns.  The meetings are not intended to communicate or achieve any consensus positions of the attendees.

Roundtable meetings are open to all interested persons, except the press. Press are excluded in order to facilitate an open and frank discussion about small business-related issues.

About The Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation; Former Chair of the RPTE Employee Benefits and Compensation Committee, a current Co-Chair of the Committee, and the former Chair of its Welfare Benefit and its Defined Compensation Plan Committees and former RPTE Joint Committee on Employee Benefits Council (JCEB) Representative, Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent” practicing attorney and management consultant, author, public policy advocate, author and lecturer repeatedly recognized for her 30 plus years’ of work and pragmatic thought leadership, publications and training on health, pension and other employee benefit,  insurance, labor and employment, and health care  fiduciary responsibility, payment, investment, contracting  and other design, administration and compliance concerns as among the “Top Rated Labor & Employment Lawyers in Texas,” a “Legal Leader,” a “Top Woman Lawyer” and with other awards by LexisNexis® Martindale-Hubbell®; as among the “Best Lawyers In Dallas” for her work in the field of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, in International Who’s Who of Professionals and with numerous other awards and distinctions.

Highly valued for her ability to meld her extensive legal and industry knowledge and experience with her talents as an insightful innovator and pragmatic problem solver, Ms. Stamer advises, represents and defends employer, union, multi-employer, association and other employee benefit plan sponsors, insurers and managed care organizations, fiduciaries, plan administrators, technology and other service providers, government and community leaders and others about health and other employee benefit and insurance program and policy design and innovation, funding, documentation, administration, communication, data security and use, contracting, plan, public and regulatory reforms and enforcement, and other risk management, compliance and operations matters.

Her experience encompasses leading and supporting the development and defense of innovative new policies, programs, practices and solutions; advising and representing clients on routine plan establishment, plan documentation and contract drafting and review, administration, change and other compliance and operations; crisis prevention and response, compliance and risk management audits and investigations, enforcement actions and other dealings with the US Congress, Departments of Labor, Treasury, Health & Human Services, Federal Trade Commission, Justice, Securities and Exchange Commission, Education and other federal agencies, state legislatures, attorneys general, insurance, labor, worker’s compensation, and other agencies and regulators, and various other foreign and domestic governmental bodies and agencies.

She also provides strategic and other supports clients in defending litigation as lead strategy counsel, special counsel and as an expert witness. Alongside her extensive legal and operational experience, Ms. Stamer also is recognized for her work as a public and regulatory policy advocate and community leader with a gift for finding pragmatic solutions and helping to forge the common ground necessary to build consensus. Best known for her domestic public policy and community leadership on health care and insurance reform, Ms. Stamer’s lifelong public policy and community service involvement includes service as a lead consultant to the Government of Bolivia on its pension privatization project, as well as extensive legislative and regulatory reform, advocacy and input workforce, worker classification, employee benefit, public health and healthcare, social security and other disability and aging in place, education, migration reforms domestically and internationally throughout her adult life.

In addition to her public and regulatory policy involvement, Ms. Stamer also contributes her service and leadership to a professional and civic organizations and efforts including her involvement as the Founder and Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence; Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; Vice Chair, Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group; current Fiduciary Responsibility Committee Co-Chair and Membership Committee member of the ABA RPTE Section; former RPTE Employee Benefits and Other Compensation Group Chair, former Chair and Co-Chair of its Welfare Plans Committee, and Defined Contribution Plans Committee; former RPTE Representative to ABA Joint Committee on Employee Benefits Council; former RPTE Representative to the ABA Health Law Coordinating Counsel; former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, former Board Member, Continuing Education Chair and Treasurer of the Southwest Benefits Association; Vice President of the North Texas Healthcare Compliance Professionals Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; past Dallas World Affairs Council Board Member, and in leadership of many other professional, civic and community organizations.

Ms. Stamer also is a highly popular public speaker, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, the Society of Professional Benefits Administrators, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients, serves on the faculty and planning committee of many workshops, seminars, and symposia, and on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.

Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other public policy advocacy and other professional and civic organizations and involvements. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.

Before founding her current law firm, Cynthia Marcotte Stamer, P.C., Ms. Stamer practiced law as a partner with several prominent national and international law firms for more than 10 years before founding Cynthia Marcotte Stamer, P.C. to practice her unique brand of “Solutions law™” and to devote more time to the pragmatic policy and system reform, community education and innovation, and other health system improvement efforts of her PROJECT COPE: the Coalition on Patient Empowerment initiative.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions  Law Press, Inc.™. For information about republication, please contact the author directly. All other rights reserved.


New $2.15M OCR Penalty Shows Health Plans Risks Of HIPAA Violations

October 23, 2019

Health plans and insurers and their service providers should heed as a warning of the potential perils they could face for violating the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules the just-announced $2.15 million plus civil monetary penalty that Jackson Health System (JHS) paid the Department of Health & Human Services Office of Civil Rights (OCR).

While the HIPAA-covered entity that paid the $2,154,000 civil monetary penalty, JHS,  is a Florida-based nonprofit academic medical system, rather than a health plan, the $1,500,000 HIPAA resolution payment OCR previously collected from Blue Cross Blue Shield of Tennessee (BCBST) in 2012 for its breaches of HIPAA make clear that health plans and insurers risk similar penalties for HIPAA violations.  Consequently, health plans, health insurers and other health care providers and their business associates should construe the JHS civil monetary penalty as evidence of the need to re-verify and remain constantly vigilant about maintaining compliance with HIPAA’s privacy, security and breach notification rules currently and on an ongoing basis.

JHS HIPAA Breaches Found By OCR

The $2.1 million plus payment was required to satisfy a civil monetary penalty assessment OCR imposed in a Notice of Proposed Determination and Notice of Final Determination made public by OCR on October 23, 2019 in response to findings from a series of investigations of HIPAA breach and compliance concerns raised between 2013 and 2016 raised by various HIPAA-mandated breach reports and media reports that raised concerns about improper access disclosure and use of patient PHI between 2013 and 2016.  When JHS did not challenge the findings or determination became final.  OCR reports JHS has paid the specified $2.154,000  civil monetary penalty.

JHS operates six major hospitals, a network of urgent care centers, multiple primary care and specialty care centers, long-term care nursing facilities, and corrections health services clinics, provides health services to approximately 650,000 patients annually, and employs about 12,000 individuals.

On August 22, 2013, JHS submitted a breach report to OCR stating that its Health Information Management Department lost paper records containing the protected health information (PHI) of 756 patients in January 2013. JHS’s internal investigation determined that an additional three boxes of patient records also were lost in December 2012; however, JHS did not report the additional loss or the increased number of individuals affected to 1,436, until June 7, 2016.

In July 2015, OCR initiated an investigation following a media report that disclosed the PHI of a JHS patient. A reporter had shared a photograph of a JHS operating room screen containing the patient’s medical information on social media. JHS subsequently determined that two employees had accessed this patient’s electronic medical record without a job-related purpose.

On February 19, 2016, JHS submitted a breach report to OCR reporting that an employee had been selling patient PHI. The employee had accessed inappropriately over 24,000 patients’ records since 2011.

According to OCR Director Roger Severino, “OCR’s investigation revealed a HIPAA compliance program that had been in disarray for a number of years. …This hospital system’s compliance program failed to detect and stop an employee who stole and sold thousands of patient records; lost patient files without notifying OCR as required by law; and failed to properly secure PHI that was leaked to the media.”

These and other findings led to the OCR determination in the Notice of Proposed Determination and Notice of Final Determination that JHS failed to provide timely and accurate breach notification to the Secretary of HHS, conduct enterprise-wide risk analyses, manage identified risks to a reasonable and appropriate level, regularly review information system activity records, and restrict authorization of its workforce members’ access to patient ePHI to the minimum necessary to accomplish their job duties.  OCR assessed the $2.1 million civil monetary penalty based on these determinations.

The JHS civil monetary penalty is The latest in a growing series of OCR enforcement and regulatory actions that drive home the perils HIPAA-covered health care providers, health plans and insurers, healthcare clearinghouses and  business associates risk by failing to responsibly and effectively manage their HIPAA compliance including the one against mega-health plan and business associate, BCBST, that resulted in its payment of a $1,500,000 resolution payment.  For details of the BCBS Resolution Agreement and Settlement payment, see here.

OCR enforcement data documents a steady  rise in OCR investigation and enforcement activity.  OCR set all-time records for HIPAA Enforcement in 2018.  Heavy enforcement activity has continued in 2019.   Before its October 23, 2019 announcement of the JHS civil monetary penalties, OCR already had announced:

Given these and other previously announced enforcement initiatives and actions, all HIPAA covered entities and their business associates are urged to maintain hypervigilance about their own HIPAA compliance with long standing as well as emerging HIPAA requirements taking into account old, recent, and emerging guidance and enforcement activities of OCR.  Of course health plans and other covered entities also need to additionally weigh their exposure under various other state and federal law likely to arise from such breaches and the investigation, mitigation and public and customer trust consequences that almost always accompany and frequently exceed the actual HIPAA liability imposed. Considered together, these and other consequences of HIPAA vioations or other sloppy dealings with protected health inforamtion or ther sensitive health care or financial information make a clear case for investing appropriately in HIPAA and related compliance.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates and join discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press HR & Benefits Update Compliance Update Group and registering for updates on our Solutions Law Press Website.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;   domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations;  and other private and government organizations and their management leaders.  As part of this work, she has worked extensively on employee benefit communication and other employee benefit plan legislative and regulatory policy, design, compliance and enforcement including testifying to the EBSA Advisory Council on Employee Welfare and Pension Benefit Plans in  on the effectiveness of employee benefit plan disclosures during 2017 hearings on on reducing the burdens and increasing the effectiveness of ERISA mandated disclosures.

Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; manage labor-management relations, comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline;  handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

A Fellow in the American College of Employee Benefit Counsel and Past Chair of both the ABA Managed Care & Insurance Interest Group and it’s RPTE Employee Benefits and Other  Compensation Group, Ms. Stamer also has leading edge experience in health benefit, health care, health, financial and other plan, program and process design, administration, documentation, contracting, risk management, compliance and related process and systems development, policy and operations; training; legislative and regulatory affairs, and other legal and operational concerns.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  We also invite you to join the discussion of these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission and its content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion.otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.


Health Plans Should Prepare For Plan Fallout Of HHS Rule Requiring Manufacturers Disclose Drug Prices

May 9, 2019

On Wednesday, May 8, 2019, Health and Human Services(“HHS”) Secretary Alex Azar announced the adoption of a Medicare and Medicaid Programs; Regulation to Require Drug Pricing Transparency Final Rule (the “Rule”) by the Centers for Medicare & Medicaid Services (“CMS”) requiring direct-to-consumer television advertisements for prescription pharmaceuticals covered by Medicare or Medicaid to include the list price – the Wholesale Acquisition Cost – if that price is equal to or greater than $35 for a month’s supply or the usual course of therapy.

Part of President Trump’s American Patients First blueprint, the 102 page Rule seeks to increase transparency for patients and bring down overall drug costs both for patients and for the Medicare and Medicaid programs.

Effective 60 days after its official publication in the Federal Register on May 10, 2019, the Rule will require direct-to-consumer television advertisements for prescription drug and biological products covered by Medicare or Medicaid to include the list price – the Wholesale Acquisition Cost – if that price is equal to or greater than $35 for a month’s supply or the usual course of therapy, with the prices updated quarterly.

According to CMS, the 10 most commonly advertised drugs have list prices ranging from $488 to $16,938 per month or usual course of therapy. CMS believes patients should know what a drug costs as they discuss their options with their doctor.

While pharmaceutical drug manufactures generally must obtain approval from the FDA Office of Prescription Drug Promotion (ODPD) for advertising, OPDP does not review price information in prescription drug advertisements. Consequently, HHS says ODPD will not require a manufacturer that simply adds price information to a direct-to-consumer advertisement as required by § 403.1202 of the Rule unless the price information explicitly or implicitly incorporates safety or efficacy information about the drug, or makes express or implied claims about the safety or efficacy of the drug.

In addition to the Rule, HHS continues to review a number of other rules and proposals it hopes to further advance the American Patients First blueprint initiative to improve drug price transparency and inform consumer decision making by fixing opaque systems, changing incentives that drive costs or other undesirable behaviors by pharmaceutical companies, prescription benefit management (“PBM”) companies, health insurers and plans, providers and patients.

Health plan, their employer and other sponsors, insurers, PBM and other vendors and others should anticipate that the new Rule and other elements and initiatives of the Trump Administration American Patients First blueprint will impact plan design and administration both by directly impacting PBM and pharmaceutical costs, products, formularies and arrives and by fueling a host of new discussions by patients and their providers about pharmaceutical drug selection. In addition to impacting existing plan features and their administration, health plans, their fiduciaries, administrators and insurers should prepare for a predictable surge in scrutiny by plan

members about health plan prescription drug formularies that in many cases will fuel new appeals and challenges to the plan denials, formularies and other impacted features. Health plan fiduciaries, administrators, PBMs and other vendors, employer and other sponsors should anticipate and begin preparing both to handle these new health plan demands and ideally, to educate patients and their caregivers to use the new information to

make better health care choices.

If you have questions or would like more information about the new Rule or other developments impacting your health plan design or administration, please contact the author directly.

If you found this article of interest, Solutions Law Press, Inc. invites you to check out other Solutions Law Press, Inc. publications. We also invite you to share your own best practices ideas and resources and join the discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Solutions Law Press HR & Benefits Update Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations; and other private and government organizations and their management leaders.

Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline; handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as the following:


  • Health Plans Should Prepare For Plan Fallout Of HHS Rule Requiring Manufacturers Disclose Drug Prices
  • Congress Moves To Enact Federal Paid Leave Rules
  • $3 Million OCR Touchstone Settlement Warns Health Plans of Perils of HIPAA Violations
  • Employer Faces 5 Years Imprisonment For Not Paying Employment & Income Tax Withholding To IRS
  • Health Plans Must Share PHI To Apps When Members Request, Responsible For Security On Plan-Sponsored Apps
  • NLRA Not Violated By Employers Termination of Union Dues Withholding In Response To Wisconsin Right To Work Law
  • Tell Employees, Plan Members About April 27 National Prescription Drug Take Back Day
  • Proposed FLSA Joint Employer Rule Would Reduce Business’ Joint Employer Wage & Hour Liability
  • Proposed FLSA Base Pay Rule Clarifies Overtime Treatment Of Perks
  • Federal Veterans Hiring Benchmark Resets 3/31 To 5.9%; Prepare For Audits & Other Enforcement
  • Consider Employee Recess In Your Employee Wellness Programs
  • Use 3/26 Diabetes Alert Day Resources To Jumpstart Your Diabetes Management & Cost Containment Efforts
  • NLRB Responds To House Democrats About Private Contractor Participation In Joint Employment Rule Comment Processing
  • Employee Transportation Deduction Rules Changed
  • 2019 Mileage Rates Adjusted; Employee Unreimbursed Mileage & Relocation Mileage Deductions Unavailable In 2018 and 2019
  • If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. We also invite you to join the discussion of these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.


    $3 Million OCR Touchstone Settlement Warns Health Plans of Perils of HIPAA Violations

    May 6, 2019

    Health plans, their sponsoring employers and unions, insurers, fiduciaries, administrators, insurers and other service providers should learn from the $3 million lesson a Franklin, Tennessee-based diagnostic medical imaging services provider is learning about the heavy penalties a health plan, health care provider, health care clearinghouse  or business associate  (“Covered Entity”) risks if a post-data breach investigation by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”)  shows  the Covered Entity breached the privacy, data security, business associate agreement and breach notificataion rules of the Health Insurance Portability and Accountability Act (HIPAA) Security and Breach Notification Rules before or after the breach.

    Under a new OCR Resolution Agreement and Corrective Action Plan announced May 6, 2019, Touchstone Medical Imaging (“Touchstone”) must pay $3,000,000 to OCR and adopt a corrective action plan to settle OCR charges it violated HIPAA arising from an OCR investigation of Touchstone’s handling of a 2014 breach.  Around May 9, 2014, the Federal Bureau of Investigation (“FBI”) and OCR notified Touchstone that one of its FTP servers allowed uncontrolled access to PHI that allowed search engines to index the PHI of more than 300,000 of Touchstone’s patients, which remained visible on the Internet even after the server was taken offline.   While Touchstone initially claimed that no patient PHI was exposed,  in the course of OCR’s investigation, Touchstone subsequently admitted PHI of more than 300,000 patients was exposed including, names, birth dates, social security numbers, and addresses.  As a result of its delayed acknowledgement of the occurrence of the breach on May 9, 2014, Touchstone did not provide notice of the breach until October, 2014, months after OCR and FBI notified it of the breach.   See here.

    OCR’s investigation found Touchstone breached HIPAA before and after the breach.  OCR’s investigation  found before the breach, Touchstone failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its electronic PHI (ePHI), and failed to have business associate agreements in place with its vendors, including their IT support vendor and a third-party data center provider as required by HIPAA.   OCR also found Touchstone did not thoroughly investigate the security incident until several months after notice of the breach from both the FBI and OCR.  Consequently, Touchstone’s notification to individuals affected by the breach also was untimely.

    To resolve OCR charges arising from these events, Touchstone agreed to pay OCR $3,000,000.  In addition to the monetary settlement, Touchstone will undertake a robust corrective action plan that includes the adoption of business associate agreements, completion of an enterprise-wide risk analysis, and comprehensive policies and procedures to comply with the HIPAA Rules.

    The Resolution Agreement illustrates the expensive price Covered Entities risk from failing to conduct risk assessments, obtain business associate agreements and fulfill other HIPAA requirements before a breach, then failing to promptly investigate, provide notification and redress a breach when discovered.  Covered Entities should learn from the painful lesson learned by Touchstone by reconfirming the adequacy of their current HIPAA  compliance and using care to timely and adequately investigate and provide notification if and when a breach occurs.

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third party administrative services organizations and other payer organizations;  billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompassess advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

    Ms. Stamer has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

    Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

    A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.


    Health Plans Must Share PHI To Apps When Members Request, Responsible For Security On Plan-Sponsored Apps

    April 30, 2019

    Health plans must deliver electronic protected health information (“ePHI”) to electronic applications or software (“apps”) used by plan members, and are responsible under the Health Insurance Portability & Accountability Act (“HIPAA”) Privacy and Security Rules for the security of electronic protected health information (“ePHI”) on apps they sponsor or provide, according to new guidance from the Department of Health & Human Services (“HHS”) Office of Civil Rights (“OCR”).

    With health plans and their sponsors and insurers increasingly offering or promoting the use of apps to plan members members to access, maintain and use their health information, health plans, health care providers, health care clearinghouses and their business associates (“covered entities”) covered by HIPAA must understand and be prepared meet their HIPAA responsibilities to provide and protect ePHI to and on these apps, but may want to rethink sponsoring or providing a particular app for that purpose.

    New HIPAA FAQ guidance (the “FAQs”) from OCR that addresses the implications of HIPAA on covered entities responsibility when asked to share or for ePHI shared or stored on apps or application programming interfaces (“APIs”) systems, covered entities have a legal obligation to disclose ePHI to an app when subjects of the ePHI or their personal representatives request such disclosures. However, the FAQs also state a covered entity or its business associates won’t be responsible for the security of the data shared to the app unless it sponsors or provides it. 

    pends upon whether the AP or API interface provider is a business associate of the covered entity versus just a third-party provider whose involvement and receipt of the PHI is requested and arranged by the subject of the PHI.

    Covered Entities Obligated To Disclose ePHI to Apps Chosen By Individuals

    The FAQs make crystal clear that covered entities do not have the option of refusing to share ePHI to an app when requested to do so by the subject of the ePHI or its personal representative. The FAQs states that covered entities cannot refuse to disclose ePHI to an app chosen by an individual because of concerns about how the app will use or disclose the ePHI it receives. In this regard, the FAQs state that the HIPAA Privacy Rule generally prohibits a covered entity from refusing to disclose ePHI to a third-party app designated by the individual if the ePHI is readily producible in the form and format used by the app. See 45 CFR 164.524(a)(1), (c)(2)(ii), (c)(3)(ii).According to the FAQ, the HIPAA Rules do not impose any restrictions on how an individual or the individual’s designee, such as an app, may use the health information that has been disclosed pursuant to the individual’s right of access. For instance, a covered entity is not permitted to deny an individual’s right of access to their ePHI where the individual directs the information to a third-party app because the app will share the individual’s ePHI for research or because the app does not encrypt the individual’s data when at rest.According to the FAQs, the liability a covered entity or business associate bears for sharing ePHI to an App under the HIPAA Privacy, Security, or Breach Notification Rules (HIPAA Rules) depends on the relationship between the covered entity and the app.

    Breaches of Health Information Disclosed To An App

    If an app that is neither a covered entity nor a business associate of the covered entity under HIPAA receives ePHI at the request of the subject or its personal representative, the FAQ states that the shared ePHI is no longer subject to the protections of the HIPAA Rules. Thus if the individual’s app – chosen by an individual to receive the individual’s requested ePHI – was not provided by or on behalf of the covered entity (and, thus, does not create, receive, transmit, or maintain ePHI on its behalf), the covered entity would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app. For example, the covered entity would have no HIPAA responsibilities or liability if such an app that the individual designated to receive their ePHI later experiences a breach. See also, See also OCR FAQ 2039, “What is the liability of a covered entity in responding to an individual’s access request to send the individual’s PHI to a third party.In contrast, however, the FAQ states that if the app was developed for, or provided by or on behalf of the covered entity – and, thus, creates, receives, maintains, or transmits ePHI on behalf of the covered entity – the covered entity could be liable under the HIPAA Rules for a subsequent impermissible disclosure because of the business associate relationship between the covered entity and the app developer. For example, if the individual selects an app that the covered health care provider uses to provide services to individuals involving ePHI, the FAQs state that the health care provider may be subject to liability under the HIPAA Rules if the app impermissibly discloses the ePHI received.

    Transmission of ePHI to App Using Unsecured Method

    The FAQs also address the potential exposures of covered entities and their business associates arising from the transmission of ePHI to an App using an unsecure method. According to the FAQs, the access rights HIPAA guarantees to individuals allows an individual to request that a covered entity to direct their ePHI to a third-party app in an unsecure manner or through an unsecure channel. See 45 CFR 164.524(a)(1), (c)(2)(ii), (c)(3)(ii). For instance, an individual may request that their unencrypted ePHI be transmitted to an app as a matter of convenience. The FAQ states that a covered entity that transmits ePHI through an unsecured means under such circumstances would not be responsible for unauthorized access to the individual’s ePHI while in transmission to the app. With respect to such apps, however, the FAQs also suggest that the covered entity may want to consider informing the individual of the potential risks involved the first time that the individual makes the request.

    Post Transmission Exposure of Covered Entity’s EHR Systems Developer

    The FAQ also discusses the potential exposure of a covered entity’s electronic health record (EHR) system developer under HIPAA after completing the transmission on behalf of a covered entity of ePHI to an app designated by the subject of the ePHI. According to the FAQs, the exposure of the HER system developer depends on the relationship, if any, between the covered entity, the EHR system developer, and the app chosen by the individual to receive the individual’s ePHI. A business associate relationship exists if an entity creates, receives, maintains, or transmits ePHI on behalf of a covered entity (directly or through another business associate) to carry out the covered functions of the covered entity. A business associate relationship exists between an EHR system developer and a covered entity. If the EHR system developer does not own the app, or if it owns the app but does not provide the app to, through, or on behalf of, the covered entity – e.g., if it creates the app and makes it available in an app store as part of a different line of business (and not as part of its business associate relationship with any covered entity) – the EHR system developer would not be liable under the HIPAA Rules for any subsequent use or disclosure of the requested ePHI received by the app.If the EHR system developer owns the app or has a business associate relationship with the app developer, and provides the app to, through or on behalf of, the covered entity (directly or through another business associate), however, the FAQs state the EHR system developer then potentially could face HIPAA liability (as a business associate of a HIPAA covered entity) for any impermissible uses and disclosures of the health information received by the app. For example, if an EHR system developer contracts with the app developer to create the app on behalf of a covered entity and the individual later identifies that app to receive ePHI, then the EHR system developer could be subject to HIPAA liability if the app impermissibly uses or discloses the ePHI received.

    Covered Entity’s Duty To Enter Into Business Associate Agreement Depends Upon Relationship

    Likewise, the FAQs also state that whether HIPAA requires a a covered entity or its EHR system developer to enter into a business associate agreement with an app designated by the individual in order to transmit ePHI to the app depends upon the relationship between the app developer and the covered entity and/or its EHR system developer. A business associate is a person or entity who creates, receives, maintains or transmits PHI on behalf of (or for the benefit of) a covered entity (directly or through another business associate) to carry out covered functions of the covered entity. An app’s facilitation of access to the individual’s ePHI at the individual’s request alone does not create a business associate relationship. Such facilitation may include API terms of use agreed to by the third-party app (i.e., interoperability arrangements).HIPAA does not require a covered entity or its business associate (e.g., EHR system developer) to enter into a business associate agreement with an app developer that does not create, receive, maintain, or transmit ePHI on behalf of or for the benefit of the covered entity (whether directly or through another business associate).  However if the app was developed to create, receive, maintain, or transmit ePHI on behalf of the covered entity, or was provided by or on behalf of the covered entity (directly or through its EHR system developer as the covered entity’s business associate), then a business associate agreement would be required.

    Health Plan & Other Covered Entity Take Aways

    The new FAQ raises several action items for health plans, their sponsoring employers or unions, fiduciaries, administrators, brokers and insurers as well as other covered entities.  Among other things, health plans and other covered entities must recognize and be prepared currently to provide PHI to subjects of that information on the apps of the requesting individual’s preference within the time frames dictated by HIPAA.  Health plans and other covered entities need to recognize that the FAQs reflect this is a current, not future responsibility.

    Second, health plans, health care providers and others that have or are considering providing apps or other tools to health plan members or patients for use in accessing or using PHI also generally need to recognize that the health plan or health care provider generally will bear responsibility under HIPAA for the adequacy of the security of the apps provided by or on behalf of the health plan or health care provider.  Given the general responsibility to provide PHI to any apps designated by a subject of PHI, many health plans and health care providers may wish to reconsider whether providing or endorsing a particular app continues to make sense taking into account the HIPAA data privacy and security responsibilities and risks attendent to maintaining the security of PHI stored and accessed using those tools.  Those electing to provide apps or other tools need to take steps to ensure the current and future adequacy of the data security of the app and its associated storage and other components including any future modifications to those tools. 

    Furthermore,  health plans and other covered entities also should consider the advisability of revising existing notices and authorizations in response to the new FAQs.  For instance, health plans, health  care providers and others supplying PHI to an app designated by the requesting individual may want to consider revising forms to document the direction and consent of the requestor to the electronic delivery of the PHI to the designated app to better position themselves to claim the protection against liability for breaches on these subject designate apps described in the FAQs.  Meanwhile, health plans or other covered entities providing apps also may wish to weigh options for supplementing disclosures to mitigate potential risks from use or failure to upgrade apps that might be viewed as covered entity provided or sponsored.   

    Certainly, before sponsoring or allowing a business associate to offer or provide an app or other similar solution, health care providers and other covered entities must ensure that the business associate agreement requirements of HIPAA are met from the app developer and others providing services or the app as business associates to the covered entity.  Covered entities also should take steps to ensure that the interfaces between the apps and other systems are properly secured at the point of implementation and during any subsequent upgrades keeping in mind that OCR guidance expects covered entities to reconfirm security for any system, software or app upgrades.  Meeting this expectation for apps within the possession of patients or plan members can present special challenges requiring careful planning. 

    Have questions about the new FAQs or other health care regulatory developments or their implications on your organization, contact the author.  You also are invited to stay abreast of these and other health care developments by participating in our Solutions Law Press, Inc. Linkedin HR & Benefits Update LinkedIn Group or COPE: Coalition On Patient Empowerment Group or Project COPE: Coalition on Patient Empowerment Facebook Page.

     

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;  managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third party administrative services organizations and other payer organizations;  billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompassess advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

    Ms. Stamer has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

    Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

    A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

     


    Tell Employees, Plan Members About April 27 National Prescription Drug Take Back Day

    April 11, 2019

    Employers and their health plans should encourage employees, health plan members and their families to dispose of outdated and unused medications cost effectively on the upcoming National Prescription Drug Take Back Day on April 27, 2019.

    Led by the Drug Enforcement Administration (DEA), for several years, the National Prescription Drug Take Back Day celebrations provide U.S. families an opportunity to safety dispose of unused or expired prescription pain and other medications cost effectively by dropping them off at one of  4,000 collection sites.

    Expired and unused medications present a host of safety risks. 

    Educating employees, plan members and their family about the importance of properly disposing of unused and expired medication is important. Medications generally only should be used by the patient for whom they are prescribed and within the period before their scheduled expiration.  Keeping unused or expired medication creates a host of risks for patients and others in their families and communities.   Unneeded or unused painkillers, attention and anxiety medications and other prescriptions often are diverted to recreational or other use by patients other than the individual for whom they were prescribed.

    Risk also can arise when a patient prescribed a medication consumes it after its originally intended consumption period.  Pain, anxiety or other prescription medications used after their originally intended period of use may create safety issue due to interactions with conditions or medications not contemplated when originally ordered, may be used with good intentions for the wrong purposes, or even used by patients in  an unsafe or abusive manner.  Patients may delay or undermine their recovery from a new condition by self-treating a new condition by taking previously physician prescribed antibiotics or other medications ineffective or contraindicated for the new condition the patient seeks to treat.

    Expired medications also create risks from  loss of potency or other instability that can occur after their expiration date.  As a consequence, disposing of extra or expired medication is an important part of safe medication management. 

    On the other hand, disposing of unused or outdated medication can be challenging.  Throwing medication in unsecured trash disposal creates risks of improper access, contamination of water and other environment or both.  Washing unused medications down the drain or flushing them down toilets also creates contamination concerns.  However, finding a no or low-cost place to dispose of unneeded or expired medication historically has been challenging.  While many pharmacies offer disposal packages, chargers to use these services generally are expensive. 

    National Prescription Drug Take Back Day helps educate Americans about the need for timely proper medication disposal and management while also providing a cost effective means for disposing of unused medications safely.  Individuals can drop off unneeded prescription drugs at one of the 4,000 collection sites identifiable using the Site Collection Locator.

    Health plans, employers, health care providers, churches, schools, parent teacher associations and other community organizations are encouraged to help spread the word and encourage participation in the April 27 observances using the free  promotional materials or other related resources included in the National Prescription Drug Take Back Day Toolbox.

    Tips and tools for medication management are just some of the tools and training included in the Family Health Care Toolkit Resources and Program authored by Ms. Stamer. Want to learn more?  Know other challenges, issues or resources?  Solutions Law Press invites you to join the discussion and learn and share more about health, disability and aging challenges, needs, resources and victories on Facebook @projectcopecoation and/or in the Project Cope LinkedIn Group. Learn and discuss about Human Resources and employee benefit practices and requirements by joining the discussion in our HR & Benefits Compliance Group.

    About The Author

    Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition  as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits”  and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

    Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management,  crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.  Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy and governmental and regulatory affairs experience, Ms. Stamer also is widely recognized for regulatory and policy work, advocacy and outreach on healthcare, education, aging, disability, savings and retirement, workforce, ethics, and other policies.  Throughout her adult life and career, Ms. Stamer has provided thought leadership; policy and program design, statutory and regulatory development design and analysis; drafted legislation, proposed regulations and other guidance, position statements and briefs, comments and other critical policy documents; advised, assisted and represented health care providers, health plans and insurers, employers, professional. and trade associations, community and government leaders and others on health care, health, pension and retirement, workers’ compensation, Social Security and other benefit, insurance and financial services, tax, workforce, aging and disability, immigration, privacy and data security and a host of other international and domestic federal, state and local public policy and regulatory reforms through her involvement and participation in numerous client engagements, founder and Executive Director of the Coalition for Responsible Health Policy and its PROJECT COPE: the Coalition on Patient Empowerment, adviser to the National Physicians Congress for Healthcare Policy, leadership involvement with the US-Mexico Chamber of Commerce, the Texas Association of Business, the ABA JCEB, Health Law, RPTE, Tax, Labor, TIPS, International Life Sciences, and other Sections and Committees, SHRM Governmental Affairs Committee and a host of other  involvements and activities.  The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked closely with a diverse range of health care providers, managed care, insurance and other health care payers, quality assurance, credentialing, technical, research, public and private social and community organizations, foreign and US federal, state and local agencies and others on health care, aging, disability, savings and other process improvement, change management; regulatory affairs and public policy and other concerns.

    A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE:  Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children);  current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    Recognized for her pragmatic and insightful thoughleadership, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.. Health Care Compliance Association, Atlantic Information Service, and others.

    For more information about Ms. Stamer or her services, credentials, publications,  involvements or presentations, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating  your profile here.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™   All other rights reserved.   For information about republication or other use, please contact Ms. Stamer here.

     


    Consider Employee Recess In Your Employee Wellness Programi

    March 27, 2019

    Adding employee recess to the workday schedule could be a cost effective wellness tool based on health research recently reported by the National Institutes on Health (“NIH”).

    Sedentary work and lifestyles fuel many of the heath risks and costs targeted by employer and health benefit employee wellness programs.

    With most American adults now spending an average of 11 to 12 hours a day sitting, sedentary work and life styles present leading disease and health cost drivers. Research showing long periods of sitting increase the risk of heart disease and death overall make finding ways to counteract the negative health effects of sedentary lifestyles a key objective of many wellness and public health initiatives. However questions exist about the effectiveness and return on investment of many of the wellness program strategies and tools in the marketplace in producing meaningful changes in employee health or health related behavior.

    Findings of research recently announced by NIH suggests giving employees movement breaks for as little as 30 minutes a day could counteract the adverse health effects of their sedentary work. See Light activity may lower harmful effects of sitting.

    According to NIH, a study of nearly 8000 people aged 45 or older found as little as 30 minutes of light activity per day may reduce the risk of death incurred by sitting. Replacing sitting with just a few minutes of movement at a time provided health benefits.

    NIH reports researchers found that any amount of activity was better than sitting. People who swap 30 minutes of sitting for 30 minutes of light-intensity activity per day would have a 17% lower risk of death. Light-intensity activities include walking and doing chores that require moving around.

    People who swap 30 minutes of sitting for 30 minutes of moderate to vigorous physical activity per day would have a 35% lower risk of death from any cause. These types of activities can include jogging, bicycling, and playing sports.

    But people didn’t have to move for a full 30 minutes in a row to benefit. Even smaller intervals to break up periods of sitting—including from just 1 to 5 minutes of activity—reduced the risk of death.

    NIH also reports positive effects of movement were seen regardless of age, race, weight, smoking and drinking patterns, or existing health problems.

    Small amounts of movement mainly benefitted people who didn’t already have an active lifestyle. For people who had a low activity level overall, taking modest activity breaks made a big difference in the risk of death. For people who already had a high level of activity during the day, however, no additional benefit was seen from a little extra movement.

    The findings of the health benefit of movement breaks is consistent with findings of a growing series of other recent health studies showing getting adults and children moving during the day even for short periods during the day can produce major heath benefits. See, e.g. Brief Activity Breaks May Benefit Children’s Health; Physical Activity Program Helps Maintain Mobility; Moderate Exercise May Improve Memory in Older Adults. The message is clear: Even modest increases in activity can reduce risk for many serious conditions, including heart disease, diabetes, certain kinds of cancer, and some types of depression and cognitive disorders. 

    The research also shows that the health benefits can come from engaging in light or moderate movement activities as little as 30 minutes a day even if these activities are broken up and not participation in traditional exercise. Healthful physical activity includes exercise as well as many everyday activities, such as doing active chores around the house, yard work, or walking the dog.

    Aerobic activities that make heart and blood vessels by healthier by causing individuals to breathe harder can include brisk walking, dancing, swimming, and playing basketball. Strengthening activities, like push-ups and lifting weights, help make your muscles and bones stronger and can also improve balance.

    While the benefits of movement are clear, too many employees fail to do it. Although most people know that physical activity is a good thing, most adults nationwide don’t meet even the minimum recommended amounts of physical activity of at least 30 minutes of brisk walking or other moderate activity, 5 days a week.

    NIH-funded research has found that environment—where people live, work, or go to school—can have a big impact on how much individuals move and even how much they weigh. These findings suggest employers and communities can do many things to encourage their people to fit movement into their sedentary lifestyles.

    To create a work or other environment that encourages employees to get moving, NIH suggests looking for opportunities to change the environment so activity is an easier choice for workers to make.

    Some suggestions include:

    • Structuring meetings, job duties and other activities to require or encourage sedentary workers to stand up, walk and move around periodically throughout the day;
    • Providing access to walking sidewalks, trails and other places workers can walk and encouraging workers to use them;
    • Encouraging workers to walk or take public transportation to lunch or other meetings when feasible rather than drive;
    • Encouraging people to walk and talk rather than sitting while holding discussions;
    • Encouraging workers to find waking buddies to walk to lunch or share other exercise breaks or activities with in and outside the workplace;
    • Encouraging management and employees to incorporate stretching or other movement breaks into meetings and other gatherings; and
    • Encouraging people to take the stairs and walk to meet fellow employees in person rather than communicating by phone or e-mail when practical.

    While each workplace presents different opportunities and challenges, the message from the research is clear: Getting your people moving can produce meaningful health and health and disability cost savings. Maybe it’s time for your company to add short movement recesses to its employees’ day to capitalize on these benefits.

    Want to learn, share or discuss other human resources, benefits and compensation, or health and wellness management developments and ideas? We invite you to share your own best practices ideas and resources and join the discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating in and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, she is nationally recognized for her leading edge work, publications, advocacy and programs on making compliant wellness and disease management programs that work and other health and disability plans and management strategies and concerns.

    Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;   domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations;  and other private and government organizations and their management leaders.

    Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline;  handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as the following:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.  We also invite you to join the discussion of these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.


    Use 3/26 Diabetes Alert Day Resources To Jumpstart Your Diabetes Management & Cost Containment Efforts

    March 26, 2019

    Employers, health plans and others concerned about managing the high medical, disability and other costs of Type 2 Diabetes should use today’s annual Diabetes Awareness Day observances and resources to beef up their efforts and tools.

    With 1 in 3 adult Americans at risk for Type 2 diabetes, the Centers for Disease Control (“CDC”) and other public and private organizations partnering in The National Diabetes Prevention Program are urging all Americans, their health plans, state and local agencies and communities to protect themselves and join their fight to prevent or delay Type 2 diabetes.

    Celebrated every year on the fourth Tuesday in March, Diabetes Alert Day promotes awareness of the prevalence and risks of undiagnosed or unmanaged Type 2 Diabetes to Americans, American taxpayers, health benefit programs and their communities.

    • More than 30 million people in the United States have diabetes and an additional 84 million adults—over a third—have prediabetes, and 90% of them don’t know they have it.
    • Diabetes is the 7th leading cause of death in the United States (and may be underreported).
    • Type 2 diabetes accounts for about 90% to 95% of all diagnosed cases of diabetes; type 1 diabetes accounts for about 5%.
    • In the last 20 years, the number of adults diagnosed with diabetes has more than tripled as the American population has aged and become more overweight or obese
    • Undiagnosed or unmanaged Type 2 diabetes threatens serious and disabling medical risks for afflicted individuals that also are financially costly for patients and their families, their health plans, taxpayers and communities.

    Type 2 diabetes usually starts during adulthood; however, children, teens, and young adults increasingly also are developing it. Since Type 2 diabetes symptoms often develop over several years and can go on for a long time without being noticed it’s important individuals know the factors for Type 2 Diabetes and that people with these symptoms visit their doctor promptly.

    Fortunately, Type 2 Diabetes and its costs often can be prevented or minimized through appropriate diagnosis and treatment. That’s why the CDC and its partners are urging all Americans, the employers, health plans, health care providers and communities to join the fight against Type 2 Diabetes.

    To start with, the CDC and its partners ask every American to learn their risk for diabetes by taking the online Type 2 Diabetes Risk and promote use of CDC-recognized lifestyle change programs to individuals suffering or at risk for Type 2 diabetes.

    The CDC and its partners also are asking American families, health care providers, employers and their health benefit programs, federal, local and state governments and communities to help identify and get people at risk or suffering from Type 2 diabetes involved in making appropriate lifestyle changes and other activities to help manage their Type 2 Diabetes and offers a multitude of free tools and resources to help promote Type 2 Diabetes Awareness and assist in its prevention and treatment.

    Employers and their health plans and insurers should consider participating in Diabetes Alert Day and using some of the resources provided by CDC and other partners to beef up their Type 2 and other Diabetes prevention, screening and management efforts.  Appropriate use of these resources could help mitigate exposure to the high medical, disability, productivity and other costs that employers and their health plans generally incur when employees or their family members suffer from undiagnosed or unmanaged diabetes.  When utilizing these resources, however, employers and their health plan fiduciaries, insurers and administrators are reminded to use care to implement and administer these wellness and other programs in a manner that complies with the Americans With Disabilities Act (“ADA”), Health Insurance Portability & Accountability Act, Internal Revenue Code and other federal and state requirements concerning the design and administration of wellness and disease management programs including recent updates in the Equal Employment Opportunity Commission’s regulations and enforcement positions under the ADA.

    Learn more about Type 2 Diabetes cost modeling, screening, prevention and other participant education resources in our companion article in the Project Cope: Coalition for Patient Empowerment Newsletter.  We also invite you to share your own best practices ideas and resources and join the discussions about these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;   domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations;  and other private and government organizations and their management leaders.

    Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, FMLA and other leave, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline;  handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; audits, investigations, enforcement and defense; Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as the following:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.


    IRS Updates 2019 Compensation Table

    March 14, 2019

    Employee benefit plan sponsors, fiduciaries, administrators and advisors should review and update their benefit and compensation plan designs and testing in response to the just released tables of covered compensation under § 401(l)(5)(E) of the Internal Revenue Code and related regulations for the 2019 plan year in new Revenue Ruling 2019-06.

    The new tables are available in the advance release copy of Revenue Ruling 2019-06, scheduled for official publication in Internal Revenue Bulletin 2019-14 on April 1, 2019.

    The Revenue Ruling provides tables of covered compensation under § 401(l)(5)(E) of the Internal Revenue Code and related regulations for the 2019 plan year.

    For this purpose, covered compensation is average of the contribution and benefit bases in effect under section 230 of the Social Security Act for each year in the 35 year period ending with the year in which an employee attains social security retirement age.

    As the change will impact plan contribution limits, discrimination testing and other plan and contribution design and administration, employer and other plan sponsors, fiduciaries, administrators and service providers should evaluate the effects of the adjustments so as to maximize their ability to anticipate and respond to the adjustments.

    About the Author

    Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

    Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors;   domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations;  and other private and government organizations and their management leaders.

    Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline;  handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.

    Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

    A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

    Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

    For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

    About Solutions Law Press, Inc.™

    Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as the following:

    If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.

    NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

    Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

    ©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication or the topic of this article, please contact the author directly. All other rights reserved.


    Record-Setting 2018 Enforcement Show Proactive Health Plan HIPAA Compliance & Risk Management Need

    February 7, 2019

    Health plans and their employer and other sponsors, fiduciaries, administrators and other service providers, as well as health care providers, health care clearinghouses and their business associates (“Covered Entities”) should reconfirm the adequacy of their Health Insurance Portability and Accountability Act (“HIPAA”) compliance and risk management in light the U.S Department of Health and Human Services Office of Civil Rights (“OCR”) February 7, 2019 announcement that its 2018 year-end $3 Million Resolution Agreement with California-based Cottage Health increased OCR’s already record-setting enforcement recoveries in 2018 to nearly $28.7 million in a year already distinguished by OCR’s collection of a record-setting $16 million resolution payment against health insurance giant Anthem.  Along with acting to ensure their own organization’s ability to defend their HIPAA compliance, Covered Entities and their leaders also should take advantage of the opportunity to provide input to OCR on opportunities for simplifying and improving OCR’s HIPAA regulations and enforcement by submitting relevant comments by February 12, 2019 to a Request for Information published by OCR in December that invites suggestions for simplifying or making other improvements to OCR’s current HIPAA guidance as well as monitoring and responding to other new and proposed regulatory developments.

    2018 Cottage Health Resolution Agreement

    According to OCR’s February 7, 2019 announcement, Cottage Health agreed in OCR’s final settlement of 2017 to pay OCR $3 million and to adopt a substantial corrective action plan to settle charges of HIPAA violations resulting from OCR’s investigations into two HIPAA Breach notifications Cottage Health filed regarding breaches of unsecured electronic protected health information (ePHI) affecting over 62,500 individuals.

    • A December 2, 2013 breach notification that the removal of electronic security protections by a Cottage Health contractor rendered ePHI such as patient names, addresses, dates of birth, diagnoses/conditions, lab results and other treatment information of 33,349 individuals on a Cottage Health server accessible for download without a username or password from the internet to anyone outside Cottage Health.  In an update to its original report filed on July 2, 2014, Cottage Health increased the number of individuals affected by this breach to 50,917. OCR’s investigation determined that security configuration settings of the Windows operating system permitted access to files containing ePHI without requiring a username and password.  As a result, patient names, addresses, dates of birth, diagnoses, conditions, lab results and other treatment information were available to anyone with access to Cottage Health’s server.
    • A December 1, 2015, that the misconfiguration of a server following an IT response to a troubleshooting ticket, exposed unsecured ePHI including patient names, addresses, dates of birth, social security numbers, diagnoses, conditions, and other treatment information of 11,608 individuals over the internet.

    Based upon its investigation into the two breach reports, OCR concluded Cottage Health violated HIPAA by failing to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the ePHI; failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level; failed to perform periodic technical and non-technical evaluations in response to environmental or operational changes affecting the security of ePHI; and failed to obtain a written business associate agreement with a contractor that maintained ePHI on its behalf.

    To resolve its exposure to potentially must greater civil monetary sanctions that OCR might seek for such potential violations under HIPAA’s civil monetary sanction rules, Cottage Health entered into December, 2018 Resolution Agreement to pay the $3 million settlement and undertake what OCR characterizes as “a robust corrective action plan to comply with the HIPAA Rules.” Among other things, the corrective action plan requires Cottage Health to:

    • Conduct an enterprise-wide risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by Cottage Health (“Risk Analysis”) that OCR views as satisfactory to meet the requirements of 45 CFR 164.308(a)(1)(ii)(A);
    • Develop and implement a risk management plan to address and mitigate any security risks and vulnerabilities identified in the Risk Analysis acceptable to OCR;
    • Implement a process for regularly evaluating environmental and operational changes that affect the security of Cottage Health’s  ePHI;
    • Develop, maintain, and revise, as necessary, written policies and procedures to comply with the Federal standards that govern the privacy and security of individually identifiable health information under 45 C.F.R. Part 160 and Subparts A, C, and E of Part 164 (the “Privacy Rule” and “Security Rule”).
    • Distribute to and conduct training on the HIPAA policies and procedures from all existing and new members of the Cottage Health workforce with access to PHI.  Additionally, Cottage Health require all workforce members that have access to PHI to certify their receipt of, understanding and commitment to comply with the HIPAA Policies before allowing access to PHI and must deny access to PHI to any workforce member that has not provided the required certification.
    • Submit to ongoing notification and reporting requirements to keep OCR informed about its compliance efforts.

    2018 Record Setting HIPAA Enforcement Year

    The final Resolution Agreement negotiated by OCR in 2018, the $3 million Cottage Health Resolution Agreement signed on December 11, 2018 added to an already record-setting year of HIPAA enforcement recoveries by OCR.  In addition to recovering the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc.  OCR’s recovery of the following HIPAA settlements and fines totaling nearly $28.7 million surpassed its previous 2016 record of $23.5 million by 22 percent.

    Date Name

    Amount

    Jan. 2018 Filefax, Inc (settlement) $      100,000
    Jan. 2018 Fresenius Medical Care North America (settlement) $   3,500,000
    June 2018 MD Anderson (judgment) $   4,348,000
    Aug. 2018 Boston Medical Center (settlement) $      100,000
    Sep. 2018 Brigham and Women’s Hospital (settlement) $      384,000
    Sep. 2018 Massachusetts General Hospital (settlement) $      515,000
    Sep. 2018 Advanced Care Hospitalists (settlement) $      500,000
    Oct. 2018 Allergy Associates of Hartford (settlement) $      125,000
    Oct. 2018 Anthem, Inc (settlement) $ 16,000,000
    Nov. 2018 Pagosa Springs (settlement) $      111,400
    Dec. 2018 Cottage Health (settlement) $   3,000,000