Insurance | | Page 3

Some Group Health Plans Face 8/18 Deadline To Correct Form 8963 Under Notice 2014-47 Risk Adjustment Fee Guidance

August 12, 2014

Group health plan sponsors and third party administrators of certain group health plans who already filed their Form 8963, “Report of Health Insurance Provider Information,” who expect that their group health plan will be exempt in the 2014 fee year from the temporary risk adjustment fee assessment imposed by the Patient Protection & Affordable Care Act (ACA) based on impending guidance scheduled for publication on September 2, 2014 in Notice 2014-47 may need to act quickly to meet the August 18, 2014 deadline for filing a corrected Form 8963, “Report of Health Insurance Provider Information.”

The temporary reinsurance fee and risk adjustment provisions of ACA are intended to generate $25 billion in revenues from assessments on insured and self-insured group health plans that the federal government plans to use to partially reimburse commercial insurers writing policies in public exchanges for individuals with high health care costs.

ACA generally provides that the reinsurance fee applies to covered entities that are not excluded under ACA in 2014, 2015, and 2016. Under Final Rules published March 5, 2014, the insurer pays the fee for insured plans but where a group health plan is self-insured, the plan itself pays the fee. Final Rules published March 5, 2014 provide that self-insured and self-administered plans are exempt from the fees in 2015 and 2016, however.

The reinsurance fee equals the yearly rate times the number of plan participants. The yearly rate is $63 for 2014, $44 for 2015, and to be announced for 2016.

ACA § 9010 generally requires payment of the temporary risk adjustment fee ($64 per covered person for 2014) by every “covered entity. ACA § 9010 defines the term “covered entity” to include every entity that provides health insurance for any United States health risk during the calendar year in which the fee is due (the fee year) other than those excluded under ACA § 9010(c)(2). However, ACA § 9010(c)(2) generally excludes from the definition of covered entity:

Self-insured employers;
Governmental entities;
Certain nonprofit corporations; and
Non-employer established voluntary employees beneficiary associations under Internal Revenue Code § 501(c)(9) entities.

Notice 2014-47 scheduled for publication on September 2 by the Department of Treasury (Treasury) will clarify the group health plans exempted from the obligation to pay the temporary risk adjustment fee imposed by Section 9010 of ACA on “covered entities” in IRB 2014-36 will clarify:

When a group health plan qualifies as excluded from the general definition of “covered entity” under the exclusions set forth in ACA § 9010(c)(2); and
That a controlled group does not have to report for a controlled group member who would not qualify as a covered entity in the 2014 fee year if it were a single-person covered entities.

According to Notice 2014-47:

For the 2014 fee year, the IRS and Treasury will not treat any entity as a covered entity if it is excluded from the definition of a covered entity because it qualifies for one of the exclusions under § 9010(c)(2) for the entire 2013 data year or qualifies for one of the exclusions under § 9010(c)(2) for the entire 2014 fee year, which began on January 1, 2014. Since the IRS and Treasury will not treat such an entity as a covered entity, it should not report its net premiums written for the 2013 data year.
For the 2014 fee year, a controlled group must report net premiums written only for those persons who are controlled group members at the end of the day on December 31 of the 2013 data year and who would qualify as a covered entity in the fee year if it were a single-person covered entity. A controlled group should not report net premiums written for any controlled group member who would not qualify as a covered entity in the 2014 fee year if it were a single-person covered entity. Such entity will be treated as a member of the controlled group for other purposes, however, such as joint and several liability for the fee amount allocated to the controlled group.
The IRS and Treasury will publish additional guidance in the future about the scope of the exclusions in ACA § 9010(c)(2) from the general definition of the term covered entity for fee years after the 2014 fee year.
Any entity that needs to correct a previously submitted Form 8963, “Report of Health Insurance Provider Information,” due to the clarification provided in this notice must do so by faxing the corrected Form 8963 to 877-797-0235 (a toll-free number) no later than Monday, August 18, 2014. The IRS cannot process a Form 8963 received after this date. The IRS and Treasury recognize that entities will not know whether they qualify for one of the exclusions under § 9010(c)(2) for the entire 2014 fee year until the end of 2014. Entities that reasonably project that they will qualify for an exclusion under § 9010(c)(2) for the entire 2014 fee year may submit a corrected Form 8963 on or before August 18, 2014, even though the 2014 fee year is not yet over.

The clarifying guidance of Notice 2014-47 comes as the Department of Health & Human Services (HHS) is warning group health insurers third party administrators (TPAs) of self-insured group health plans that are covered entities to get moving on their preparations to register and conduct required interactions with the EDGE Server that HHS plans to use to collect and administer the data necessary to administer the temporary reinsurance fee and risk adjustment provisions of ACA by mid-September, 2014.

Group health plans and their administrators are urged to evaluate and confirm their status and if necessary, file a corrected Form 8963 no later than August 18, 2014. Additionally, any health insurance issuer or non-excepted group health plan should ensure that appropriate arrangements are in place to fulfill responsibilities for registration and use of the EDGE system as required to meet the reporting requirements.

For Advice, Training & Other Resources

If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, an ABA Joint Committee On Employee Benefits Council representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a Fellow in the American College of Employee Benefit Counsel, ABA, and State Bar of Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health plans and insurers about ACA, and a wide range of other plan design, administration, data security and privacy and other compliance risk management policies. Ms. Stamer also regularly represents clients and works with Congress and state legislatures, EBSA, IRS, EEOC, OCR and other HHS agencies, state insurance and other regulators, and others. She also publishes and speaks extensively on health and other employee benefit plan and insurance, staffing and human resources, compensation and benefits, technology, public policy, privacy, regulatory and public policy and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to participate in the distribution of these and other updates on our HR & Employee Benefits Update distributions here including:

NOTE: This article is provided for educational purposes. It is does not establish any attorney-client relationship nor provide or serve as a substitute for legal advice to any individual or organization. Readers must engage properly qualified legal counsel to secure legal advice about the rules discussed in light of specific circumstances.

The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. The Regulations now require that either we (1) include the following disclaimer in most written Federal tax correspondence or (2) undertake significant due diligence that we have not performed (but can perform on request).

ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, or (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Comments Off on Some Group Health Plans Face 8/18 Deadline To Correct Form 8963 Under Notice 2014-47 Risk Adjustment Fee Guidance | Employee Benefits, Employers, ERISA, Health Plans, Human Resources, Insurance, MEWA, Reporting & Disclosure, Uncategorized | Tagged: 105(h), ACA, Affordable Care Act, Code Section 4980H, Health Care Reform, Health Plans, Insurer, issuer, Patient Protection and Affordable Care Act, Pay or Play, Reinsurance Fee, Risk ADjustment, Skinny Plans, tpa | Permalink
Posted by Cynthia Marcotte Stamer

HHS Warns Insurers, TPAS Complete ACA Reinsurance & Risk Adjustment Edge Server Pre-Registration Steps By 9/27

August 8, 2014

The Department of Health & Human Services (HHS) is warning group health insurers third party administrators (TPAs) of self-insured group health plans and to get moving on their preparations to register and conduct required interactions with the EDGE Server that HHS plans to use to collect and administer the data necessary to administer the temporary reinsurance fee and risk adjustment provisions of the Patient Protection & Affordable Care Act (ACA). HHS says insurers and TPAs have work to complete by 9/27 to prepare to comply with the EDGE system data reporting that HHS will require them to conduct as part of ACA’s reinsurance premium and risk adjustment risk sharing provisions.

ACA provides that the reinsurance fee applies in 2014, 2015, and 2016. Under Final Rules published March 5, 2014, the insurer pays the fee for insured plans but where a group health plan is self-insured, the plan itself pays the fee. Final Rules published March 5, 2014 provide that self-insured and self-administered plans are exempt from the fees in 2015 and 2016, however.

The reinsurance fee equals the yearly rate times the number of plan participants. The yearly rate is $63 for 2014, $44 for 2015, and to be announced for 2016.

The Centers for Medicare and Medicaid Services (CMS) plans to run the first risk adjustment and reinsurance calculation estimates in mid-December, 2014 using data to be collected from insurers and TPAs on the EDGE system.

In an August 7, 2014 webinar, HHS gave issuers and TPAs an overview of the EDGE server implementation schedule and guidance on the key pre-registration tasks that must be completed prior to the start of the EDGE server registration process scheduled to begin on September 27, 2014.

HHS warned issuers and TPAs must be ready to start the EDGE registration process on September 27, 2014 in order to have sufficient time to set-up their servers and test their data submissions prior to the mid-December estimate calculations.

In the webinar, HHS outlined a series of key pre-registration activities that issuers and TPAs of self-insured health plans impacted by the new requirements need to complete between now and September 26, 2014, in order to prepare for EDGE implementation.

Review the pre-registration checklist, timeline and other information shared by CMS in the 90-minute presentation here.

For Advice, Training & Other Resources

Comments Off on HHS Warns Insurers, TPAS Complete ACA Reinsurance & Risk Adjustment Edge Server Pre-Registration Steps By 9/27 | Employee Benefits, Employers, ERISA, Health Plans, Human Resources, Insurance, MEWA, Reporting & Disclosure, Uncategorized | Tagged: 105(h), ACA, Affordable Care Act, Code Section 4980H, Health Care Reform, Health Plans, Insurer, issuer, Patient Protection and Affordable Care Act, Pay or Play, Reinsurance Fee, Risk ADjustment, Skinny Plans, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Review & Update HR & Benefit Practices For DOL Proposed Change In FMLA Regs, Other Rules Treating Some Same-Sex Couples As Spouses

July 8, 2014

August 11, 2014 is the deadline for employers and other interested individuals to comment on the U.S. Department of Labor’s Wage and Hour Division (DOL) June 27, 2014 Notice of Proposed Rulemaking (NPRM), which would amend the definition of spouse under the current Family and Medical Leave Act of 1993 (FMLA) regulations in light of the United States Supreme Court’s decision in United States v. Windsor, which ruled unconstitutional section 3 of the Defense of Marriage Act (DOMA). The proposed change is one of a series of regulatory changes that the Obama Administration has proposed or adopted since the Windsor decision.

DOL intends that the NPRM will replace the current definition of “spouse” its current FMLA regulations so that eligible employees in legal same-sex marriages will be able to take FMLA leave to care for their spouse or family member, regardless of where they live.

To accomplish this, the NPRM proposes to revise the current definition of spouse in the current FMLA regulations to define spouse as follows: Spouse, as defined in the statute, means a husband or wife. For purposes of this definition, husband or wife refers to the other person with whom an individual entered into marriage as defined or recognized under State law for purposes of marriage in the State in which the marriage was entered into or, in the case of a marriage entered into outside of any State, if the marriage is valid in the place where entered into and could have been entered into in at least one State. This definition includes an individual in a same-sex or common law marriage that either (1) was entered into in a State that recognizes such marriages or, (2) if entered into outside of any State, is valid in the place where entered into and could have been entered into in at least one State.

Among other things, this change will:

Replace the current “state of residence” rule with a rule that determines spousal status based on where the marriage was entered into (sometimes referred to as “place of celebration”) rule for determining marital status;
Revise the definition of spouse expressly to reference same-sex marriages in addition to common law marriages, and to encompass same-sex marriages entered into abroad that could have been entered into in at least one State.

The expanded definition of spouse will broaden the range of couples that employers and plans may be required to treat as spouses for purposes of the FMLA. This expansion also may result in the extension of rights with respect to parents or children of a same-sex partner for certain employment or employee benefit purposes. While the historical determination of parental relationships under the FMLA regulations based on a functional, rather than legalistic, test means that the proposed change will likely have less significance in this regard, employers and plans still should evaluate the potential implications of the expanded definition of spouse on its responsibilities with respect to the employees, their same-sex partners and the parents and children of the same-sex partners.

Also, many employers and employee benefit plans may be concerned about proposed language in the NPRM and other regulations requiring employers to decide if a marriage not valid in the United States could have been valid if performed within the United States. Likewise, as the number of states where same-sex partners can qualify as spouses continues to evolve as courts and legislatures act to require recognition of these relationships, many employers and plans may feel legitimate concerns about the operational demands of administering their human resources and employee benefit plans and policies with respect to individuals involved in same-sex relationships where the legal status of the relationship may evolve due to changes of law, creating responsibilities for the employer or plan with respect to relationships that it may not know exist or the status of which may change subsequent to a determination of marital status or other relevant decision. Employers and employee benefit plans should consider adopting practices to address these challenges to minimize the risk of incurring liability as a result of an oversight resulting from evolving status.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising employers, health plan and other employee benefit, insurance, financial services, health and other business clients about these and other matters. As a part of this involvement, Ms. Stamer has extensive experience advising employers, employee benefit plans, insurers, health care providers and others about the implications of DOMA and other rules impacting the identification of spouses and other family status protections under the FMLA and other Federal and state employment, tax, health care and other laws. She publishes and speaks extensively on these and other staffing and human resources, compensation and benefits, technology, health care, privacy, public policy, and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information concerning this communication click here. ©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.

Comments Off on Review & Update HR & Benefit Practices For DOL Proposed Change In FMLA Regs, Other Rules Treating Some Same-Sex Couples As Spouses | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: employment law, HIPAA, Retaliation, Whistleblower | Permalink
Posted by Cynthia Marcotte Stamer

Employee & Other Whistleblower Complaints Common Source of HIPAA Privacy & Other Complaints

July 7, 2014

Employer and other health plan sponsors, administrators, insurers and their business associates should heed both the lesson about properly protecting health plan documents with protected health information and the more subtle lesson about the role of employees and other whistleblowers in bringing these violations to the attention of regulators contained in the latest Health Insurance Portability & Accountability Act (HIPAA) resolution agreement as well as act to manage their potential employment related liability to workforce members reporting these violations

HIPAA’s Privacy, Security and Breach Notification Rules generally prohibit health plans, health care providers, health plans (Covered Entities) and their business associates from creating, using, accessing or disclosing protected health information except as allowed by HIPAA. In addition, HIPAA requires covered entities both to meet detailed criteria for protecting electronic protected health information and also to take reasonable steps to protect all protected health information, as well as meet other business associate, breach notification, and individual rights requirements.

Parkview Resolution Agreement

Late last month, the Department of Health & Human Services Office of Civil Rights (HHS) announced that complaints of a retiring physician over the mishandling of her patient records by Parkview Health System, Inc. (Parkview) prompted the investigation that lead Parkview to agree to pay $800,000 to settle charges that it violated HIPAA’s Privacy Rule.

The resolution agreement settles charges lodged by HHS based on an OCR investigation into the retiring physician’s allegations that Parkview violated the HIPAA Privacy Rule by failing to properly safeguard the records when it returned them to the physician following her retirement.

As a covered entity under the HIPAA Privacy Rule, HIPAA requires that Parkview appropriately and reasonably safeguard all protected health information in its possession, from acquisition to disposition.

In an investigation prompted by the physician’s complaint, OCR found that Parkview breached this responsibility in its handling of certain physician patient records in helping the physician to transition to retirement.

According to OCR, in September 2008, Parkview took custody of medical records of approximately 5,000 to 8,000 patients while assisting the retiring physician to transition her patients to new providers, and while considering the possibility of purchasing some of the physician’s practice.

Subsequently on June 4, 2009, Parkview employees, with notice that the physician was not at home, left 71 cardboard boxes of these medical records unattended and accessible to unauthorized persons on the driveway of the physician’s home, within 20 feet of the public road and a short distance away from a heavily trafficked public shopping venue. OCR concluded this conduct violated the Privacy Rule.

To settle OCR’s charges that these actions violated HIPAA, OCR has agreed to pay the $800,000 resolution amount and to adopt and implement a corrective action plan requiring Parkview to revise their policies and procedures, train staff, and provide an implementation report to OCR.

HIPAA Violations Carry Significant Liability

As demonstrated by the Parkview resolution agreement, violation of HIPAA can carry significant civil and potentially even criminal liability. The criminal provisions of HIPAA as well as the express terms of the Privacy Rules require that covered entities and their business associates adopt and administer specific compliance programs and practices to provide to compliance with HIPAA and HIPAA’s breach notification rules and the Privacy Regulations may require self-reporting of violations when and if violations occur. Since HIPAA includes potential criminal liability, violations of its provisions can trigger organizational liability for covered entities and their business associates. Consequently, HIPAA compliance also generally should be part of the Federal Sentencing Guideline Compliance Program of every covered entity and business associate.

The HITECH Act tightened certain rules applicable to the use, access or disclosure of protected health information by covered entities and their business associates. In addition, the HITECH Act added breach notification rules, extended direct responsibility for compliance with HIPAA to business associates, increased penalties for noncompliance with HIPAA and made other refinements to HIPAA’s medical privacy rules and made certain other changes. Furthermore, enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

When conducting these efforts, Covered Entities and business associates not only carefully watch for and react promptly to new OCR guidance and enforcement actions, but also document their commitment and ongoing compliance and risk management activities to help support their ability to show their organization maintains the necessary “culture of compliance” commitment needed to mitigate risks in the event of a breach or other HIPAA violation and take well-documented, reasonable steps to encourage their business associates to do the same. When carrying out these activities, most covered entities and business associates also will want to take steps to monitor potential responsibilities and exposures under other federal and state laws like the privacy and data security requirements that often apply to personal financial information, trade secrets or other sensitive data under applicable federal and state laws and judicial precedent.

A series of supplemental guidance issued by the Department of Health & Human Services Office of Civil Rights (OCR) in recent weeks is giving health care providers, health plans, health care clearinghouses (Covered Entities) and their business associates even more to do in reviewing and updating their policies, practices and training for handing protected health information (PHI) beyond bringing their policies and practices into line with OCR’s restatement and update to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013.

Covered Entities generally have been required to comply with most requirements the Omnibus Final Rule’s restated regulations restating OCR’s regulations implementing the Health Insurance Portability & Accountability Act (HIPAA) Privacy, Security and Breach Notification Rules to reflect HIPAA amendments enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act since the Omnibus Final Rule took effect on March 26, 2013 and to have updated business associate agreements in place since September 23, 2013. Meanwhile, the Omnibus Final Rule generally has required business associates have updated business associate agreements in place and otherwise to have come into compliance with all of the applicable requirements of the Omnibus Final Rule since September 23, 2013. Although these deadlines are long past, many Covered Entities and business associates have yet to complete the policy, process and training updates required to comply with the rule changes implemented in the Omnibus Final Rule.

Even if a Covered Entity or business associate completed the updates required to comply with the Omnibus Final Rule, however, recent supplemental guidance published by OCR means that most organizations now have even more work to do on HIPAA compliance. This includes the following supplemental guidance on its interpretation and enforcement of HIPAA against Covered Entities and business associates published by OCR since January 1, 2014 alone:

HIPAA Privacy Rule and Sharing Information Related to Mental Health published on
Spanish Language Model Notices of Privacy Practices published on 2/13/14
CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports published on 2/3/14; and
Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) published on 1/7/14.

Beyond this 2014 guidance, Covered Entities and their business associates also should look at enforcement actions and data as well as other guidance OCR issued during 2013 after publishing the Omnibus Final Rule such as:

Watch & Manage Whistleblower Liability From HIPAA Violations & Compliance

Beyond illustrating the potential HIPAA-associated penalties that can result from failing to comply with HIPAA, the Parkview resolution agreement also illustrates the risks that current or former workforce members and others acting as whistleblowers play in helping OCR to identify HIPAA violations. HIPAA and most other laws prohibited covered entities from forbidding or retaliating against a person for objecting to or reporting the concern and offer whistleblowers potential participation in the reporting and prosecution of violations. Beyond these specific federal HIPAA protections, state courts often recognize firing or otherwise retaliating against workforce members or others for exercising rights protected by HIPAA or other federal anti-retaliation statutes as a basis for a state whistleblower or other retaliatory discharge claim. See, e.g. Faulkner v. Department of State Health Servs., 2009 U.S. Dist. LEXIS 22419 (N.D. Tex. Mar. 19, 2009). See also Court Recognizes Retaliation For Filing HIPAA Privacy Complaint As Basis For Texas Whistleblower Claim. With retaliation and other whistleblower complaints becoming increasingly common and judgments from these claims rising, covered entities and their business associates need to include appropriate employment liability risk management processes and procedures in their HIPAA compliance processes and coordinate carefully with their human resources team and qualified employment counsel to manage the employment liability related risks associated with investigations and discipline activities under HIPAA. Concurrently, Privacy Officers also should ensure that their organization’s human resources team understands the HIPAA rules and spot and properly refers to the privacy officer for investigation statements or other activities that may indicate that a HIPAA compliance or retaliation concern needs investigation or redress to avoid missing potential exposures hidden in the human resources processes that could reflect a practice of tolerance or retaliation unacceptable to OCR.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on Employee & Other Whistleblower Complaints Common Source of HIPAA Privacy & Other Complaints | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: employment law, HIPAA, Retaliation, Whistleblower | Permalink
Posted by Cynthia Marcotte Stamer

Consider Fiduciary & Other Risk Management When Planning For ACA Transitional Reinsurance Costs, Other Plan Design Changes

July 7, 2014

Employer and other plan sponsors should start working now with their insurers, administrators and advisors to understand the implications of and their options for addressing the “Transitional Reinsurance Program” and other new Patient Protection & Affordable Care Act (ACA)-associated cost and plan design changes so that they are prepared to finalize and implement their health plan design, contracts and arrangements in time to meet the accelerated deadlines for notifying participants of plan changes and otherwise implement their plan changes for the upcoming plan year.

The impending imposition of Transitional Reinsurance Program assessments are only one of a myriad of new and pre-existing federal health plan rules and associated market changes impacting the design of employer and union-sponsored health plans. Since ACA now also requires 60 days advance written notice of material health plan changes, . When making these decisions, employer and other health plan sponsors and their advisors, administrators and insurers should not only focus on the technically new mandates but also the allocation of fiduciary and other responsibilities, liabilities and other plan and services agreements terms. Plan sponsors and their fiduciaries historically have underappreciated the significance of these allocations or presumed that their vendor contracts allocate responsibility to the service providers and vendors to match the sales pitch. Always rarely the case, the changes in the marketplace and the law make it even more likely that sponsoring employers and their leaders of even plans that carefully reviewed and negotiated these responsibilities in their past contracts need to carefully look at these plan and contractual terms carefully.

The Transitional Reinsurance Program is one of a series of new ACA-imposed assessments that can impact the plan design and costs. Proper understanding of these rules is critical for plan sponsors and their fiduciaries to ensure that they don’t unintentionally assume significantly greater liability for their self-insured health plans in an attempt to design around a relatively small by comparison ACA assessment.

Section 1341 of the Patient Protection & Affordable Care Act (ACA) requires the establishment of the reinsurance program to provide for stabilization of funding for exchanges. Funding for the costs of the program is accomplished through amounts assessed upon insurers and self-insured plan third party administrators. ACA § 1341 accomplishes this by providing for:

The establishment for each State of a transitional reinsurance program stabilize premiums for coverage in the individual market from 2014 through 2016;
Requiring all health insurance issuers and third party administrators on behalf of self-insured group health plans, to pay contributions to support reinsurance payments that cover high-cost individuals in non-grandfathered plans in the individual market.

Registration is now open for a series of webinars that the Department of Health & Human Services will host on “The Transitional Reinsurance Program: Contributing Entities and Counting Methods” on July 14, July 18 and July 23, 2014 from 2:00 p.m. – 3:30 p.m. EST. The upcoming HHS webinars will cover the same information. They will focus on reinsurance contributions including who is a contributing entity and how a contributing entity can calculate its annual enrollment count to determine reinsurance contribution amounts. The intended audience for this webinar is health insurance issuers, self-insured group health plans, third party administrators (TPAs) and administrative services-only (ASO) contractors. To register for the HHS webinar and to obtain additional information see here.

Understanding how the Transitional Reinsurance Program assessments will be calculated is one of many critical steps in making plan design changes. When considering whether to take advantage of options for minimizing these assessments, however, employer, union and other plan sponsors need to consider whether the liability and other consequences of meeting requirements for avoidance of the assessments is warranted by the anticipated savings. With superficially it might seem desirable to avoid the payment of a few dollars per covered lives associated with the assessment, employers and other sponsoring organizations and the officers or other leadership employees involved in plan design or administration should critically review the effect of meeting these requirements specifically, as well as their proposed vendor contracts and associated plan documents and communications on their personal and organizations’ fiduciary and other liabilities. To the extent that existing or expanded fiduciary liability cannot be avoided, it will be critical that the sponsor and its leadership ensure that proper steps are taken to select, credential, bond, and appoint the persons who will be or help carry out fiduciary or other plan-related responsibilities. Additionally, most plan sponsors will want to consider exploring the availability of fiduciary liability insurance coverage to help mitigate the potential liability risks associated with plan sponsorship.

For Advice, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The author of the “Managed Care Contracting Guide” and a multitude of other highly-regarded publications on health plan and other fiduciary liability risk management, Ms. Stamer has advised plan sponsors, administrators, insurers and others about these and other health plan liabilities and their risk management throughout her more than 25 year career. You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to ask about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

Comments Off on Consider Fiduciary & Other Risk Management When Planning For ACA Transitional Reinsurance Costs, Other Plan Design Changes | Corporate Compliance, Data Security, Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: ACA, Insurers, Reinsurance Program, self-insured health plans, Transitional Reinsurance Program | Permalink
Posted by Cynthia Marcotte Stamer

HHS Claims Average $69/Month Cost for Subsidized Coverage Shows ACA Success Challenged

June 18, 2014

The Department of Health & Human Services (HHS) is touting a new report available here released today that it says people who qualified for tax credits to buy health insurance coverage through the health insurance exchange who selected silver plans, the most popular plan type in the federal Marketplace, paid an average premium of $69 per month. In the federal Marketplace, 69 percent of enrollees who selected Marketplace plans with tax credits had premiums of $100 a month or less, and 46 percent of $50 a month or less after tax credits. The balance of the cost of the coverage is covered via subsidies. Other sources, however, say the data in the report raises concerns about the overall cost of the health care reform law and its impact on the total cost of coverage.

HHS says the report also looks at competition and choice nationwide among health insurance plans in 2013-2014. HHS claims that the report shows most individuals shopping in the Marketplace had a wide range of health plans from which to choose. On average, consumers could choose from five health insurers and 47 Marketplace plans. An increase of one issuer in a rating area is associated with 4 percent decline in the second-lowest cost silver plan premium, on average.

While the HHS report by focusing on what subsidized individuals pay out of pocket spins the data to give the impression that the health care reform law is bringing down health care costs as promised, other sources say the data in the Report raises serious concerns about the overall cost of the health care reform law and the total cost of coverage. While acknowledging that “the generous subsidies” helped consumers receiving subsidies, the Los Angeles Times reports these subsidies coupled with the massive enrollment by individuals qualifying for subsidies raise budgetary concerns. According to the Los Angeles Times article, the reports shows the federal government is on track to spend at least $11 billion on subsidies for consumers who bought health plans on marketplaces run by the federal government, even accounting for the fact that many consumers signed up for coverage in late March and will only receive subsidies for part of the year. However, this total does not count the additional cost of providing coverage to the 1/3 of the 8 million new people who signed up for coverage who bought coverage in states that ran their own marketplaces, including California, Connecticut, Maryland and New York. While Federal officials said subsidy data for these consumers were not available, the Los Angeles Times estimated that if these state consumers received roughly comparable government assistance for their insurance premiums, the total cost of subsidies could top $16.5 billion this year, resulting in budgetary costs “far higher” than the $10 million budgetary cost that the Congressional Budget Office projected subsidies would cost U.S. taxpayers in 2014. See Obamacare subsidies push cost of health law above projections.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on HHS Claims Average $69/Month Cost for Subsidized Coverage Shows ACA Success Challenged | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Breach Notification, Health Care, Health Care Provider, Health Plan, HIPAA, HITECH, Medical Privacy | Permalink
Posted by Cynthia Marcotte Stamer

HIPAA Compliance & Breach Data Shares Helpful Lessons For Health Plans, Providers and Business Associates

June 11, 2014

Health care providers, health plans and insurers, health care clearinghouses (collectively “Covered Entities”), their business associates, and others concerned about medical privacy regulations or protections should check out two new reports to Congress about breach notifications reported and other compliance data under the Health Insurance Portability & Accountability Act (HIPAA) by the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). Reviewing this data can help Covered Entities and their business associates identify potential areas of exposures and enforcement that can be helpful to minimize their HIPAA liability as well as to expect OCR enforcement and audit inquiries. Smart covered entities and business associates will include review of these and other reports about compliance and enforcement by OCR and assessment of their processes against this information as a part of their HIPAA compliance and risk management practices.

Required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the two new reports discuss various details about HIPAA compliance for calendar years 2011 and 2012. They include the following:

Report to Congress on Breach Notifications, discussing the breach notification requirements and reports OCR received as a result of these breach notification requirements; and
Report to Congress on Compliance with the HIPAA Privacy and Security Rules, summarizing complaints received by OCR of alleged violations of the provisions of Subtitle D of the HITECH Act, as well as of the HIPAA Privacy and Security Rules at 45 CFR Parts 160 and 164 .
Covered entities and their business associates should review the finding reported as part of their compliance practices. Others concerned about medical or other privacy or data security regulations or events also may find the information in the reports of interest.

Under HIPAA, covered entities generally are prohibited from using, accessing or disclosing protected health information about individuals except as specifically allowed by HIPAA, In addition, HIPAA also requires Covered Entities to establish safeguards to protect protected health information against improper access, use or destruction, to afford certain rights to individuals who are the subjects of protected information, to obtain certain written assurances from service providers who are business associates before allowing those service providers to use, access or disclose protected health information when carrying out covered functions for the Covered Entity, and meet other requirements.

Enforcement of HIPAA and the resulting penalties have increased since the HITECH Act took effect.

HIPAA Privacy Rule and Sharing Information Related to Mental Health published on
Spanish Language Model Notices of Privacy Practices published on 2/13/14
CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports published on 2/3/14; and
Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) published on 1/7/14.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on HIPAA Compliance & Breach Data Shares Helpful Lessons For Health Plans, Providers and Business Associates | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Breach Notification, Health Care, Health Care Provider, Health Plan, HIPAA, HITECH, Medical Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Review & Update Health Plan Notices, Language & Process For New Guidance On COBRA, Other Key Health Plan Rules

June 2, 2014

Add reviewing and updating your plan language, notices and processes for administering the coverage continuation requirements to the ever-growing list of items that employers and other group health plan sponsors, insurers, administrators and fiduciaries need to handle this year.

The most recently emerging guidance published by federal regulators to implement the Patient Protection & Affordability Act (ACA) and other health care reforms is a package of new guidance on COBRA and its interface with COBRA published in early May. This guidance includes a new HHS Bulletin Allowing COBRA Qualified Beneficiaries to Enroll in the Health Insurance Marketplace, as well as a series of updated model COBRA and CHIP Notices and related documents.

The HHS Bulletin on COBRA allows individuals who previously elected COBRA rather than enrolling in coverage through one of the new health insurance exchanges created under ACA a special extended enrollment opportunity to enroll in coverage under these exchanges. Many employers and health plans may want to communicate this new option to help minimize their COBRA exposures.

Beyond the extended exchange enrollment period for COBRA enrolled or eligible persons, the new guidance also may merit updates and changes to group health plan’s existing COBRA plan language, notices and election forms and procedures. Labor Department guidance several years ago significantly expanded the number of notifications required under COBRA as well as the required content. In connection with that guidance, the Labor Department published various model notices and other materials. As part of new guidance published in May, 2014, the Labor Department has revised and published updated versions of many of these model documents. The updated materials include:

Updated COBRA Model Notice
Updated COBRA Model General Notice, available at http://www.dol.gov/ebsa/modelgeneralnotice.doc
Updated COBRA Model Election Notice, available at http://www.dol.gov/ebsa/modelelectionnotice.doc
Updated CHIP Notice, available at http://www.dol.gov/ebsa/chipmodelnotice.doc
Notice of Proposed Rulemaking, available at http://www.dol.gov/ebsa/pdf/cobranprm.pdf

In addition to the updated COBRA guidance, employers, health plans and their insurers, administrators and fiduciaries also will want to review and update their plan language, processes, budgets, notices and other materials in response to updated guidance in Affordable Care Act Implementation FAQs Part XIX on Department of Labor model notices, limitations on cost-sharing, coverage of preventive services, health flexible spending account (FSA) carryover and excepted benefits, and the Summary of Benefits and Coverage requirements of PHS Act §2715. Employers and others involved in the design or administration of group health plans also will want to review this new guidance as part of their continuing health plan compliance, cost forecasting and planning efforts.

Catch Up On Latest, Get Practical Health Plan Insights At June 17 Texas CEO Briefing

Texas CEO Magazine invites Solutions Law Press Readers to catch up on new developments and strategies to help employers prepare for and cope with the ever-evolving stream of health plan developments enacted under the Patient Protection & Affordable Care Act by participating in a practical briefing on:

Tuesday, June 17

7:30 – 9:00 a.m.

Park City Club

5956 Sherry Lane, Dallas

Two of Texas CEO’s “Top 10 Most Read” articles in 2013 were authored by Dallas attorney and benefit specialist Cynthia Stamer who will anchor a panel of benefit experts that will explore new developments and their practical implications on:

Benefit Plan Design
Workforce Classification
Data Collection
Cost Projections
Private Exchanges
New Reporting Requirements (IRC 6055 & 6056)
Noncompliance Penalties
Avoiding the Tax
The New Care Delivery Dynamic

Featured Speakers include Cynthia Stamer, Managing Partner, Solutions Lawyer Publisher and Author, Eric Bassett, Senior Partner & Central Market Leader, Mercer Health & Benefits Consulting, Scott Gibbs, Senior Vice President, McGriff, Seibels & Williams, Inc., and Becky Parker, Health Reform Director, MHBT Inc.

Cynthia is a Dallas-based attorney who has spent more than 25 years helping private and public employers and health and employee benefit planners develop, implement, administer and defend creative, legally compliant and operationally effective health plans and policies.

Cynthia’s Texas CEO Magazine article, “Benefit Plan Triage: 12 STEPS EVERY EMPLOYER WITH A HEALTH PLAN SHOULD DO NOW,” was one of the Top 10 most-read articles of 2012. And in 2013, “Getting Ready for ACA Reform: 13 Steps to Take Now,” and “Affordable Care Act Update,” were both Top 10 most read articles.

Cynthia, among other things, is:

Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group
Immediate Past Chair of the ABA’s RPTE Employee Benefit & Compensation Committee
Marketing Committee Chair of the ABA Joint Committee on Employee Benefits
Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee
Current Vice-Chair of the Gulf States TEGE Council – Exempt Organizations Group

Eric works with clients in all areas of health care and group benefits with particular emphasis on health care strategies, delivery system capabilities, defined contribution, and consumerism. Eric began his 28-year health care career working for health care vendors. He has led cross-functional teams involved in the development of rural managed care strategies, integration of legacy networks and systems, physician profiling and implementation of open access networks and systems. Eric’s consulting experience includes:

Developing and managing health improvement, disease and demand management programs.
Chronic PCMH program design and development.
Working with management and labor during collective bargaining.
Integrating and consolidating benefit plans for mergers and acquisitions.
Working closely with corporate committees to facilitate decision-making.
Active and retiree exchange strategy and design.

Scott Gibbs works with large employers on long term strategies to make corporate benefit plans consistent with the company’s goals and budgets, working with both fully-insured and self-funded plans.

Scott is a member of:

Society for Human Resource Management (SHRM)
Texas Public Risk Management Association
International Foundation of Employee Benefit Plans
State and Local Government Benefit Association
Scott has an undergraduate degree from Baylor University and a Master’s in Health Care Administration from Trinity University.

Becky directs all corporate strategy and communication on the Affordable Care Act for MHBT and its clients. She has worked as an employee benefits advisor since 1992 and was one of the first employee benefits professionals to have earned a Certification in Health Care Reform Studies from The American College.

Becky is an active member of the Austin Association of Health Underwriters where she was president in 2003 and also served on the Texas Association of Health Underwriters board as their liaison to the Texas Department of Insurance and was honored nationally for her work.

Becky is an advocate for employee benefits in the legislative arena regularly testifying at the Texas State Capitol and engaging our federal elected officials on insurance related matters. Becky has even advised Texas Congressmen on the employer aspects of the Affordable Care Act.

Becky holds a Bachelor of Arts degree from The University of Texas at Austin.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

For the past two years, Ms. Stamer has served as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

Comments Off on Review & Update Health Plan Notices, Language & Process For New Guidance On COBRA, Other Key Health Plan Rules | Corporate Compliance, Data Security, Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Affordable Care Act, business, COBRA, Employers, Health Care Reform, Health Plans, preventive care benefits | Permalink
Posted by Cynthia Marcotte Stamer

6/17 Workshop Helps Businesses Get Ready for Latest Affordable Care Act Rollout

May 31, 2014

Tuesday, June 17

7:30 – 9:00 a.m.

Park City Club

5956 Sherry Lane, Dallas

The Affordable Care Act continues to hit the business world with successive waves of reform. To make sure your company is ready, we’ve assembled a panel of experts to update you about the current and impending legal terrain and share their benefit plan design and compliance tips to help your business cope with these changes.

Two of Texas CEO’s “Top 10 Most Read” articles in 2013 were authored by Dallas attorney and benefit specialist Cynthia Stamer who will anchor our panel of benefit experts as we take you through:

Benefit Plan Design
Workforce Classification
Data Collection
Cost Projections
Private Exchanges
New Reporting Requirements (IRC 6055 & 6056)
Noncompliance Penalties
Avoiding the Tax
The New Care Delivery Dynamic

Featured Speakers Include:

Cynthia Stamer, Managing Partner, Solutions Lawyer

Ms. Stamer is:

Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group
Immediate Past Chair of the ABA’s RPTE Employee Benefit & Compensation Committee
Marketing Committee Chair of the ABA Joint Committee on Employee Benefits
Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee
Current Vice-Chair of the Gulf States TEGE Council – Exempt Organizations Group

Eric Bassett, Senior Partner & Central Market Leader, Mercer Health & Benefits Consulting

Developing and managing health improvement, disease and demand management programs.
Chronic PCMH program design and development.
Working with management and labor during collective bargaining.
Integrating and consolidating benefit plans for mergers and acquisitions.
Working closely with corporate committees to facilitate decision-making.
Active and retiree exchange strategy and design.

Scott Gibbs, Senior Vice President, McGriff, Seibels & Williams, Inc.

Scott is a member of:

Society for Human Resource Management (SHRM)
Texas Public Risk Management Association
International Foundation of Employee Benefit Plans
State and Local Government Benefit Association
Scott has an undergraduate degree from Baylor University and a Master’s in Health Care Administration from Trinity University.

Becky Parker, Health Reform Director, MHBT Inc.

Becky directs all corporate strategy and communication pertaining to the Affordable Care Act for MHBT and its clients. She has worked as an employee benefits advisor since 1992 and was one of the first employee benefits professionals to have earned a Certification in Health Care Reform Studies from The American College.

Becky holds a Bachelor of Arts degree from The University of Texas at Austin.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on 6/17 Workshop Helps Businesses Get Ready for Latest Affordable Care Act Rollout | Corporate Compliance, Data Security, Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Affordable Care Act, business, Employers, Health Care Reform, Health Plans | Permalink
Posted by Cynthia Marcotte Stamer

Post-Windsor Same-Sex Participant Guidance May Require Mid-Year Plan Amendments

May 15, 2014

Employers and fiduciaries of 401(k) plans should take note of the potential need to adopt a mid-year amendment to their plans to comply with new guidance of the Internal Revenue Service (IRS) on the need to timely amend their plans to comply with IRS recent guidance on when their plans must afford same-sex partners treatment equivalent to opposite-sex married couples issued in response to the Supreme Court’s decision striking down the Defense of Marriage Act (DOMA) in United States v. Windsor, 570 U.S. ___, 133 S.Ct. 2675 2013). At the same time, they also should review other recent guidance to determine if changes are required or otherwise desirable to their cafeteria, health and other welfare, and other employee benefit plans, family leave, and other human resources and employee benefit policies.

The IRS previously announced that a mid-year amendment to 401(k) plans to recognize same-sex partners as married couples for certain plan purposes might be required in Notice 2014-19. This announcement has presented some confusion for some sponsors of safe harbor 401(k) plans as Treasury Regulation § 1.401(k)-3(e)(1) generally requires that a Section 401(k) safe harbor plan be adopted before the beginning of the plan year and maintained throughout a full 12-month plan year, however, except as otherwise provided in § 1.401(k)-3(g) (on the reduction or suspension of safe harbor contributions) or in guidance of general applicability published in the Internal Revenue Bulletin. To resolve these questions, the IRS announced today (May 15, 2014) released an advance copy of Notice 2014-37, which is scheduled for official publication in Internal Revenue Bulletin 2014-23 on June 2, 2014. Notice 2014-37 will provide that the adoption of a mid-year amendment to a 401(k) safe harbor plan that will take effect during the plan year (“mid-year amendment”) will not disqualify the plan.

In light of this guidance, 401(k) sponsors, including those sponsoring 401(k) safe harbor plans, should ensure that their plans are timely amended to comply with the post-Windsor rules.

In addition to amending their 401(k) plans, employers also should review other emerging post-Windsor guidance impacting other employment and employee benefit practices and update their policies and practices as needed to comply with emerging guidance. For instance, the IRS also recently has published guidance s rules about health savings accounts (HSAs) after the Windsor decision.

Before the Windsor decision declared DOMA unconstitutional, Internal Revenue Service (IRS) guidance prohibited cafeteria plans, including HSAs and FSAs from treating same-sex partners as married based on DOMA’s restriction of the definition for federal tax and other federal law purposes to only a legal union between one man and one woman and the definition of “spouse” only to a person of the opposite sex who is a husband or wife. As a result, IRS pre-Winsor guidance prohibited HSAs, FSAs and other cafeteria plans from allowing employees to choose coverage of same-sex spouses on a pre-tax basis under a cafeteria plan unless the spouse otherwise qualified as a tax dependent of the employee.

In Windsor, the Supreme Court struck down DOMA’s prohibition of the recognition of same-sex couples as married or spouses as an unconstitutional violation of the Fifth Amendment to the United States Constitution.

In response to the Windsor ruling of DOMA unconstitutional, the IRS initially updated its guidance to reflect the Windsor ruling in Rev. Rul. 2013-17, which held:

For Federal tax purposes, the terms “spouse,” “husband and wife,” “husband,” and “wife” include an individual married to a person of the same sex if the individuals are lawfully married under state law, and the term “marriage” includes such a marriage between individuals of the same sex;
For Federal tax purposes, the IRS adopts a general rule recognizing a marriage of same-sex individuals that was validly entered into in a state whose laws authorize the marriage of two individuals of the same sex even if the married couple is domiciled in a state that does not recognize the validity of same-sex marriages;
For Federal tax purposes, the terms “spouse,” “husband and wife,” “husband,” and “wife” do not include individuals (whether of the opposite sex or the same sex) who have entered into a registered domestic partnership, civil union, or other similar formal relationship recognized under state law that is not denominated as a marriage under the laws of that state, and the term “marriage” does not include such formal relationships;
Rev. Rul. 2013-17 also stated that taxpayers could rely on this holding retroactively for purposes of filing original returns, amended returns, adjusted returns, or claims for credit or refund employment tax and income tax with respectto employer-provided health coverage benefits or fringe benefits that the employer provided and are excludable from income under sections 106, 117(d), 119, 129, or 132 based on an individual’s marital status; and
For purposes of the preceding sentence, if an employee made a pre-tax salary-reduction election for health coverage under a section 125 cafeteria plan sponsored by an employer and also elected to provide health coverage for a same-sex spouse on an after-tax basis under a group health plan sponsored by that employer, an affected taxpayer may treat the amounts that were paid by the employee for the coverage of the same-sex spouse on an after-tax basis as pre-tax salary reduction amounts.

Subsequently, the IRS also published special administrative procedures for employers to use to make adjustments or claims for refund or credit of employment taxes paid with respect to the value of same-sex spousal benefits that are excludable from the income and wages of an employee under the Windsor decision, as interpreted by Rev. Rul. 2013-17.

Most recently regarding cafeteria plans, Notice 2014-01 discusses when plan sponsors may need to amend their cafeteria plan documents to allow mid-year election changes by same-sex spouses. It states that a cafeteria plan that does not contain written terms that allow changes of election upon change in legal marital status generally would need to be amended before a same-sex couple could be allowed to make an election change. However, where the cafeteria plan already contains written terms permitting a change in election upon a change in legal marital status, Notice 2014-01 states a plan amendment generally is not required to allow an employee who acquires a same-sex spouse to make a mid-year election change in response to the acquisition of a same-sex spouse.

Beyond this plan amendment guidance, Notice 2014-01 also further clarifies the IRS’ previous post-Windsor guidance by answering various questions about the treatment of same-sex couples following Windsor for purposes of administering FSA-reimbursements, HSA limits and mid-year election changes.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on Post-Windsor Same-Sex Participant Guidance May Require Mid-Year Plan Amendments | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: 125, cafeteria plan, defense of marriage act, FSA, HSA, Windsor | Permalink
Posted by Cynthia Marcotte Stamer

Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements

April 27, 2014

“Encrypt your laptops and other mobile devices” is only one of the key lessons leaders of health plans, health care providers, health care clearinghouses (“Covered Entities”) and their business associates should take away from the Department of Health and Human Services Office for Civil Rights (OCR)’s April 22 announcement that Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas (QCA) collectively are paying $1,975,220 under separate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule resolution agreements resulting from thefts of unencrypted laptops. Along with the importance of encryption, however, these Resolution Agreements also contain equally significant, more broadly applicable lessons to Covered Entities, business associates and their leaders about some of the specific processes, actions and documentation that OCR them to implement and be prepared to defend the adequacy of their HIPAA “culture of compliance” if they file a breach report or otherwise face a HIPAA audit or investigation from OCR.

Consequently, while confirming the adequacy of their organization’s existing encryption of laptops and mobile devices, Covered Entities and their leaders should also consider using these and other Resolution Agreements as a road map for reviewing and tightening their management oversight and other HIPAA compliance documentation and practices generally.

Concentra Resolution Agreement

Under the Concentra Resolution Agreement, Concentra agrees to pay OCR a monetary settlement of $1,725,220 and adopt a corrective action plan to settle potential violations of the HIPAA Privacy and Security Rules and evidence their remediation of OCR’s findings.

OCR opened a compliance review of Concentra after receiving a breach report that an unencrypted laptop was stolen from its the Springfield Missouri Physical Therapy Center on November 30, 2011. OCR’s investigation concluded that Concentra previously had recognized in multiple risk analyses that a lack of encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information (ePHI) was a critical risk. While steps were taken to begin encryption, Concentra’s efforts were incomplete and inconsistent over time leaving patient PHI vulnerable throughout the organization. OCR’s investigation further found Concentra had insufficient security management processes in place to safeguard patient information.

In particular, the Resolution Agreement states that HHS’ investigation found that the following conduct occurred (Covered Conduct):

Concentra failed to adequately remediate and manage its identified lack of encryption or, alternatively, document why encryption was not reasonable and appropriate and implement an equivalent alternative measure to encryption, if reasonable and appropriate, from October 27, 2008, until June 22, 2012 (date on which a complete inventory assessment was completed and Concentra immediately took action to begin encrypting all unencrypted devices) (see 45 C.F.R. § 164.312(a)(2)(iv))

Concentra did not sufficiently implement policies and procedures to prevent, detect, contain, and correct security violations under the security management process standard when it failed to adequately execute risk management measures to reduce its identified lack of encryption to a reasonable and appropriate level from October 27, 2008, (date of Concentra’s last project report indicating that 434 out of 597 laptops were encrypted) until June 22, 2012 (date on which a complete inventory assessment was completed and Concentra immediately took action to begin encrypting all unencrypted devices) (see 45 C.F.R. § 164.308(a)(1)(i)). 3.

In the Resolution Agreement, Concentra has agreed to pay OCR $1,725,220 to settle potential violations and will adopt a corrective action plan to evidence their remediation of these findings.

QCA Resolution Agreement

QCA’s much smaller $250,000 monetary penalty under the QCA Resolution Agreement also resulted from a breach notification of the theft of an unencrypted laptop and also requires corrective actions in addition to a monetary settlement. OCR opened its investigation after QCA reported in February 2012 that an unencrypted laptop computer containing the ePHI of 148 individuals was stolen from a workforce member’s car. OCR’s investigation revealed that while QCA encrypted their devices following discovery of the breach, QCA failed to comply with multiple requirements of the HIPAA Privacy and Security Rules, beginning from the compliance date of the Security Rule in April 2005 and ending in June 2012.

To resolve OCR’s charges it violated HIPAA, QCA agreed to a $250,000 monetary settlement and is required to provide HHS with an updated risk analysis and corresponding risk management plan that includes specific security measures substantially similar to those imposed on the Concentra Resolution Agreement to reduce the risks to and vulnerabilities of its ePHI. QCA is also required to retrain its workforce and document its ongoing compliance efforts.

Corrective Action Plan Lessons For Other Covered Entities & Business Associates

Unquestionably, laptop and other mobile device encryption is a key take away of the two separate resolution agreements against Concentra and QCA. OCR Deputy Director of Health Information Privacy Susan McAndrew made this point clear in the announcement of the Concentra and QCA Resolution Agreements, stating “Covered entities and business associates must understand that mobile device security is their obligation,” and “Our message to these organizations is simple: encryption is your best defense against these incidents.”

As important as this encryption warning is, however, leaders of Covered Entities and business associates must not overlook the more subtle but equally important messages in these Resolution Agreements share about the management oversight and other specific actions, documentation and other evidence that OCR may expect their organizations and its leadership to produce if OCR investigates or audits its HIPAA compliance.

OCR officials have stated that Covered Entities and their business associates should use the corrective action plans in resolution agreements to help guide their own compliance efforts. While the message to encrypt mobile device is important, it is not the only lesson that leaders should learn. The Concentra and QCA Resolution Agreements, as well as their predecessors also contain detailed information about various other processes and procedures that OCR views as necessary or helpful to the compliance efforts of Covered Entities and their business associates. Privacy officers and other leaders of Covered Entities and business associates should avoid the mistake of allowing the Resolution Agreement’s clear messaging about mobile device encryption to lure them or their organization into overlooking broader and more generalized messages the corrective action plans included in the Concentra, QCA and other Resolution Agreements share about the compliance processes and analysis, management review and oversight, training and other compliance practices and documentation that OCR may expect their organizations to create and produce.

The requirement of officer attestation that his organization completed the detailed corrective actions required by OCR and that the reports submitted to OCR are accuratein the Concentra and QCA Resolution Agreements Corrective Action Plans, for instance, reflects OCR’s expectation that senior management take ownership of ensuring the adequacy of their organization’s HIPAA compliance. In this respect, leaders of Covered Entities and business associates particularly should note that both the Concentra and QCA Resolution Agreements, as well as the Skagit County Resolution Agreement announced in March, 2014 require specific attestations from an “officer” of the entity that the officer reviewed the reports, made reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful. These attestation requirements, like those required by OCR in the Skagit County Resolution Agreement OCR announced in March send a clear message that OCR views leaders as responsible for taking appropriate steps to require and confirm adequate HIPAA compliance in the same manner as typically applies to other Federal Sentencing Guideline compliance efforts. See HIPAA Covered Entities Should Review & Correct HIPAA Policies In Response To New County Hospital Resolution Agreement, Other Developments. These attestation requirements send a strong message that OCR expects the leadership of Covered Entities, business associates to take ownership of and keep tabs on their organization’s HIPAA compliance. In light of this, leadership of all Covered Entities and their business associates should evaluate the adequacy of their current HIPAA management oversight and documentation in proving the “culture of compliance” expected by HIPAA.

Viewed from this perspective, the corrective action steps and reporting requirements imposed by the Concentra, QCA and other Resolution Agreements are valuable road maps to both privacy officers and other management of Covered Entities and business associates about the processes, steps and documentation that management should consider requiring as part of its direction and oversight of their organizations’ Privacy, Security and Breach Notification compliance.

In this respect, management should note that both Resolution Agreements require that Concentra and QCA conduct, document, and report to OCR on a series of specific steps toward compliance. In both cases, for instance, OCR requires Concentra and QCA among other things, to conduct a ‘thorough risk assessment’ of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all ePHI, then develop and implement a ‘detailed risk management plan’ that addresses the identified compliance concerns, the plan and timeline for their redress and steps for monitoring and verifying those actions are taken.

From the Resolution Agreements’ discussion, leaders should expect that the documentation and evidence that OCR may require their organizations to produce will include:

A detailed risk management plan that documents and explains its strategy for implementing security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level based on the organization’s circumstances;
With the risk management plan, include material evidence of all implemented and all planned remediation actions associated with the risk management plan along with specific timelines for their expected completion and identify the compensating controls that will be in place in the interim to safeguard Concentra ePHI;
Requires for any changes to its information technology (IT) infrastructure, software or other components, an updated risk analysis in association with any changes or updates to its organizational IT infrastructure (security environment) that affect the risks and vulnerabilities to ePHI received or maintained by Concentra containing all of these elements;
Require that their team track and document the encryption status of mobile and other devices and PHI that both shows that the organization both requires and tracks compliance with requirements to encrypt devices containing ePHI and that the organization requires specific review and documentation that ePHI will not be used on computer or other devices that are unencrypted.
Not only that required workforce training is completed but also whether existing and future documentation requires and retains the documentation that would enable the organization to demonstrate to OCR that the leadership of the organization requires monitoring and documentation that all workforce members have completed the required training, the training materials used for the training, the topics covered, the length of the session(s), when training session(s) were held, and the attestations or other documentation from individual workforce members that the organization requires to verify participation, understanding and affirmation of the individual of the need to comply with HIPAA.

Accordingly, management of Covered Entities and business associates should consider verifying that these organizations have, or take the steps necessary, to be able to provide this documentation and other evidence.

The reporting requirements that OCR imposes under the Resolution Agreements also may be helpful to leaders of Covered Entities or their business associates about the importance of requiring periodic detailed and documented reporting from the Privacy Officer on their organization’s compliance with HIPAA, and some of the types of information that they should expect to receive in these reports. In this regard, leaders may wish to take note that the Resolution Agreements in Concentra, QCA, and Skagit each required that their organizations prepare and provide reports, accompanied by the required officer attestations containing among other things:

A summary of the organization’s security management process and the security measures taken during the Reporting Period, including, if applicable, any documentation of training related to those measures;
A summary of the organization’s encryption efforts taken during the Reporting Period; and
A summary of the organization’s security awareness training efforts taken during the Reporting Period.

In light of these requirements, leaders of Covered Entities or business associates also should consider establishing policies that both require periodic reporting to management and management review of reports on their organization’s ePHI and other Privacy and Security compliance that will produce documentation of similar periodic management oversight as an ongoing process within their organizations.

Since the Concentra and QCA Resolutions are only two of several existing Resolution Agreements, and likely will be supplemented by others in the future, management also should ensure that past and future Resolution Agreements as well as other guidance and developments under HIPAA are systematically reviewed and responded to in a similar, well documented manner.

Learn More At Upcoming Workshops and Teleconferences

Leaders, privacy officers, internet security officers, technology professionals and others concerned about HIPAA and other privacy and security management for Covered Entities, business associates and others can learn more about HIPAA Privacy, Security and Data Breach compliance and risk management by participating in one of the following upcoming HIPAA educational events that the author of this update, Cynthia Marcotte Stamer, will be a featured presenter:

HIPAA Compliance: Are You Ready If A Breach Occurs? Privacy, Security, HITECH, Record Retention Teleconference presented by the American Bar Association Joint Committee on Employee Benefits on April 29, 2014;and
ISSA-LA and HIMSS Southern California 2nd Annual Healthcare Privacy and Security Summit scheduled for May 15-16 at the Universal City Hilton, Universal City, California.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here. ©2014 Cynthia Marcotte Stamer. Limited, non-exclusive right to republished granted to Solutions Law Press, Inc. All other rights reserved.

Comments Off on Encrypt Mobile Devices & Clean Up Management Documentation Key HIPAA Compliance Messages In New HIPAA Settlements | Employers, ERISA, Health Plans, HIPAA, Human Resources, Insurance | Tagged: "Encrypt your laptops and other mobile devices" is only one of the key lessons leaders of health plans, 220 under separate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule resolution agreements resulting from thefts of unencrypted laptops. Along with the importance o, 975, actions and documentation that OCR them to implement and be prepared to defend the adequacy of their HIPAA "culture of compliance" if they file a breach report or otherwise face a HIPAA audit or inves, business associates and their leaders about some of the specific processes, Covered Entities, Health Care, health care clearinghouses ("Covered Entities") and their business associates should take away from the Department of Health and Human Services Office for Civil Rights (OCR)'s April 22 announcement th, health care providers, Health Plans, HIPAA OCR, however, Inc. of Arkansas (QCA) collectively are paying $1, more broadly applicable lessons to Covered Entities, PHI, Privacy, these Resolution Agreements also contain equally significant | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Talks About “Handling Health Plan Spouse, Dependent & Other “Family” Matters in Post-DOMA World” at SPBA 2014 Spring Meeting

April 8, 2014

Health plans, their sponsoring employers and administrators face new challenges and responsibilities under a slew of regulations on the treatment of same-sex domestic partners issued by the Internal Revenue Service, Department of Labor and other federal government agencies since the Supreme Court ruled unconstitutional the Defense Against Marriage Act’s prohibition against the recognition of same-sex partnerships as marriage for purposes of federal law.

Attorney and industry thought leader Cynthia Marcotte Stamer will join officials from the Internal Revenue Service National Office in discussing “Handling Health Plan Spouse, Dependent & Other ‘Family’ Matters in Post-DOMA World” on Thursday, April 17, 2014 at the Society of Professional Benefits Administrators (SPBA) Spring 2014 Meeting at the Capital Hilton in Washington, DC.

The SPBA Spring Meeting scheduled to take place May 16-18 will cover a broad range of timely topics on health care reform and other issues and concerns for self-insured health plan administrators and their clients.

In addition to her April 17 DOMA presentation, Ms. Stamer also is scheduled to share her insights and experiences financial, ethical and legal concerns that third party administrators of self-insured employee benefit plans should consider when their client stops funding the plan due to illiquidity, bankruptcy or otherwise as a panelist on the April 18, 2014 panel on “Action Steps When a Client Stops Funding Claims.”

For additional details about the SPBA or its Spring Meeting, see www.spbatpa.org.

For More Information Or Assistance

If you need help labor and employment, health and other employee benefit, compensation, privacy and data other internal controls and management concerns, please contact the author of this update, attorney Cynthia Marcotte Stamer.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience with health matters, Ms. Stamer works extensively with employers, employee benefit plan sponsors, insurers, administrators, and fiduciaries, payroll and staffing companies, technology and other service providers and others to develop and run legally defensible programs, practices and policies that promote the client’s human resources, employee benefits or other management goals. Ms. Stamer has more than 25 years experience advising these and other clients about these matters and representing employer, employee benefit and other clients before the Internal Revenue Service, the Department of Labor, Immigration & Customs, Justice, and Health & Human Services, the Securities and Exchange Commission, Federal Trade Commission, state labor, insurance, tax and attorneys’ general, and other agencies, private plaintiffs and others on health and other employee benefit, labor, employment and other human resources, worker classification, tax, internal controls, risk management and other legal and operational management concerns.

A Fellow in the American College of Employee Benefits Council, the immediate past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, the Vice Chair of the ABA TIPS Employee Benefits Committee, the Gulf States Area TEGE Council Exempt Organizations Coordinator, past-Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, and the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, Ms. Stamer also is a widely published author and highly regarded speaker on these and other employee benefit and human resources matters who is active in many other employee benefits, human resources and other management focused organizations who is published and speaks extensively on worker classification and related matters. She is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications.

You can learn more about Ms. Stamer and her experience, find out about upcoming training or other events, review some of her past training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer at www.CynthiaStamer.com.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN. ©2014 Cynthia Marcotte Stamer, P.C. Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.

Comments Off on Stamer Talks About “Handling Health Plan Spouse, Dependent & Other “Family” Matters in Post-DOMA World” at SPBA 2014 Spring Meeting | 105(h), Affordable Care Act, Claims Administration, COBRA, Corporate Compliance, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, FMLA, Health Plans, HIPAA, Human Resources, I-9, Immigration, Insurance, Internal Controls, Medicare Part D, Mental Health, Mental Health Parity, Prescription Drugs, Uncategorized | Tagged: ACA, Bankruptcy, defense of marriage act, distressed plans, DOMA, Employee Benefits, Employers, expatriate plans, Fiduciary Responsibility, Health Plans, International, same-sex, tpa, Windsor | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Speaks On “Action Steps When A Client Stops Funding Claims” at 2014 SPBA Spring Meeting

April 8, 2014

Health plans and their administrators face significant practical legal and operational challenges when the employer sponsoring the plan goes bankruptcy, has financial trouble or otherwise stops funding the plan.

Attorney, industry thought leader and Solutions Law Press, Inc. Publisher and Editor, Cynthia Marcotte Stamer will join a panel of distinguished attorneys discussing financial, ethical and legal concerns that third party administrators of self-insured employee benefit plans should consider when their client stops funding the plan due to illiquidity, bankruptcy or otherwise as a panelist on the April 18, 2014 panel on “Action Steps When a Client Stops Funding Claims” on Friday, April 18, 2014 at the Society of Professional Benefits Administrators (SPBA) Spring 2014 Meeting at the Capital Hilton in Washington, DC.

In addition to her April 18 presentation, Ms. Stamer also is scheduled to join officials from the Internal Revenue Service National Office in discussing “Handling Health Plan Spouse, Dependent & Other ‘Family’ Matters in Post-DOMA World” on Thursday, April 17, 2014.

For More Information Or Assistance

About Solutions Law Press

Comments Off on Stamer Speaks On “Action Steps When A Client Stops Funding Claims” at 2014 SPBA Spring Meeting | 105(h), Affordable Care Act, Claims Administration, COBRA, Corporate Compliance, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, FMLA, Health Plans, HIPAA, Human Resources, I-9, Immigration, Insurance, Internal Controls, Medicare Part D, Mental Health, Mental Health Parity, Prescription Drugs, Uncategorized | Tagged: ACA, Bankruptcy, distressed plans, Employee Benefits, Employers, expatriate plans, Fiduciary Responsibility, Health Plans, International | Permalink
Posted by Cynthia Marcotte Stamer

IRS Gives Ex Pat Plans Limited Exemption From ACA Reporting Rule

April 3, 2014

The Internal Revenue Service (IRS) is giving U.S. businesses with workers working oversees (expatriates) additional limited temporary relief from certain mandates of the Patient Protection and Affordable Care Act (ACA). While this relief will be welcome for many multinational employers, these employers and their health plans and insurers need to use caution not to overestimate this relief. Employers and administrators of health plans covering expatriates generally generally remain obligated by U.S. law to design and administer their group health plans to properly comply with applicable U.S. mandates and tax rules..

The temporary relief for employers and health plans covering expatriate announced by the IRS today (April 3, 2014) scheduled to be published in Internal Revenue Bulletin 2014-16 on April 14, 2014, Notice 2014-24, provides a temporary safe harbor for an entity that reports expatriate health insurance plans on its Supplemental Health Care Exhibit (SHCE). For the 2014 and 2015 fee years, Notice 2014-24 will allow such an entity to exclude 50% of its direct premiums written for expatriate plans in reporting total direct premiums written to the IRS for purposes of determining its ACA § 9010 Health Insurance Providers Fee.

This new guidance supplements guidance previously published guidance in“FAQS About Affordable Care Act Implementation (Part XIII)”(the “Expat FAQ”). The Expat FAQ states these health plans generally are not required to comply with the ACA requirements for pre-January 1, 2016 plan years, as long as they comply with the applicable federal health plan mandates of pre-Affordable Care Act version of Title XXVII of the Public Health Service (PHS) Act and other applicable law under ERISA and the Internal Revenue Code (Code) under temporary transitional relief announced in the Expat FAQ jointly announced by the Agencies of Labor, Health and Human Services (HHS), and the IRS (collectively, the Agencies) on March 8, 2013. The Expat FAQ makes clear that the Agencies generally view expatriate health plans and other health benefit coverage provided by businesses subject to U.S. law for employees working outside their home country generally are subject to the mandates of ACA, as well as other federal health plan mandates. However, ERISA section 4(b)(4) may exempt from ERISA coverage “plans maintained outside the United States primarily for the benefit of persons substantially all of whom are nonresident aliens.” Similar exemptions also may be available for certain provisions of the Code or ERISA for these extra-territorial plans for nonresident aliens. For instance, for purposes of the eligibility non-discrimination rule of Code section 105(h), the Code specifies that an employer can disregard employees who are nonresident aliens and who receive no earned income (within the meaning of section 911(d)92) from the employer which constitutes income from sources within the United States within the meaning of section 861(a)(3).

While the Agencies gather further information and analyze the potential challenges expatriate plans may face in complying with the Affordable Care Act, the Expat FAQ states that for plan years beginning on or before December 31, 2015, the Agencies will treat expatriate health plans as treating the requirements of subtitles A and C of Title I of the Affordable Care Act if the plan and issuer comply with the pre-Affordable Care Act version of Title XXVII of the PHS Act, section 715 of ERISA, and section 9815 of the Code and other applicable law under ERISA and the Code including, for example, the mental health parity provisions, the HIPAA nondiscrimination provisions, the ERISA section 503 requirements for claims procedures, and any reporting and disclosure obligations under ERISA Part 1.

The Expat FAQ also confirms that the Agencies will treat coverage provided under an expatriate group health plan as a form of minimum essential coverage under section 5000A of the Code. If an individual has minimum essential coverage, the individual will not be subject to the “Individual Mandate” tax. Additionally, an employee who is offered “minimum essential coverage” by his/her employer will not be eligible for a subsidy in the Exchange if the employer coverage is “affordable” and provides “minimum value.” This means the employer will not be subject to a potential penalty under the ACA “Employer Shared Responsibility” provisions of new Code section 4980H.

Employers also should be careful to ensure that the guidance applies to their program. Sponsors and insurers providing or administering health benefits with respect to employees working or living outside the United States are cautioned of the need to confirm that their program falls under the Expat FAQ’s definition of “expatriate health plan.” For purposes of this temporary transitional relief, the Expat FAQ defines an “expatriate health plan” as “an insured group health plan with respect to which enrollment is limited to primary insureds who reside outside of their home country for at least six months of the plan year and any covered dependents, and its associated group health insurance coverage.” The Expat FAQ confirms its definition of “expatriate health coverage” also applies for purposes of the Health Insurer Issuer Standards Related to Transitional Reinsurance Program of 45 CFR 153.400(a)(1)(iii) for plans with plan years ending on or before December 31, 2015.

This definition of expatriate health plan will not extend to all health coverage provided for employees of U.S. companies working outside the United States. Employers and administrators of self-insured health plans providing coverage for expatriate employees take note, however. Because this definition presently is limited to “insured group health plans,” it self-insured health coverage provided for expatriate employees presently do not qualify as expatriate health plans covered by the relief contained in the Expat FAQ. Likewise, the definition also does not apply to health coverage provided for employees working abroad for periods of less than six months. Sponsors, insurers and administrators of health plans providing coverage for employees of U.S. employer working outside their home countries that fall outside the Expat FAQ definition of an “expatriate health plan” should ensure that their programs timely comply with all applicable federal health plan mandates including ACA.

Review and Update Plans To Manage Risks & Improve Effectiveness

Businesses providing health coverage to workers working outside of the United States should review their policies for compliance with the applicable requirements of the Affordable Care Act, to the extent applicable taking into account the Expat FAQ, as well as otherwise applicable requirements of ERISA, the Code, the PHS Act and other relevant federal laws. When conducting this review, sponsors, administrators and insurers also should consider opportunities to manage risks, improve plan value and cost effectiveness and mitigate other legal or operational concerns.

Health coverage provided to employees of U.S. businesses working outside the United States typically are provided under policies, plans and programs pursuant to products or other arrangements that may not be designed, documented or administered to adequately comply with relevant federal health plan mandates. Beyond minimizing legal exposures that may result from overlooked compliance obligations, employer or other sponsors, administrators and insurers of these programs generally should familiarize themselves about the health care delivery systems, private and public health benefit programs, regulations and other relevant requirements and circumstances that may impact their business’ obligations to provide or contribute toward the cost of health care coverage, access to quality care by their employees and their families while working outside the United States or their home country, and legal and operational issues that may arise when employees are working oversees, transitioning between countries, have family members residing in different countries or other special circumstances.

The Expat FAQ is only one of a deluge of new guidance recently finalized or proposed by the Agencies. With the effective date of the 2014 Affordable Care Act reforms rapidly approaching, more guidance is impending. Stay tuned for additional updates about Affordable Care Act and other federal health plan rules and guidance.

For More Information Or Assistance

About Solutions Law Press

Comments Off on IRS Gives Ex Pat Plans Limited Exemption From ACA Reporting Rule | 105(h), Affordable Care Act, Claims Administration, COBRA, Corporate Compliance, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, FMLA, Health Plans, HIPAA, Human Resources, I-9, Immigration, Insurance, Internal Controls, Medicare Part D, Mental Health, Mental Health Parity, Prescription Drugs, Uncategorized | Tagged: ACA, Employee Benefits, Employers, expatriate plans, Health Plans, International | Permalink
Posted by Cynthia Marcotte Stamer

PBGC Proposes Rules Allowing Lifetime Benefit Rollover Option For Defined Contribution Participant Account Balances

April 1, 2014

The Pension Benefit Guaranty Corporation (PBGC) is touting a proposal that would add the option for 401(k) and other defined contribution plan participants to elect at time of distribution to have the balance of their 401(k) plan account converted to traditional pensions.

Under proposed rules slated for publication in the April 2, 2014 Federal Register, the PBGC plans to define rules under which the defined contribution plans could offer employees with rollover options the opportunity to move their benefits from defined contribution plans to defined benefit plans and outline safeguards for benefits that are rolled over from defined contribution plans.

Under the new proposal, benefits earned from a rollover generally would not be affected by PBGC’s maximum guarantee limits. Currently the agency’s maximum guaranteed benefit for a 65-year-old retiree is almost $59,320 a year.

Also, rollover amounts generally would remain untouched by PBGC’s so-called five-year phase-in limits. Normally, benefit increases from changes to a plan in the five years before it ends are partially guaranteed. For instance, 20 percent of the increase is paid after one year, 40 percent after two years and so on. Under the new proposal, these restrictions generally would not apply

The PBGC proposal to allow defined contribution participants to convert their account balances into lifetime annuities at distribution reflects the general enthusiasm within the PBGC, the Employee Benefit Security Administration (EBSA) and other agencies for arrangements that annuitize defined contribution accounts that provides a guaranteed fixed income for the participant for the balance of his or her lifetime. In its April 1, 2014 announcement of impending publication of the proposed rule, the PBGC touts its proposal as making it “easier for participants in 401(k) plans to get higher returns and get lifetime income” by moving their funds into traditional pensions while removing “the fear that the amounts rolled over would suffer under guarantee limits should PBGC step in and pay benefits.”

“What we’re doing will hopefully give people an incentive to choose a savings option that they can’t outlive or outspend,” said PBGC Director Josh Gotbaum. “Annuities always offer greater retirement security.”

In the wake of the massive decline in retirement savings that came with scandals like Enron and Madoff and the economic downturn have fueled new support among the PBGC and other supporters of “lifetime income” arrangements, critics warn that the annuitizing an account to provide lifetime benefits in a low performing market is costly and cuts the recipient out of the opportunity to benefit if and when the market strengthens. They also warn that market downturns also can adversely affect the security of annuitized products. The notorious failures of the insurers providing “guaranteed investment income” in the 1980s led to the demise of GICs just as the real estate bust necessitated a government bailout to keep AIG and other insurers afloat. The PBGC and other advocates hope that their proposed standards for lifetime income accounts can produce the benefits of a lifetime income with little risk to the recipients.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on PBGC Proposes Rules Allowing Lifetime Benefit Rollover Option For Defined Contribution Participant Account Balances | Employers, ERISA, Health Plans, HIPAA, Human Resources, Insurance | Tagged: 401(k), annuities, defined contribution plan, GIC, Lifetime income, PBGC, Pensions, plan distributions, retirement, retirement income, retirement security | Permalink
Posted by Cynthia Marcotte Stamer

ONC HIPAA Security Risk Assessment Tool Intended To Help Covered Entities Assess Compliance

March 31, 2014

Health care providers, health plans, health care clearinghouses and their business associates Health Insurance Portability and Accountability Act (HIPAA) should check out the new Security Risk Assessment (SRA) Tool (Tool) application from the Office of the National Coordinator for Health IT (ONC). ONC says the Tool will help users take a self-directed tour of and assess compliance with the HIPAA Security Rule more understandable and security risk assessments easier. The Tool includes:

Context sections to help understand potential threats, vulnerabilities, and impacts
Examples of safeguards that could be instituted
Ability to export the report as an Excel or pdf document to share or analyze the information in a convenient format.

Download the Windows version of the tool at http://www.HealthIT.gov/security-risk-assessment or the iOS iPad version from the Apple App Store (search under “HHS SRA Tool”).

Public comments on the SRA Tool will be accepted at http://www.HealthIT.gov/security-risk-assessment until June 2. ONC says it will use comments to improve the SRA Tool in future update cycles.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on ONC HIPAA Security Risk Assessment Tool Intended To Help Covered Entities Assess Compliance | Employers, ERISA, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Covered Entities, Health Care, Health Plans, HIPAA OCR, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

List of Countries Excluded From Foreign Earned Income Exclusion Minimum Time Requirements Published

March 24, 2014

Revenue Procedure 2014-25 has the list of countries for tax year 2013 for which the minimum time requirements are waived for purposes of the foreign earned income exclusion. It will be formally published in Internal Revenue Bulletin 2014-15 on April 7, 2014.

For Representation, Training & Other Resources

If you need assistance monitoring or responding to these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on List of Countries Excluded From Foreign Earned Income Exclusion Minimum Time Requirements Published | Defined Benefit Plans, Defined Contribution Plans, Employers, ERISA, Human Resources, Insurance, Retirement Plans | Tagged: cash balance plans, Cycle C, determination letter, Determination Letters, ex patriate, International, Qualified Plans, Retirement Plans | Permalink
Posted by Cynthia Marcotte Stamer

Some Sponsors Should Act by 3/31 To Withdraw Individually-Designed Cash Balance Plan Approval Request

March 19, 2014

Employer or other sponsors of individually-designed cash balance plans who have pending Cycle C determination letter applications pending before the Internal Revenue Service (IRA) seeking approval of the qualification of their individually-designed plan who now prefer instead to adopt a pre-approved cash balance plan should act quickly to withdraw their pending application. The IRS has announced that these parties can get a refund of the application fee paid for the individually-designed plan application by signing the Form 8905, Certification of Intent to Adopt a Pre-approved Plan , by March 31, 2014 and withdrawing their pending applications for individually designed cash balance plans by May 31, 2014 in accordance with the instructions set forth later in this article.

Background

Announcement 2014-4 extended the submission period for pre-approved defined benefit pension plans from January 31, 2014, to February 2, 2015, to allow time for the IRS to expand the pre-approved program to let plans with cash balance features. The announcement also allowed Cycle C plan sponsors who want to adopt a pre-approved cash balance plan to complete and sign a Form 8905, Certification of Intent to Adopt a Pre-approved Plan by March 31, 2014, instead of submitting determination letter applications for individually designed plans by the Cycle C deadline of January 31, 2014.

Withdrawals for Cycle C Applicants For Individually-Designed Cash Balance Plan Approval

Cycle C applicants who already submitted their applications for individually-designed cash balance plans during the second Cycle C remedial amendment cycle that ended January 31, 2014, and who instead wish to adopt a pre-approved cash balance plan, may sign the Form 8905, withdraw the application, and request a refund of the user fee by complying with the instructions below.

The IRS says that a request for return of A Cycle C determination letter application and a refund of the user fee must be made in writing and postmarked (or faxed) by May 31, 2014 to: Internal Revenue Service 550 Main Street Cincinnati, OH 45202 Attn: Joyce Heinbuch. Correspondence sent via Fax should be sent to the attention of Ms. Heinbuch at (513) 263-4699 (not a toll-free call).

The written request must include:

the name of the plan sponsor
plan number
EIN
the document locator number, if known (shown on your IRS acknowledgement letter)
the following statement in bold letters: “Per Announcement 2014-4, we are withdrawing this application in order to submit under the pre-approved program.”

For additional information and resources, see Deadline Extended For Pre-Approved Defined Benefit Plans and FAQs on Withdrawing Cycle C Applications or contact your preferred employee benefit attorney.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on Some Sponsors Should Act by 3/31 To Withdraw Individually-Designed Cash Balance Plan Approval Request | Defined Benefit Plans, Defined Contribution Plans, Employers, ERISA, Human Resources, Insurance, Retirement Plans | Tagged: cash balance plans, Cycle C, determination letter, Determination Letters, Qualified Plans, Retirement Plans | Permalink
Posted by Cynthia Marcotte Stamer

HHS Extends Health Plan Certification of Compliance Comment Period

March 18, 2014

The Department of Health and Human Services (HHS) has extended the comment period for the proposed rule, “Administrative Simplification: Health Plan Certification of Compliance” to April 3, 2014 in hopes of receiving additional input from third party administrators (TPAs) and self-insured plans.

HHS is now accepting public comments on the proposed rule through April 3, 2014.

The Certification of Compliance for Health Plans proposed rule is different from previous Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification regulations because it affects more and different types of entities.

For example, many third party administrators, self-funded health plans, and group health plans that have not been impacted by previous HIPAA Administrative Simplification requirements will be affected by this rule, even if they do not directly conduct HIPAA covered transactions.

The proposed rule would require controlling health plans to submit documentation on or before December 31, 2015. It would also establish penalty fees for a controlling health plan that fails to comply with the Certification of Compliance requirements.

HHS says the goal of the extension of the comment period is to provide self-insured health plans and their TPAs time to understand and offer feedback on the business impacts of the Certification of Compliance proposed rule. HHS encourages these entities to submit feedback so that their comments and suggestions can be considered during the policy-making process.

The proposed rules will require self-insured health plans and their TPAs to incur financial and operational expense to implement the necessary technology, data collection and other arrangements to come into compliance with the proposed rules. To help minimize these burdens to the extent possible, these and other concerned parties should review the rules and share their concerns and input as soon as possible. Accordingly, self-insured health plans, their sponsors, TPAs and advisors should review the proposed rules and provide relevant input as soon as possible and no later than the extended April 3, 2014 due date.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on HHS Extends Health Plan Certification of Compliance Comment Period | Employers, ERISA, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Covered Entities, Health Care, Health Plans, HIPAA OCR, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

HIPAA Covered Entities Should Review & Correct HIPAA Policies In Response To New County Hospital Resolution Agreement, Other Developments

March 16, 2014

Health Department HIPAA Violations Cost County $250,000, Requires Sweeping HIPAA Reforms

Hear Update On Resolution Agreement & Other New HIPAA Developments At 3/18 North Texas Healthcare Professionals Association Meeting

Skagit County, Washington will pay a $215,000 monetary settlement and work closely with the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) to correct deficiencies in its HIPAA compliance program to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules by the Skagit County Public Health Department (Health Department) under a Resolution Agreement announced by OCR on March 7, 2014. The Resolution Agreement makes clear the need for health care providers, health plans, health care clearinghouses and their business associates to update and maintain their policies and practices in compliance with the constantly evolving OCR guidance and resolution agreements, as well as to timely investigate and report breaches. Interested persons are invited to hear a briefing on a series of new developments including this latest Resolution Agreement at the March 18, 2014 North Texas Healthcare Professionals Association Meeting.

OCR investigated the Health Department after receiving a breach report that unknown parties accessed money receipts with electronic protected health information (ePHI) of seven individuals after the ePHI had been inadvertently moved to a publicly accessible server maintained by the County.

OCR reports its investigation revealed a broader exposure of protected health information involved in the incident, which included the ePHI of 1,581 individuals. Many of the accessible files involved sensitive information, including protected health information about the testing and treatment of infectious diseases.

OCR’s investigation further uncovered general and widespread non-compliance by Skagit County with the HIPAA Privacy, Security, and Breach Notification Rules.

Specifically, the Resolution Agreement between OCR and the Health Department states that OCR found the following conduct occurred (“Covered Conduct”).

From approximately September 14, 2011 until September 28, 2011, Skagit County disclosed the ePHI of 1,581 individuals in violation of the Privacy Rule by providing access to ePHI on its public web server;
From November 28, 2011 until present, Skagit County failed to provide notification as required by the Breach Notification Rule to all of the individuals for whom it knew or should have known that the privacy or security of the individual’s ePHI had been compromised as a result of the breach incident;
From April 20, 2005 until present, Skagit County failed to implement sufficient policies and procedures to prevent, detect, contain, and correct security violations;
From April 20, 2005 until June 1, 2012, Skagit County failed to implement and maintain in written or electronic form policies and procedures reasonably designed to ensure compliance with the Security Rule; and
From April 20, 2005 until present, Skagit County failed to provide security awareness and training to all workforce members, including its Information Security staff members, as necessary and appropriate for the workforce members to carry out their functions within Skagit County.

To resolve OCR’s allegations of these breaches, Skagit County agrees under the Resolution Agreement to pay HHS $215,000.00 and to ensure that the Health Department implements a series of corrective actions. Among other things, the Resolution Agreement requires that the Health Department:

Provide substitute Breach Notification to individuals not previously notified of the breach of their ePHI in accordance with the Resolution Agreement
Revise to the satisfaction of OCR and adopt revised accounting for disclosure, hybrid entity designations, policies on safeguarding PHI, including its sample business associate agreements;
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI) held by the covered health care components of Skagit County as identified in its hybrid entity documentation approved by HHS and implement security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level.
Create and revise, as necessary, written policies and procedures for its covered health care components to comply with the Federal standards that govern the privacy, security, and breach notification of individually identifiable health information;
Comply with strict workforce training requirements;
Notify and OCR of the occurrence of some reported breaches, its investigation and corrective actions;
Provide a summary of the reported events and the status of any corrective and preventative action relating to all such Reportable Events; and
Provide OCR with an attestation signed by an officer of Skagit County attesting that he or she has reviewed the Annual Report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful.

In addition to bringing its policies and practices up to date with OCR regulations in effect at the time of the breach that resulted in the Resolution Agreement, the Health Department also will have to update its policies and practices to meet changes to OCR’s HIPAA rules that have taken effect since the breach under the revised rules published by OCR in its Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Final Rule) OCR published January 25, 2013 as well as a series of recently issued OCR rules such as the following:

HIPAA Privacy Rule and Sharing Information Related to Mental Health published on
Spanish Language Model Notices of Privacy Practices published on 2/13/14
CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports published on 2/3/14; and
Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) published on 1/7/14
HIPAA Privacy Rule: Disclosures for Emergency Preparedness – A Decision Tool
The HIPAA Privacy Rule and Refill Reminders and Other Communications about a Drug or Biologic Currently Being Prescribed for the Individual
Health Information of Deceased Individuals
Student Immunizations; and
Model Notices of Privacy Practices (English).With OCR stepping up both audits and enforcement and penalties for violations higher than ever since the HITECH Act amended HIPAA, Covered Entities and business associates should act quickly to review and update their policies, practices and training to implement any adjustments needed to maintain compliance and manage other risks under these ever-evolving HIPAA standards.

Covered Entities & Business Associates Should Review & Tighten Practices in Response To Resolution Agreement & Other New Guidance

Other covered entities and their business associates should carefully evaluate and tighten their existing practices in response to the Resolution Agreement and other recent guidance. In the past, OCR officials have stated it expects that other health care providers, health plans, health care clearinghouses and their business associates will review resolution agreements like this one along with other emerging OCR guidance and update their practices as necessary to address concerns within their own organization that might be similar to those reflected in the applicable resolution agreement. The Resolution Agreement documents this expectation by specifically incorporating this requirement as part of its terms.

Hear Stamer’s Update On Resolution Agreement & Other New HIPAA Developments At 3/18 North Texas Healthcare Professionals Association Meeting

Scribe for the American Bar Association Annual Agency Meeting with OCR for the fourth year, attorney Cynthia Marcotte Stamer will overview these and other HIPAA developments when she presents “Tutoring On OCR’s Latest HIPAA Homework” at the North Texas Healthcare Professionals Association Study Group Luncheon on Tuesday, March 18, 2014 from 11:30 p.m. to 1:00 p.m. at the offices of the Dallas Ft Worth Hospital Council, 250 Decker Drive, Irving, TX 75062-2706. A complimentary luncheon will be served to guests to who register in advance. There is no charge to particulate but space is limited. RSVP here by Noon on March 17, 2014.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on HIPAA Covered Entities Should Review & Correct HIPAA Policies In Response To New County Hospital Resolution Agreement, Other Developments | Employers, ERISA, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Covered Entities, Health Care, Health Plans, HIPAA OCR, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

HHS Extends Proposed EDI Rule Time to 4/3 To Get More Input From Self-Insured Plans, TPAs

March 6, 2014

Third party administrators (TPAs), self-insured health plans and concerned payers and plan sponsors now have a little more time to comment on the Department of Health & Human Services (HHS) proposed rule, “Administrative Simplification: Health Plan Certification of Compliance.”

HHS announced its extension to April 3, 2014 of the comment period today in specific hopes that it will receive additional comments from TPAs and self-insured plans

As proposed, the proposed rule would require controlling health plans to submit documentation on or before December 31, 2015. It would also establish penalty fees for a controlling health plan that fails to comply with the Certification of Compliance requirements.

HHS says that the goal of the extension of the comment period is to provide these entities with time to understand and offer feedback on the business impacts of the Certification of Compliance proposed rule. HHS encourages these entities to submit feedback so that their comments and suggestions can be considered during the policy-making process.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on HHS Extends Proposed EDI Rule Time to 4/3 To Get More Input From Self-Insured Plans, TPAs | Employers, Health Plans, HIPAA, Human Resources, Insurance, MEWA | Tagged: Administrative Simplification, EDI, eligibility, Health IT, Health Plans, HIPAA, Insurance, self-insured, tpa | Permalink
Posted by Cynthia Marcotte Stamer

New OCR Guidance Assigns More HIPAA Homework Health Plans, Providers, Business Associates and Employers

March 5, 2014

Think your health plan, health care organization, health care clearinghouse or their business associates has health care privacy covered? Think again.

HIPAA Privacy Rule and Sharing Information Related to Mental Health published on
Spanish Language Model Notices of Privacy Practices published on 2/13/14
CLIA Program and HIPAA Privacy Rule; Patients’ Access to Test Reports published on 2/3/14; and
Proposed Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and the National Instant Criminal Background Check System (NICS) published on 1/7/14.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. The scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights (OCR) for the past several years who has worked on medical and other privacy concerns throughout her career, she regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others, defends covered entities and business associates against OCR, FTC and other privacy and data security investigations, serves as special counsel in litigation arising from these concerns and is the author of several highly regarded publications on HIPAA and other privacy and security concerns.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on New OCR Guidance Assigns More HIPAA Homework Health Plans, Providers, Business Associates and Employers | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Affordable Care Act, Business Associate, cost sharing, Data Security, group health plan, Health Insurance, Health Insurer, Health Plan, HIPAA, Insurer, OCR, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Agencies Clarify Applicability of ACA Out-Of-Pocket Versus Deductible Cost Sharing Limitations

March 4, 2014

Non-grandfathered self-insured and large group health plans must comply with the out-of-pocket limits in 2014 but pending further guidance are excused from the duty to comply with deductible limitations imposed by the cost-sharing limitations of the Patient Protection & Affordable Care Act (ACA) according to new guidance jointly published February 20, 2013 by the Departments of Labor (DOL), Health and Human Services (HHS), and the Treasury (collectively, the “Departments”) in “FAQS About Affordable Care Act Implementation (Part XII)” (hereafter, the “FAQ”). However, the FAQ includes a transitional rule that allows plans to apply separate out-of-pocket maximums to prescription drug coverage and other group health plan for 2014, to allow them time to adjust contracts in response to the requirement.

ACA Cost-Sharing Limits

Public Health Service (PHS) Act § 2707(b), as added by the ACA, requires a group health plan to ensure that any annual cost-sharing imposed under the plan does not exceed the limitations provided for under ACA §§1302(c)(1) and (c)(2). § 1302(c)(1) of ACA requires that group health plans limit out-of-pocket maximums while ACA § 1302(c)(2) limits deductibles for employer-sponsored plans.

ACA Deductible Limits

The FAQ clarifies that pending further guidance, self-insured group health plans and large group health plans currently are not generally required to comply with ACA’s deductible limitations. According to the FAQ, the Departments currently view the deductible limits as generally applicable only to non-grandfathered small group insurance coverage and qualified health plans offered in the small group market. Additionally, the FAQ notes that pursuant to ACA § 1302(c)(2)(C), small group market health insurance coverage may exceed the annual deductible limit if it cannot reasonably reach a given level of coverage (metal tier) without exceeding the deductible limit.

In contrast, the FAQ states about self-insured and large group health plans, the Departments intend to engage in future rule making to implement PHS Act § 2707(b) with respect to self-insured and large group health plans. However, the FAQ reports that the Departments continue to believe that only plans and issuers in the small group market are required to comply with the deductible limit described in ACA § 1302(c)(2).

The Departments invite interested parties to submit comments or other input relative to these deliberations no later than April 22, 2013 to e.ohpsca-2707.ebsa@dol.gov.

Until that rule making is promulgated and effective, however, the FAQ states that a self-insured or large group health plan can rely on the Departments’ stated intention to apply the deductible limits imposed by § 1302(c)(2) of the ACA only on plans and issuers in the small group market. Accordingly, only plans and issuers in the small group market currently must comply with the ACA deductible limitations pending further guidance.

ACA Annual Out-Of-Pocket Maximum

In contrast, the FAQ confirms that all non-exempt, non-grandfathered group health plans – including self-insured and large and small insured group health plans must comply with ACA’s annual limits on out-of-pocket maximums.

The FAQ reaffirms statements in the preamble to the HHS final regulation on standards related to essential health benefits that the Departments read PHS Act § 2707(b) as requiring all non-grandfathered group health plans subject to ACA to comply with the annual limitation on out-of-pocket maximums described in ACA § 1302(c)(1).

While stating all non-grandfathered non-exempt group health plans generally must comply with the out-of-pocket maximum rules, the Departments recognize in the FAQ that the use by many plans of multiple service providers to help administer benefits (such as one third-party administrator for major medical coverage, a separate pharmacy benefit manager, and a separate managed behavioral health organization) may create compliance challenges since separate plan service providers may impose different levels of out-of-pocket limitations and may use different

methods for crediting participants’ expenses against any out-of-pocket maximums. To allow plans time to implement the arrangements to adjust plans and coordinate communications, the FAQ states that only for the first plan year beginning on or after January 1, 2014, where a group health plan or group health insurance issuer uses more than one service provider to administer benefits that are subject to the annual limitation on out-of-pocket maximums under ACA §§ 2707(a) or 2707(b), the Departments will consider the annual limitation on out-of-pocket maximums to be satisfied if the following conditions are satisfied:

The plan complies with the requirements with respect to its major medical coverage (excluding, for example, prescription drug coverage and pediatric dental coverage);
To the extent the plan or any health insurance coverage includes an out-of-pocket maximum on coverage that does not consist solely of major medical coverage (for example, if a separate out-of-pocket maximum applies with respect to prescription drug coverage), such out-of-pocket maximum does not exceed the dollar amounts set forth in ACA § 1302(c)(1); and
The plan complies with existing regulations implementing Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA) which prohibit a group health plan (or health insurance coverage offered in connection with a group health plan) from applying a cumulative financial requirement or treatment limitation, such as an out-of-pocket maximum, to mental health or substance use disorder benefits that accumulates separately from any such cumulative financial requirement or treatment limitation established for medical/surgical benefits.

Accordingly, while the FAQ generally allows plans using separate vendors to separately apply out-of-pocket maximums to prescription drug coverage from medical benefits generally, this is not allowed to be accomplished where the effect would be to impose an annual out-of-pocket maximum on all medical/surgical benefits and a separate annual out-of-pocket maximum on all mental health and substance use disorder benefits in violation of the MHPAEA.

The FAQ is one of many clarifications and other guidance implementing the ACA Rules. Compliance with these requirements as implemented is critical, as group health plans and insurers, their fiduciaries and sponsors face a myriad of exposures for violating these and other health plan rules. In the case of these and many other federal health plan rules, this includes an often overlooked obligation imposed under Internal Revenue Code § 6039D to self-identify, self-report and pay excises taxes under that provision in the event of a violation, as well as traditionally applicable ERISA exposures for violating federal benefit and coverage mandates. In light of these risks, health insurers, group health plan sponsors, fiduciaries and service providers are urged to act diligently to amend their plans and take other necessary arrangements to administer their programs in accordance with the applicable rules.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on Agencies Clarify Applicability of ACA Out-Of-Pocket Versus Deductible Cost Sharing Limitations | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Affordable Care Act, cost sharing, group health plan, Health Insurance, Health Insurer, Health Plan, Insurer | Permalink
Posted by Cynthia Marcotte Stamer

Medicare Secondary Payer Mandatory Reporting Threshold Clarified

March 4, 2014

The Centers for Medicare & Medicaid Services (CMS) has revised its guidance in its Non-Group Health Plan (NGHP) User Guide to clarify the reporting threshold for certain liability (including Self-Insurance) Settlements, Judgment Awards, or other Payments under the provisions of the Medicare Secondary Payer Mandatory Reporting Provisions in Section 111 of the Medicare, Medicaid, and SCHIP Extension Act of 2007, 42 U.S.C. 1395y(b)(7)&(b)(8) (the “Secondary Payer Mandatory Reporting Provisions”)

CMS announced revision to the NGHP User Guide in a February 28, 2014 CMS Alert. According to the Alert:

The current mandatory reporting threshold for liability insurance (including self-insurance) Total Payment Obligation to the Claimant (TPOC) is $2000 and over for TPOCs dated on or after October 1, 2013.
The mandatory reporting threshold for liability (including self-insurance) TPOCs dated October 1, 2014 and after is changing from $300 to $1000. If the most recent TPOC Date is on or after October 1, 2014, and the cumulative TPOC Amount is greater than $1000, the TPOC(s) must be reported no later than the end of the RRE’s submission timeframe in the quarter beginning January 1, 2015.
Error code CJ07 has not been updated to reflect this change. Further guidance will be provided at a later date about changes to this error code to coincide with the new reporting threshold of $1000.

CMS reports that these changes will also be applied to the downloadable version of the MMSEA Section 111 Coordination of Benefits Secure Website (COBSW) User Guide, available on the COBSW.

The Secondary Payer Mandatory Reporting Provisions are designed to aid CMS in enforcing rules that require that group health insurance plans and third party liability payments be treated as primary and entitle CMS to subrogate to and recover amounts paid from Medicare from these sources as well as other penalties and interest from beneficiaries, providers, plans and others. For additional information about the Secondary Payer Mandatory Reporting Provisions, see here.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on Medicare Secondary Payer Mandatory Reporting Threshold Clarified | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: ACA, Affordable Care Act, Annual Fee, Coordomation of Benefits, Health Care Provider, Health Plan, Insurer, Secondary Payer, Tax | Permalink
Posted by Cynthia Marcotte Stamer

3/3 Deadline To Comment On HHS Proposed Health Plan Certification of EDI Compliance Rule

March 3, 2014

Today (March 3, 2014) is the deadline for controlling health plans (“CHPs) and other concerned parties to comment on the “Administrative Simplification: Health Plan Certification of Compliance” rule (Proposed Rule) published by the Department of Health & Human Service (HHS) on January 2, 2014. If adopted as published, CHPs would be required to prepare and file the required certification with HHS by December 15, 2015.

HHS plans to use the Proposed Rule to implement the requirement of Section 1173(h)(1)(A) of the Patient Protection and Affordable Care Act (ACA) that CHPs file a statement with HHS certifying that the health plan is in compliance with the adopted standards and operating rules for electronic transactions for Eligibility for a health plan, health care claim status, health care electronic funds transfers (EFT) and remittance advice transactions established as part of the Standards for Electronic Transactions Final Rule (ET Standards) of the Health Insurance Portability and Accountability Act (HIPAA) Administrative Simplification Requirements (the “First Certification”).

Beyond the First Certification, ACA Section 1173(h)(1)(B) separately mandates health plan certification of compliance by December 31, 2015 for the following HIPAA transactions: Health care claims or equivalent encounter information, enrollment and disenrollment in a health plan, health plan premium payments, health claims attachments, and referral certification and authorization. Meanwhile ACA section 1173(h)(5) of the Act mandates that health plans meet certification of compliance requirements for later versions of the standards and operating rules.

The Proposed Rule only covers the First Certification. Guidance on the other certification rules will be separately published.

When adopted, the Proposed require that CHPs to submit the First Certification to HHS on or before December 31, 2015 certifying and demonstrating the CHPs compliance with these adopted standards and operating rules for three electronic transactions.

The following Table 1 displays the specific standards and operating rules to which the requirements for the First Certification of compliance apply.

To comply with the First Certification requirement, CHPs will have to conduct the necessary testing to be able to verify that the CHP has conducted testing and verified the health plan’s compliance with HIPAA’s electronic transactions standards for health plans concerning:

Eligibility for health plan coverage
Health care claim status
Health care electronic funds transfers (EFT) and remittance advice

The Proposed Rule proposes the requirements for certification and the penalties that will apply to a CHP that fails to comply with the certification of compliance requirements.

HHS is accepting public comments on the proposed rule through March 3, 2014.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on 3/3 Deadline To Comment On HHS Proposed Health Plan Certification of EDI Compliance Rule | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: ACA, Affordable Care Act, Annual Fee, Health Plan, Insurer, Tax | Permalink
Posted by Cynthia Marcotte Stamer

Rules For Reporting ACA Health Insurance Provider Information Are Out

January 20, 2014

Notice 2013-76 provides guidance on the health insurance providers fee related to (1) the time and manner for submitting Form 8963, “Report of Health Insurance Provider Information,” (2) the time and manner for notifying covered entities of their preliminary fee calculation, (3) the time and manner for submitting a corrected Form 8963 for the error correction process, and (4) the time for notifying covered entities of their final fee calculation.

The IRS published the Revenue Ruling in Internal Revenue Bulletin 2013-51 on December 16, 2013.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on Rules For Reporting ACA Health Insurance Provider Information Are Out | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: ACA, Affordable Care Act, Annual Fee, Health Plan, Insurer, Tax | Permalink
Posted by Cynthia Marcotte Stamer

IRS: Insurers Taxed On ACA Annual Fee Assessments Collected From Customers

January 20, 2014

Insurers passing along the annual fee imposed under Section 9010 of the Patient Protection & Affordable Care Act (ACA) to customers will pay taxes on the amounts collected.

Revenue Ruling 2013-27 holds that a covered entity must include in gross income amounts it collects from policyholders to offset the cost of the annual fee imposed under ACA Section 9010. A covered entity generally is an entity engaged in the business of providing health insurance that provides health insurance for a United States health risk.

The IRS published the Revenue Ruling in Internal Revenue Bulletin 2013-51 on December 16, 2013.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on IRS: Insurers Taxed On ACA Annual Fee Assessments Collected From Customers | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: ACA, Affordable Care Act, Annual Fee, Health Plan, Insurer, Tax | Permalink
Posted by Cynthia Marcotte Stamer

2013 Cumulative List of Plan Plan Qualification Requirements Helpful Resource To Monitor Plan Updates

January 20, 2014

Want to double-check the updates might be needed to update your qualified pension or profit-sharing plan to keep its tax-qualification for the 2013 plan year? Check out Notice 2013-84.

Notice 2013-84 contains the 2013 Cumulative List of Changes in Plan Qualification Requirements (2013 Cumulative List) described in section 4 of Rev. Proc. 2007-44, 2007-2 C.B. 54. The annual list included in the Notice was published in Internal Revenue Bulletin 2013-52 on December 23, 2013.

Plan sponsors, fiduciaries and administrators, service providers and others generally will want to review their existing qualified pension and profit-sharing plans against this list to confirm that it continues to meet all qualification requirements.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on 2013 Cumulative List of Plan Plan Qualification Requirements Helpful Resource To Monitor Plan Updates | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: 401(k), defined contribution plan, Pension, plan qualification, plan qualification requirements, profit sharing, Qualified Plans, tax qualification | Permalink
Posted by Cynthia Marcotte Stamer

IRS Gives Temporary Nondiscrimination Relief For Closed Defined Benefit Plans

January 20, 2014

The Internal Revenue Service (IRS) recently granted temporary nondiscrimination relief for certain “closed” defined benefit pension plans (i.e., defined benefit plans that provide ongoing accruals but that have been amended to limit those accruals to some or all of the employees who participated in the plan on a specified date).

Notice 2014-05 allows certain employers that sponsor a closed defined benefit plan and a defined contribution plan to show that the aggregated plans comply with the nondiscrimination requirements of Internal Revenue Code Section 401(a)(4) on the basis of equivalent benefits, even if the aggregated plans do not satisfy the current conditions for testing on that basis. The Notice also requests comments on possible permanent changes to the nondiscrimination rules under Internal Revenue Code Section 401(a)(4).

Notice 2014-was published in Internal Revenue Bulletin 2014-2 on January 6, 2014

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

For the past two years, Ms. Stamer has served as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR, FTC, USSS, FBI and state and local law enforcement on privacy, data security, health care, benefits and insurance and other matters, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

Comments Off on IRS Gives Temporary Nondiscrimination Relief For Closed Defined Benefit Plans | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: 125, 401(a)(4), cafeteria plan, closed defined benefit plan, defense of marriage act, defined benefit plan, discrimination testing, FSA, HSA, nondiscrimination, Qualified Plan, Windsor | Permalink
Posted by Cynthia Marcotte Stamer

New IRS Guidance On Claiming Small Business Health Care Tax Credit When No SHOP Enrollment Option

January 20, 2014

Notice 2014-06 provides guidance on Section 45R of the Internal Revenue Code for certain small employers that cannot offer a qualified health plan through a Small Business Health Options Program (SHOP) Exchange because the employer’s principal business address is in a county in Washington or Wisconsin in which a QHP through a SHOP Exchange will not be available for 2014. Published in Internal Revenue Bulletin 2014-2 on January 6, 2014, it provides guidance about how these employers might satisfy the requirements to qualify to claim the small business health care tax credit under Code Section 45R for the 2014 taxable year.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on New IRS Guidance On Claiming Small Business Health Care Tax Credit When No SHOP Enrollment Option | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: 125, cafeteria plan, defense of marriage act, FSA, HSA, Windsor | Permalink
Posted by Cynthia Marcotte Stamer

IRS Updates, Supplements Cafeteria Plan & HSA Post-Windsor Same-Sex Participant Guidance

January 20, 2014

Sponsoring employers and administrators of cafeteria plans now have additional guidance from the Internal Revenue Service (IRS) about when same-sex couples can be treated as spouses for purposes of Internal Revenue Code (Code) Section 125’s rules on cafeteria plans, including health and dependent care flexible spending arrangements (FSAs), and Code Section 223’s rules about health savings accounts (HSAs) following the Supreme Court decision declaring unconstitutional the Defense of Marriage Act (DOMA) in United States v. Windsor, 570 U.S. ___, 133 S. Ct. 2675 (2013). Notice 2014-01 supplements the guidance originally published by the IRS by responding to certain questions about when plan amendments may be necessary, the handling of mid-year election requests based on acquisition of a same-sex spouse and the reimbursement of medical or dependent care expenses of same-sex spouses.

Original Post-Windsor Guidance

Before the Windsor decision declared DOMA unconstitutional, Internal Revenue Service (IRS) guidance prohibited cafeteria plans, including HSAs and FSAs from treating same-sex partners as married based on DOMA’s restriction of the definition for federal tax and other federal law purposes to only a legal union between one man and one woman and the definition of “spouse” only to a person of the opposite sex who is a husband or wife. As a result, IRS pre-Winsor guidance prohibited HSAs, FSAs and other cafeteria plans from allowing employees to elect coverage of same-sex spouses on a pre-tax basis under a cafeteria plan unless the spouse otherwise qualified as a tax dependent of the employee.

In response to the Windsor ruling of DOMA unconstitutional, the IRS initially updated its guidance to reflect the Windsor ruling in Rev. Rul. 2013-17, which held:

For Federal tax purposes, the terms “spouse,” “husband and wife,” “husband,” and “wife” include an individual married to a person of the same sex if the individuals are lawfully married under state law, and the term “marriage” includes such a marriage between individuals of the same sex;
For Federal tax purposes, the IRS adopts a general rule recognizing a marriage of same-sex individuals that was validly entered into in a state whose laws authorize the marriage of two individuals of the same sex even if the married couple is domiciled in a state that does not recognize the validity of same-sex marriages;
For Federal tax purposes, the terms “spouse,” “husband and wife,” “husband,” and “wife” do not include individuals (whether of the opposite sex or the same sex) who have entered into a registered domestic partnership, civil union, or other similar formal relationship recognized under state law that is not denominated as a marriage under the laws of that state, and the term “marriage” does not include such formal relationships;
Rev. Rul. 2013-17 also stated that taxpayers could rely on this holding retroactively for purposes of filing original returns, amended returns, adjusted returns, or claims for credit or refund employment tax and income tax with respectto employer-provided health coverage benefits or fringe benefits that the employer provided and are excludable from income under sections 106, 117(d), 119, 129, or 132 based on an individual’s marital status; and
For purposes of the preceding sentence, if an employee made a pre-tax salary-reduction election for health coverage under a section 125 cafeteria plan sponsored by an employer and also elected to provide health coverage for a same-sex spouse on an after-tax basis under a group health plan sponsored by that employer, an affected taxpayer may treat the amounts that were paid by the employee for the coverage of the same-sex spouse on an after-tax basis as pre-tax salary reduction amounts.

Notice 2014-01 Supplemental Guidance

Notice 2014-01 discusses when plan sponsors may need to amend their cafeteria plan documents to allow mid-year election changes by same-sex spouses. It states that a cafeteria plan that does not contain written terms that allow changes of election upon change in legal marital status generally would need to be amended before a same-sex couple could be allowed to make an election change. However, where the cafeteria plan already contains written terms permitting a change in election upon a change in legal marital status, Notice 2014-01 states a plan amendment generally is not required to allow an employee who acquires a same-sex spouse to make a mid-year election change in response to the acquisition of a same-sex spouse.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on IRS Updates, Supplements Cafeteria Plan & HSA Post-Windsor Same-Sex Participant Guidance | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: 125, cafeteria plan, defense of marriage act, FSA, HSA, Windsor | Permalink
Posted by Cynthia Marcotte Stamer

IRS Published Covered Compensation Table For 2014

January 20, 2014

The Internal Revenue Service (IRS) Rev. Rul. 2014-3 contains the table of covered compensation to be used for purposes of determining the covered compensation of plan participants under Section 401(l)(5)(E) of the Internal Revenue Code (the “Code”) for the 2014 plan year.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on IRS Published Covered Compensation Table For 2014 | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Disability Insurance, Insurance, life insurance | Permalink
Posted by Cynthia Marcotte Stamer

IRS Publishes Interest Rates For Calculating Insurer Reserves Under IRC Section 807

January 20, 2014

The Internal Revenue Service recently updated the state assumed interest rates insurance companies must use to compute their reserves for (1) life insurance and supplementary total and permanent disability benefits, (2) individual annuities and pure endowments, and (3) group annuities and pure endowments for post December 31, 2012 in Revenue Ruling 2014-4. Insurers should review and update their calculations accordingly.

For Representation, Training & Other Resources

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on IRS Publishes Interest Rates For Calculating Insurer Reserves Under IRC Section 807 | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Disability Insurance, Insurance, life insurance | Permalink
Posted by Cynthia Marcotte Stamer

Dermatology Practice To Pay $150K To Settle Charges It Breached HIPAA Breach Notice Rule

December 26, 2013

A new settlement agreement announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) shows health plans, health care providers, health care clearinghouses and their business associates the perils of failing to properly implement the necessary policies and procedures to comply with the breach notification requirements added to the Health Insurance Portability & Accountability Act of 1996 (HIPAA) added by the Health Information Technology for Economic and Clinical Health (HITECH) Act, passed as part of American Recovery and Reinvestment Act of 2009 (ARRA).

Private dermatology practice,, Adult & Pediatric Dermatology, P.C., (APDerm) has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules. The APDerm Setttlement marks the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the HITECH Act.

According to its December 26, 2013 announcement of the settlement, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) opened an investigation of APDerm upon receiving a report that an unencrypted thumb drive containing the electronic protected health information (ePHI) of approximately 2,200 individuals was stolen from a vehicle of one its staff members. The thumb drive was never recovered. The investigation revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI as part of its security management process. Further, APDerm did not fully comply with requirements of the Breach Notification Rule to have in place written policies and procedures and train workforce members.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The APDerm settlement provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. It joins the growing list of settlement or resolution agreements under HIPAA announced by OCR.

The APDerm also is notable both as it settles the first ever charges against a covered entity for failing to adopt required Breach Notification policies and procedures and the relatively most settlement payment required in comparison to other announced settlement. Other settlements have been significantly higher. For instance, OCR required that Blue Cross Blue Shield of Tennessee (BCBST) to pay $1.5 million to resolve HIPAA violations charges.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s audit, investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, evolving rules and technology, and other developments to determine if additional steps are necessary or advisable. For tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Comments Off on Dermatology Practice To Pay $150K To Settle Charges It Breached HIPAA Breach Notice Rule | Employers, Health Plans, HIPAA, Human Resources, Insurance | Tagged: Health Plans, HIPAA, OCR, Privacy, Resolution agreement | Permalink
Posted by Cynthia Marcotte Stamer

OFCCP Posts Additional FAQs on the Implementation of the VEVRAA and Section 503 Final Rules

December 26, 2013

The Office of FCCP posted a third round of Frequently Asked Questions (FAQs) answering questions from contractors and the general public about provisions in the recently published Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) and Section 503 of the Rehabilitation Act (Section 503) Final Rules. These FAQs address implementation issues, such as the schedule for contractors to come into compliance with the affirmative action requirements of Subpart C of the new regulations. These latest FAQs, published on the OFCCP Web site and marked with a “NEW” banner, are part of a series of FAQs, guidance materials, and resources that OFCCP is providing to contractors and the public between now and the March 24, 2014, effective date of the new rules.

The VEVRAA FAQs are available here. The Section 503 FAQs are available here.

For Assistance or More Information

If you have questions or need help with these or employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. Her widely respected publications and programs include more than 25 years of publications on health plan contracting, design, administration and risk management including a “Managed Care Contracting Guide” published by the American Health Lawyers Association and numerous other works on vendor contracting. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here . You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on OFCCP Posts Additional FAQs on the Implementation of the VEVRAA and Section 503 Final Rules | 105(h), ADA, Affordable Care Act, Corporate Compliance, Disability, E-Verify, EEOC, EEOC, Employee Benefits, Employers, Employment Tax, ERISA, Health Plans, HIPAA, Human Resources, Insurance, Labor Management Relations, OFCCP, Rehabilitation Act, Retaliation, Safety, Unemployment Benefits, Unemployment Insurance | Tagged: Employer, employment law, ERISA, Grants, Job Corps, Labor Department, OSHA, Workforce Investment | Permalink
Posted by Cynthia Marcotte Stamer

OFCCP Posts Additional FAQs on the Implementation of the VEVRAA and Section 503 Final Rules

December 26, 2013

The Office of Federal Contract Compliance Programs (OFCCP) posted a third round of Frequently Asked Questions (FAQs) answering questions from contractors and the general public about provisions in the recently published Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) and Section 503 of the Rehabilitation Act (Section 503) Final Rules. These FAQs address implementation issues, such as the schedule for contractors to come into compliance with the affirmative action requirements of Subpart C of the new regulations. These latest FAQs, published on the OFCCP Web site and marked with a “NEW” banner, are part of a series of FAQs, guidance materials, and resources that OFCCP is providing to contractors and the public between now and the March 24, 2014, effective date of the new rules.

The VEVRAA FAQs are available at here. The Section 503 FAQs are available at here

For Assistance or More Information

Other Helpful Resources & Other Information

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on OFCCP Posts Additional FAQs on the Implementation of the VEVRAA and Section 503 Final Rules | 105(h), ADA, Affirmative Action, Affordable Care Act, Corporate Compliance, Disability, EEOC, EEOC, Employers, Employment Tax, ERISA, Government Contractors, Health Plans, HIPAA, Human Resources, Insurance, Labor Management Relations, Military Leave, OFCCP, Rehabilitation Act, Retaliation, Safety, Unemployment Benefits, Unemployment Insurance | Tagged: Employer, Military Leave, Veterans Righs | Permalink
Posted by Cynthia Marcotte Stamer

OIG 2013 Top Management Challenges List Signals Tightening of Labor Department Enforcement

December 26, 2013

Employers should expect heighten scrutiny and enforcement in the labor law areas identified in the “2013 Top Management Challenges Facing the Department List” recently published by the U.S. Department of Labor Office of Inspector General. Employers can expect to see the Labor Department and its component agencies acting to tighten oversight and enforcement in these areas in response to the OIG list.

For 2013, the OIG identified the following as the most serious management and performance challenges facing the Department:

Protecting the Safety and Health of Workers
Protecting the Safety and Health of Miners
Improving Performance Accountability of Workforce Investment Act Grants
Ensuring the Effectiveness of the Job Corps Program
Reducing Improper Payments
Ensuring the Security of Employee Benefit Plan Assets
Securing and Protecting Information Management Systems
Ensuring the Effectiveness of Veterans’ Employment and Training Service Programs

In the report accompanying the OIG list, the OIG presents the challenge, the OIG’s assessment of the Department’s progress in addressing the challenge, and what remains to be done. These top management challenges are intended to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Typically, the identification of an area of concern by the OIG prompts tightening of processes and enforcement.

For Assistance or More Information

Other Helpful Resources & Other Information

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on OIG 2013 Top Management Challenges List Signals Tightening of Labor Department Enforcement | 105(h), ADA, Affordable Care Act, Corporate Compliance, Disability, E-Verify, EEOC, EEOC, Employee Benefits, Employers, Employment Tax, ERISA, Health Plans, HIPAA, Human Resources, Insurance, Labor Management Relations, OFCCP, Rehabilitation Act, Retaliation, Safety, Unemployment Benefits, Unemployment Insurance | Tagged: Employer, employment law, ERISA, Grants, Job Corps, Labor Department, OSHA, Workforce Investment | Permalink
Posted by Cynthia Marcotte Stamer

DOL Sues PBI Bank For Alleged Fiduciary Breach In Sale of ESOP Stock

December 26, 2013

Labor Department files suit to restore losses to the Miller’s Health Systems Employee Stock Ownership Plan

Bank or other plan trustees and fiduciaries of Employee Stock Ownership Plans or other employee benefit plans holding company stock, sponsoring employers and their management should heed the new Perez v. PBI Bank, Inc. lawsuit filed by the U.S. Department of Labor of the importance of not running afoul of the fiduciary responsibility rules of the Employee Retirement Income Security Act when conducting business sales, bankruptcies or other corporate business transactions involving stock or other plan assets.

The U.S. Department of Labor filed the PBI Bank, Inc. in U.S. District Court to recover losses to the Miller’s Health Systems, Inc., Employee Stock Ownership Plan. The suit alleges that PBI Bank, Inc., the trustee of the plan, authorized the purchase of company stock for $40 million, an amount far in excess of the fair market value of the stock. The suit also alleges that PBI Bank approved financing for the transaction at an excessive interest rate. Miller’s Health is a Warsaw-based company that manages long-term care and assisted-living facilities. The lawsuit also seeks to remove PBI as a fiduciary and service provider of the plan and to permanently bar it from serving as a fiduciary or service provider to ERISA-covered plans in the future.

ERISA’s fiduciary responsibility rules generally require trustees and other fiduciaries of employee stock ownership or other employee benefit plans to act prudently and for the exclusive benefit of participants and beneficiaries and abstain from self-dealing or prohibited transactions involving the plan. Fiduciaries that violate these rules risk personal liability for damages incurred by the plan, restoration of profits realized from prohibited transactions or other fiduciary breaches, as well as attorneys fees and other costs as well as disqualification from serving as a fiduciary for employee benefit plans and other potential civil or criminal relief.

The PBI Bank, Inc. case highlights how these risks can arise when a trustee or other fiduciary is asked to approve the sale of company stock held as a plan asset of an employee stock ownership or other employee benefit plan.

An investigation by the Chicago Regional Office of the department’s Employee Benefits Security Administration focused on a September 2007 stock purchase. The suit alleges that PBI violated ERISA by imprudently and disloyally approving the purchase of stock by the plan. The suit seeks to require PBI to restore all losses suffered by the ESOP, plus interest. As of September 30, 2012, the ESOP had 2,939 participants and assets of $12,848,000.

At the time of the stock purchase, Miller’s Health managed 31 long-term care facilities under the name of Miller’s Mary Manor and 10 assisted living facilities under the name Miller’s Senior Living. Miller’s Health also operated Theracare, Inc., an Indiana corporation, which primarily provided physical and occupational therapy and speech-language pathology to residents in Miller’s Health facilities.

After conducting its investigation, the department concluded that, as a result of the design of the transaction and the fiduciary breaches of PBI, the stock purchase was not for the primary benefit of participants and did not promote employee ownership in Miller’s Health. As a result, the department concluded that PBI was responsible and liable for violations of the Employee Retirement Income Security Act.

When announcing the lawsuit, Assistant Secretary of Labor for Employee Benefits Security Phyllis C. Borzi said, “Fiduciaries must act with undivided loyalty to plan participants. When it comes to ESOP stock purchases, they must ensure that the plan receives full value for its money.”

The PBI Bank suit highlights the challenges that trustees and other fiduciaries often face when dealing with employee stock ownership or other employee benefit plans holding stock of the sponsoring company. Valuation, purchase, sale, and other decisions about the stock fall within the prudence, exclusive benefit and other fiduciary responsibility rules of ERISA. These duties attach when the stock is purchased and continue thereafter as long as the stock remains a plan asset. Additionally sales or other transactions which result in the sale or other disbursement of the stock as asset of the plan, as well as a decision to continue to hold the stock during market or value changes also trigger these responsibilities.

A trustee or other fiduciary exercising discretion or control in name or functionally generally must be prepared to prove not only that its actions are prudent, but also that the value of the stock and other actions involving the plan and its assets were made for the exclusive benefit of the plan and its participants and beneficiaries. Because of the special issues and perception of potential conflict of interest that often inherently arise when a trustee or other fiduciary makes or influences decisions involving stock held by an employee stock ownership or other ERISA-covered plan, fiduciaries involved in these transactions should exercise particular care to act, and document appropriate evidence that he or it complied with these and other fiduciary requirements.

For Assistance or More Information

Other Helpful Resources & Other Information

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on DOL Sues PBI Bank For Alleged Fiduciary Breach In Sale of ESOP Stock | 105(h), Affordable Care Act, Corporate Compliance, Employee Benefits, Employers, Employment Tax, ERISA, Health Plans, HIPAA, Human Resources, Insurance, Unemployment Benefits, Unemployment Insurance | Tagged: breach of fiduciary duty, employee stock ownership plan, Employer, ESOP, Fiduciary Responsibility, trustee | Permalink
Posted by Cynthia Marcotte Stamer

Agencies Proposes To Treat Certain EAP, Dental and Vision Only Plans As ACA & HIPAA Excepted Benefits

December 26, 2013

February 24, 2014 is the deadline for interested employers, health insurers and plans, administrators and others to comment on proposed changes to rules defining what arrangements qualify as “excepted benefits” for purposes of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) eligibility, nondiscrimination and other portability mandates and the Patient Protection and Affordable Care Act (ACA) health coverage reform mandates jointly published December 24, 2013 by Internal Revenue Service (IRS) , the Employee Benefits Security Administration (EBSA), and the Health and Human Services Department (HHS)(collectively the “Agencies”).

The Proposed Amendments To Excepted Benefits Regulation (Proposed Rule) published by the Agencies jointly in the December 24, 2013 Federal Register would add certain employee assistance programs (EAPs) and certain vision and dental only plans as excepted benefits for purposes of HIPAA and ACA and make certain other changes to the excepted benefits definition . The Proposed Regulations would also provide added options for employees and employers in connection with ACA.

The definition of “excepted benefits” is critical for employers and insurers as HIPAA and ACA exempt from certain of their mandates arrangements that qualify as excepted benefits under the Agencies rules. Since the passage of the Affordable Care Act, ambiguities and confusion have persisted about when and if certain arrangements qualify as excepted benefits. Since HIPAA took effect, widespread abuse, debate and confusion about the treatment of certain mini-med and certain other benefit plans as excepted benefits prompted the Agencies to publish additional guidance. Despite this guidance, many continue to debate the treatment of certain of these and other arrangements. As the effective date of ACA’s employer and individual mandates and Heath Insurance Exchange premium tax credits, employers, employees and other stakeholders expressed concerns that the past HIPAA definition of excepted health benefits needed updating to prevent undesirable consequences for employees offered these arrangements.

The Proposed Regulations would amend current regulations to treat certain EAPs as excepted benefits, effective immediately. EAPs are typically free programs offered by employers that can provide wide-ranging benefits to address circumstances that might otherwise adversely affect employees’ work and health. Benefits may include short-term substance abuse or mental health counseling or referral services, as well as financial counseling and legal services. Under the Proposed Regulations, EAPs would be considered excepted benefits if the program is free to employees and does not provide significant benefits in the nature of medical care or treatment. As excepted benefits, EAPs would be exempt from private insurance market reforms, and EAP coverage would not make individuals ineligible for a premium tax credit under ACA for enrolling in qualified health plans through the Health Insurance Marketplaces created by ACA.

Similarly, under the Proposed Regulations, vision and dental benefits provided by employers on a self-insured basis would be able to qualify as excepted benefits effective immediately under the conditions specified in the Proposed Regulations, even if they do not require contributions from employees. Insured vision and dental benefits, as well as self-insured vision and dental coverage that requires employee contributions, already qualify as excepted benefits.

The proposal to treat EAPs and stand alone dental and vision benefits require that the arrangements meet the specific requirements set forth in the Proposed Regulations. For instance, to keep benefits like dental benefits and vision benefits from coming under ACA mandates, an employer must offer the benefits separately from any group health plan and charge a separate premium for the excepted benefits.

Effective for plan years starting in 2015, the Proposed Regulations also would treat as excepted benefits certain limited coverage provided by plan sponsors that “wraps around” an individual market policy. The “wraparound” coverage would be available to employees for whom the plan sponsor’s primary group health coverage is not affordable and who instead get coverage through a nongrandfathered individual market policy. The wraparound coverage would provide extra benefits or broader networks, and may also reduce cost sharing. The proposal in the Proposed Regulations would not allow the wraparound coverage to substitute for employment-based coverage. The value of the wraparound coverage could not exceed 15 percent of the value of the primary coverage offered by the plan sponsor, which the Proposed Regulations would require to be affordable for at least the majority of employees.

The Obama administration may create a new type of benefit program for employers that send some workers to the individual exchanges to get health coverage.

A “limited wraparound plan” would give employers a way to beef up the benefits of some workers who get their coverage from an individual exchange rather than enrolling in the employer’s group health plan.

Some employers provide dental and vision plans along with health plans, without charging workers extra. The employers complained that they might have to start collecting small premiums just to keep their dental and vision plans from becoming PPACA plans.

The federal agencies have proposed letting employers keep the self-insured dental and vision benefits out from under PPACA without having to collect separate premiums.

The federal agencies also have made good on previous promises to clarify the rules stating how sponsors of employee assistance plans can keep the EAPs from becoming PPACA plans.

In the section on limited wraparound plans, the agencies talk about strategies for keeping the plans from giving employers a way to drop their group health plans and send all workers to the individual health insurance exchanges.

To offer a wraparound plan, an employer would have to offer a good group health plan. The employer could offer the wraparound plan benefits only to workers who bought “qualified health plan” coverage from an exchange because they found that the group health coverage was unaffordable.

An employer could use a wraparound plan to give workers with QHP coverage benefits similar to what workers in the group health plan have.

The cost of the wraparound coverage would have to be 15 percent or less of the cost of the group health coverage.

Speak Up On The Proposed Changes

Employers, health plan fiduciaries and administrators, health insurers, and others concerned about the scope and effect of the excepted benefit definition should review the proposed changes as soon as possible and provide comments to encourage tailoring the definition optimally. Input on the proposed changes and other feedback on the definition of excepted benefits and its effect on health care coverage or other health care coverage or reform concerns should be carefully prepared and submitted to the Agencies as well as where appropriate, with Congress. In addition , we also encourage you and others to help understand the rules and their implications by sharing your thoughts on these and other concerns in the Coalition For Responsible Health Care Policy linkedin group. The Coalition for Responsible Health Care Policy is a group hosted by Solutions Law Press, Inc. hosts to provides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.

For Assistance or More Information

Other Helpful Resources & Other Information

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on Agencies Proposes To Treat Certain EAP, Dental and Vision Only Plans As ACA & HIPAA Excepted Benefits | 105(h), Affordable Care Act, Corporate Compliance, Employee Benefits, Employers, Employment Tax, ERISA, Health Plans, HIPAA, Human Resources, Insurance, Unemployment Benefits, Unemployment Insurance | Tagged: Affordable Care Act, Employer, employer shared responsibility, exchanges, HIE, reporting, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

1/1/14 Exchange Enrollment Deadline Extended As Enrollment Still Lags

December 24, 2013

With enrollment in the new Federal and State Health Insurance Exchanges, which the Obama Administration calls “Marketplaces” lagging and Americans attempting to use the Federal and state Exchange enrollment platforms continuing to experience technical “glitches,” the Obama Administration is extending again the deadline for Americans who want to get health coverage offered through the Exchanges to begin January 1, 2014.

The Administration quietly revised the Exchange enrollment page at Healthcare.gov to instructs visitors that Americans who weren’t able to enroll in an insurance plan by December 23 because of problems you had using HealthCare.gov and want coverage that starts January 1, 2014 to contact the Marketplace Call Center at 1-800-318-2596 (available 24/7; closed December 25. TTY: 1-855-889-4325).

Are you concerned about health care coverage or other health care issues or policy concerns? Join the discussion and share your input by joining Project COPE: Coalition for Patient Empowerment here.

About Project COPE: The Coalition On Patient Empowerment & Its Coalition on Responsible Health Policy

Sharing and promoting the use of practical practices, tools, information and ideas that patients and their families, health care providers, employers, health plans, communities and policymakers can share and offer to help patients, their families and others in their care communities to understand and work together to better help the patients, their family and their professional and private care community plan for and manage these needs is the purpose of Project COPE, The Coalition on Patient Empowerment & It’s Affiliate, the Coalition on Responsible Health Policy.

The best opportunity to improve access to quality, affordable health care for all Americans is for every American, and every employer, insurer, and community organization to seize the opportunity to be good Samaritans. The government, health care providers, insurers and community organizations can help by providing education and resources to make understanding and dealing with the realities of illness, disability or aging easier for a patient and their family, the affected employers and others. At the end of the day, however, caring for people requires the human touch. Americans can best improve health care by not waiting for someone else to step up: Step up and help bridge the gap when you or your organization can. Speak up to help communicate and facilitate when you can. Building health care neighborhoods filled with good neighbors throughout the community is the key.

The outcome of this latest health care reform push is only a small part of a continuing process. Whether or not the Affordable Care Act makes financing care better or worse, the same challenges exist. The real meaning of the enacted reforms will be determined largely by the shaping and implementation of regulations and enforcement actions which generally are conducted outside the public eye. Americans individually and collectively clearly should monitor and continue to provide input through this critical time to help shape constructive rather than obstructive policy. Regardless of how the policy ultimately evolves, however, Americans, American businesses, and American communities still will need to roll up their sleeves and work to deal with the realities of dealing with ill, aging and disabled people and their families. While the reimbursement and coverage map will change and new government mandates will confine providers, payers and patients, the practical needs and challenges of patients and families will be the same and confusion about the new configuration will create new challenges as patients, providers and payers work through the changes.

We also encourage you and others to help develop real meaningful improvements by joining Project COPE: Coalition for Patient Empowerment here by sharing ideas, tools and other solutions and other resources. The Coalition For Responsible Health Care Policy provides a resource that concerned Americans can use to share, monitor and discuss the Health Care Reform law and other health care, insurance and related laws, regulations, policies and practices and options for promoting access to quality, affordable healthcare through the design, administration and enforcement of these regulations.

For Assistance or More Information

Other Helpful Resources & Other Information

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on 1/1/14 Exchange Enrollment Deadline Extended As Enrollment Still Lags | 105(h), Affordable Care Act, Corporate Compliance, Employee Benefits, Employers, Employment Tax, ERISA, Health Plans, HIPAA, Human Resources, Insurance, Unemployment Benefits, Unemployment Insurance | Tagged: Affordable Care Act, Employer, employer shared responsibility, exchanges, HIE, reporting, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Email Subscription

Pages

Recent Posts

Archives

Share this blog

Solutions Law Press HR & Benefits Update