Internal Investigations |

$2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others

May 10, 2017

Healthcare providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) can’t disclose the name or other protected health care information about a patient in press releases or other announcements without prior authorization from the patient. That’s the clear lesson Covered Entities should learn from the $2.4 million payment to the U.S. Department of Health and Human Services (HHS) that the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS) is paying to settle charges it violated the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by issuing a press release with the name and other protected health information (PHI) about a patient without the patient’s prior HIPAA-compliant authorization under a Resolution Agreement and Corrective Action Plan (Resolution Agreement) announced May 10, 2017 by HHS Office of Civil Rights (OCR).

The Resolution Agreement resolves OCR charges the operator of 13 hospitals, eight Cancer Centers, three Heart & Vascular Institutes, and 27 sports medicine and rehabilitation centers violated the Privacy Rule that resulted from an OCR compliance review of MHHS triggered by multiple media reports suggesting that MHHS improperly disclosed the name and other details about a patient arrested and charged with presenting an allegedly fraudulent identification card to office staff at an MHHS’s clinic after MHHS clinic staff alerted law enforcement of suspicions the patient was presenting false identification to the clinic. According to OCR, after law enforcement investigated and arrested the patient, MHHS published a press release concerning the incident in which MHHS senior management approved the impermissible disclosure of the patient’s PHI by adding the patient’s name in the title of the press release without securing prior authorization of the patient.

While OCR concluded the report to law enforcement allowable under the Privacy Rule, OCR found MHHS violated the Privacy Rule by issuing the press release disclosing the patient’s name and other PHI without authorization from the patient and also by failing to timely document the sanctioning of its workforce members for impermissibly disclosing the patient’s information.

To resolve and avoid the potential Civil Monetary Penalties that HIPAA could authorize OCR to impose for the alleged Privacy Rule violation, MHHS agrees in the Resolution Agreement to pay OCR a $2.4 million monetary settlement and implement a corrective action plan that obligates MHHS to update and train its workforce on its policies and procedures on safeguarding PHI from impermissible uses and disclosures including specific instructions and procedures to:

Address (a) Uses and disclosures for which an authorization is required, including to the media, to public officials, and on the internet; (b) Disclosures for law enforcement purposes; and (c) Uses and disclosures for health oversight activities;
Identify MHHS personnel or representatives whom workforce members, agents, or business associates may contact in the event of any inquiry or concern regarding compliance with HIPAA in relation to these activities;
Internal reporting procedures requiring all workforce members to report to the designated person or office at the earliest possible time any potential violations of the Privacy, Security or Breach Notification Rules or of MHHS’ privacy and security policies and procedures and MHHS promptly to investigate and address all received reports in a timely manner; and
Application and documentation of appropriate sanctions (which may include retraining or other instructive corrective action, depending on the circumstances) against members of MHHS’ workforce, including senior level management, who fail to comply with the Privacy, Security or Breach Notification Rules or MHHS’ privacy and security policies and procedures, including a description of the sanctions; a timeframe in which MHHS will apply and document sanctions for violations of the HIPAA Rules or of MHHS’ privacy, security or breach policies or procedures; the manner in which MHHS will document the sanctions; and where MHHS will store or retain such documentation (e.g., personnel file).

The corrective action plan in the Resolution Agreement also requires all MHHS facilities to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media and others.

Covered entities should keep in mind the MHHS Resolution Agreement is the latest in a series of OCR enforcement actions and resolution agreements highlighting the need for Covered Entities to adopt and use appropriate policies and procedures to prevent wrongful disclosures of PHI to the media or public. For instance, in June, 2013, OCR required Shasta Regional Medical Center (SRMC) to pay a $275,000 settlement payment and implement a comprehensive corrective action plan to resolve OCR charges stemming from SRMC’s disclosure of PHI about a patient to members of the media and its workforce in an effort to respond to accusations the patient made that SRMC engaged in fraud and other misconduct. See HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce. In contrast, the $2.2 million resolution agreement that OCR required New York Presbyterian Hospital for improperly allowing a film crew to film hospital patients in violation of HIPAA was almost 10 times greater than the SRMC penalty and was accompanied by OCR’s publication OCR of specific additional guidance warning Covered Entities against improper disclosures to the media. See $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use.

Following on the heels of this previous guidance and prior enforcement actions warning Covered Entities against wrongful disclosure to the media, the MHHS Resolution Agreement sends a strong message to Covered Entities that they should expect little sympathy if their organizations improperly share PHI with the media. OCR’s announcement of the MHHS Resolution Agreement, for instance quotes OCR Director Roger Severino with stating that “Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response.” The announcement goes on to quote Director Severino further as stating, “This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when making statements to the public and elsewhere.”

Conduct Entity-Wide Risk Assessment & Review & Tighten Media Relations Policies, Processes & Training ASAP

Covered entities should heed the warning by conducting a risk assessment of their organization’s susceptibility to potential improper disclosures to media or others and reviewing and implementing necessary written policies, procedures and training to prevent the improper disclosure of patient PHI to media or others unless the Covered Entity either secures prior HIPAA-compliant authorization from the patient or can prove the disclosure falls squarely under an exception to the Privacy Rule’s prohibition against disclosure of PHI without authorization except as allowed by the Privacy Rule.

Taking these and other needed steps to evaluate, and strengthen and enforce as needed, risk assessments, policies, procedures, and training to prevent wrongful use, access or disclosure of PHI to the media or others is particularly critical in light of the ongoing tightening of expectations, and rising enforcement and sanctions for HIPAA violations since Congress amended HIPAA in 2009. See OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

Based on experiences reported in the MHHS and other similar resolution agreements, Covered Entities also generally will want to ensure that their policies, procedures and training extend to all potential sources of communications that could involve patient information and make clear that the Privacy Rule restrictions must be followed even if the circumstances involve allegations of misconduct, special performance by healthcare providers or others that it would benefit the organization or certain individuals to have known to the public, or other circumstances likely to be of interest to the media or other parties.

As part of this process, covered entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate training and clarification is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations. Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

In conducting this analysis and risk assessment, it will be important that Covered Entities include, but also look beyond the four corners of their Privacy Policies to ensure that their review and risk assessment identifies and assesses and addresses compliance risks on an entity wide basis. This entity-wide assessment should include both communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer. For this reason, Covered Entities also generally will not only to adopt and implement specific policies, processes and training in these other departments to prohibit and prevent inappropriate disclosures of PHI in the course of those departments operations. It also may be advisable to pre-established processes for reviewing media or other communications for potential PHI content and require prior review of any proposed public relations and other internal or external communications containing patient PHI or other information by the privacy officer, legal counsel or another suitably qualified party.

Because of the high risk that the preparation or review of media or other public communications reports will involve the use and disclosure of PHI, Covered Entities also generally should verify that all outside media or public relations, legal, or other outside service providers participating in the investigation, response or preparation or review of communications to the media or others both are covered by signed business associate agreements that fulfill the Privacy Rule and other requirements of HIPAA as well as possess detailed knowledge and understanding of the Privacy and Security Rules suitable to participate in and help safeguard the Covered Entity against violations of these and other Privacy Rules. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to manage and defend compliance, public policy, regulatory, staffing and other operations and risk management concerns. A core focus of this work includes work to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; dealings with JCHO and other accreditation and quality organizations; investigation and defense of private litigation and other federal and state health care industry investigations and enforcement; insurance or other liability management and allocation; process and product development; managed care, physician and other staffing, business associate and other contracting; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws. Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on trade secret, HIPAA and other medical, consumer, insurance, tax, and other privacy and data security, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked closely with a diverse range of physicians, hospitals and healthcare systems, DME, Pharma, clinics, health care providers, managed care, insurance and other health care payers, quality assurance, credentialing, technical, research, public and private social and community organizations, and other health industry organizations and their management deal with governance; credentialing, patient relations and care; staffing, peer review, human resources and workforce performance management; outsourcing; internal controls and regulatory compliance; billing and reimbursement; physician, employment, vendor, managed care, government and other contracting; business transactions; grants; tax-exemption and not-for-profit; licensure and accreditation; vendor selection and management; privacy and data security; training; risk and change management; regulatory affairs and public policy and other concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health plans, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved. For information about republication or other use, please contact Ms. Stamer here.

Comments Off on $2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others | ADA, board of directors, Brokers, Cafeteria Plans, Civil Monetary Penalties, Civil Rights, compliance, conflict of interest, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, Disability Discrimination, Electronic Medical Record, employee, Employee Benefits, Employer, Employers, Employment, EMR, ERISA, Fair Credit Reporting Act, fiduciary duty, GINA, HIPAA, HIPAA, Hiring, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Internal Revenue Code, IRC, Leadership, LGBT, Management, Medicare Part D, Mental Health, Mental Health Parity, MEWA, Physician, Prescription Drugs, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Technology, third party administrators, Uncategorized | Tagged: Health Care Provider, Health Plans, HIPAA, Medical Privacy, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Latest $2.5M HIPAA Settlement Warning To Health Plans, Providers: Get HIPAA Compliant

April 26, 2017

A new Department of Health and Human Services Office of Civil Rights (OCR) CardioNet Resolution Agreement and Corrective Action Plan (Resolution Agreement) settling OCR charges of violations of the Privacy and Security Rules of the Health Insurance Portability & Accountability Act against remote cardiac monitoring provider CardioNet provides important lessons for all health plans, health insurers, telemedicine and other healthcare providers, healthcare clearinghouses (Covered Entities) and their business associates about steps to take to reduce their risk of getting hit with big OCR penalty like the $2.5 million settlement payment CardioNet must pay under the Resolution Agreement.

OCR announced the first OCR HIPAA settlement involving a wireless health services provider Monday, April 24. Under the Resolution Agreement, CardioNet agrees to pay OCR $2.5 million and to implement a corrective action plan to settle potential OCR charges it violated the HIPAA Privacy and Security Rules based on the impermissible disclosure of unsecured electronic protected health information (ePHI).

CardioNet Charges & Settlement

As has become increasingly common in recent years, the CardioNet settlement arose from concerns initially brought to OCR’s attention in connection with a HIPAA breach notification report. On January 10, 2012, OCR received notification from the provider of remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias that a workforce member’s laptop with the ePHI of 1,391 individuals was stolen from a parked vehicle outside of the employee’s home. CardioNet subsequently notified OCR of a second breach of ePHI 2,219 individuals, respectively.

Likewise, the HIPAA breaches uncovered by OCR in the course of investigating these CardioNet breaches occur in the operations of many other covered entities. According to the OCR’s investigation in response to these breach reports revealed a series of continuing compliance concerns, including:

CardioNet failed to conduct an accurate and thorough risk analysis to assess the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI and failed to plan for and implement security measures sufficient to reduce those risks and vulnerabilities;
CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented;
CardioNet was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices;
CardioNet failed to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of its facilities, the encryption of such media, and the movement of these items within its facilities until March 2015; and
CardioNet failed to safeguard against the impermissible disclosure of protected health information by its employees, thereby permitting access to that information by an unauthorized individual, and failed to take sufficient steps to immediately correct the disclosure.

To resolve these OCR charges, CardioNet agrees in the Resolution Agreement to pay $2.5 million to OCR and implement a corrective action plan. Among other things, the corrective action plan requires CardioNet to complete the following actions to the satisfaction of OCR:

Prepare a current, comprehensive and thorough Risk Analysis of security risks and vulnerabilities that incorporates its current facility or facilities and the electronic equipment, data systems, and applications controlled, currently administered or owned by CardioNet, that contain, store, transmit, or receive electronic protected health information (“ePHI”) and update that Risk Analysis annually or more frequently, if appropriate in response to environmental or operational changes affecting the security of ePHI.
Assess whether its existing security measures are sufficient to protect its ePHI and revise its Risk Management Plan, Policies and Procedures, and training materials and implement additional security measures, as needed.
Develop and implement an organization-wide Risk Management Plan to address and mitigate any security risks and vulnerabilities found in the Risk Analysis as required by the Risk Management Plan.
Review and, to the extent necessary, revise, its current Security Rule Policies and Procedures (“Policies and Procedures”) based on the findings of the Risk Analysis and the implementation of the Risk Management Plan to comply with the HIPAA Security Rule.
Provide certification to OCR that all laptops, flashdrives, SD cards, and other portable media devices are encrypted, together with a description of the encryption methods used (“Certification”).
Review, revise its HIPAA Security training to include a focus on security, encryption, and handling of mobile devices and out-of-office transmissions and other policies and practices require to address the issues identified in the Risk Assessment and otherwise comply with the Risk Management Plan and HIPAA train its workforce on these policies and practices.
Investigate all potential violations of its HIPAA policies and procedures and notify OCR in writing within 30 days of any violation.
Submit annual reports to OCR, which must be signed by an owner or officer of CardioNet attesting that he or she has reviewed the annual report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful.
Maintain for inspection and copying, and provide to OCR, upon request, all documents and records relating to compliance with the corrective action plan for six years.

Implications For Covered Entities & Business Associates

The latest in a rapidly-growing list of high dollar HIPAA enforcement actions by OCR, the CardioNet Resolution Agreement contains numerous lessons for other Covered entities and their business associates about the importance of appropriate HIPAA privacy and security compliance, including but not limited to the following:

Like many previous resolution agreements announced by OCR, the Resolution Agreement reiterates the responsibility of covered entities and business associates to properly secure their ePHI and that as part of this process, OCR expects all laptop computers and other mobile devices containing or with access to ePHI be properly encrypted and secured.
It also reminds covered entities and their business associates to be prepared for, and expect an audit from OCR when OCR receives a report that their organization experienced a large breach of unsecured ePHI.
The Resolution Agreement’s highlighting of the draft status of CardioNet’s privacy and security policies also reflects OCR expects covered entities to actually final policies, procedures and training in place for maintaining compliance with HIPAA.
The discussion and requirements in the Corrective Action Plan relating to requirements to conduct comprehensive risk assessments at least annually and in response to other events, and to update policies and procedures in response to findings of these risk assessments also drives home the importance of conducting timely, documented risk analyses of the security of their ePHI, taking prompt action to address known risks and periodically updating the risk assessment and the associated privacy and security policies and procedures in response to the findings of the risk assessment and other changing events.
The requirement in the Resolution Agreement of leadership attestation and certification on the required annual report reflects OCR’s expectation that leadership within covered entities and business associates will make HIPAA compliance a priority and will take appropriate action to oversee compliance.
Finally, the $2.5 million settlement payment required by the Resolution Agreement and its implementation against CardioNet makes clear that OCR remains serious about HIPAA enforcement.

Clearly, covered entities, business associates and their management should take steps to promptly review the adequacy of their organizations’ HIPAA compliance policies, practices and documentation in light of the deficiencies listed in the CardioNet and other HIPAA OCR settlements and civil monetary penalty assessments. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements; $400K HIPAA Penalty Teaches Risk Assessment Importance; $3.2 Children’s HIPAA CMP Teaches Key Lessons.

Of course, covered entities and business associates need to keep in mind that acts, omissions and events that create HIPAA liability risks also carry many other potential legal and business risks. For instance, since PHI records and data involved in such breaches usually incorporates Social Security Numbers, credit card or other debt or payment records or other personal consumer information, and other legally sensitive data, covered entities and business associates generally also may face investigation, notification and other responsibilities and liabilities under confidentiality, privacy or data security rules of the Fair and Accurate Credit Transaction Act (FACTA), the Internal Revenue Code, the Social Security Act, state identity theft, data security, medical confidentiality, privacy and ethics, insurance, consumer privacy, common law or other state privacy claims and a host of other federal or state laws. Depending on the nature of the covered entity or its business associates, the breach or other privacy event also may trigger fiduciary liability exposures for health plan fiduciaries in the case of a health plan, professional ethics or licensing investigations or actions against health care providers, insurance companies, administrative service providers or brokers, shareholder or other investor actions, employment or vendor termination or disputes and a host of other indirect legal consequences.

Beyond, and regardless of if, a covered entity or business ultimately succeeds in defending its actions against a charge of violating any of these or other standards, however, covered entities, business associates and their leaders should keep in mind that the most material and often most intractable consequences of a HIPAA or other data or other privacy breach report or public accusation, investigation, admission also typically are the most inevitable:

The intangible, but critical loss of trust and reputation covered entities and business associates inevitably incur among their patients, participants, business partners, investors and the community; and
The substantial financial expenses and administrative and operational disruptions of investigating, defending the actions of the organization and implementation of post-event corrective actions following a data or other privacy breach, audit, investigation, or charge.

In light of these risks, covered entities business associates and their management should use the experiences of CardioNet and other covered entities or business associates caught violating HIPAA or other privacy and security standards to reduce their HIPAA and other privacy and data security exposures. Management of covered entities and their business associates should take steps to ensure that their organizations policies, practices and procedures currently are up-to-date, appropriately administered and monitored, and properly documented. Management should ensure that their organizations carefully evaluate and strengthen as necessary their current HIPAA risk assessments, policies, practices, record keeping and retention and training in light of these and other reports as they are announced in a well-documented manner. The focus of these activities should be both to maintain compliance and position their organizations efficiently and effectively to respond to and defend their actions against a data breach, investigation, audit or accusation of a HIPAA or other privacy or security rule violation with a minimum of liability, cost and reputational and operational damages.

As the conduct of these activities generally will involve the collection and analysis of legally sensitive matters, most covered entities and business associates will want to involve legal counsel experienced with these matters and utilize appropriate procedures to be able to use and assert attorney-client privilege and other evidentiary privileges to mitigate risks associated with these processes. To help plan for and mitigate foreseeable expenses of investigating, responding to or mitigating a known, suspected or asserted breech or other privacy event, most covered entities and business associates also will want to consider the advisability of tightening privacy and data security standards, notification, cooperation and indemnification protections in contracts between covered entities and business associates, acquiring or expanding data breach or other liability coverage, or other options for mitigating the financial costs of responding to a breach notification, investigation or enforcement action.

About The Author

In the course of this work, Ms. Stamer has accumulated extensive experience helping health industry clients manage workforce, medical staff, vendors and suppliers, medical billing, reimbursement, claims and other provider-payer relations, business partners, and their recruitment, performance, discipline, compliance, safety, compensation, benefits, and training, board, medical staff and other governance; compliance and internal controls; strategic planning, process and quality improvement; change management; assess, deter, investigate and address staffing, quality, compliance and other performance; meaningful use, EMR, HIPAA and other data security and breach and other health IT and data; crisis preparedness and response; internal, government and third-party reporting, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.

Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws. Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Latest $2.5M HIPAA Settlement Warning To Health Plans, Providers: Get HIPAA Compliant | ARRA, Attorney-Client Privilege, board of directors, Brokers, Civil Monetary Penalties, Civil Rights, compliance, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, Electronic Medical Record, Employee Benefits, Employer, fiduciary duty, Fiduciary Responsibility, FINRA, GINA, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Technology, Telecommuting, Uncategorized | Tagged: Breach, Breach Notification, Business Associate, Covered Entity, Health Insurance, Health Plan, HIPAA, HIPAA Privacy, HIPAA Security, Medical Privacy, OCR, Office of Civil Rights, REmote Care, Technology, Telemedicine | Permalink
Posted by Cynthia Marcotte Stamer

Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements

April 24, 2017

Health plans, their fiduciaries and sponsors, health insurers, health care providers, health care clearinghouses (“covered entities”) and their business associates must get and keep your business associate (BA) agreements (BAAs) in place, up-to-date, and readily available for inspection in accordance with the Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule, 45 C.F.R. Part 160 and Subparts A and E of Part 164 (Privacy Rule). That’s the clear message to covered entities and their business associates in the April 17, 2017 HIPAA Resolution Agreement just announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) with the Center for Children’s Digestive Health (CCDH).

While the Resolution Agreement relates to breaches of the BAA requirements of a small pediatric practice, all health plans, health care providers and other covered entities and business associates should focus on the adequacy of their BAAs and their BAA record keeping. HIPAA compliance surveys reflect deficiencies with the BAA rules are common throughout the industry. These findings and the involvement of BAs in data breaches or other OCR enforcement activities suggest a high probability that many other covered entities and business associates may be sitting ducks for similar sanctions. See e.g., HIPAA Compliance Survey Churns Up Many Business Associate Problems (January 3, 2017). Consequently, all covered entities and business associates generally should treat the CCDH Resolution Agreement as a message to review and correct as necessary their organizations’ compliance and recordkeeping to minimize their exposure to potential sanctions from violations of the HIPAA business associate rules.

The HIPAA Business Associate Agreement Requirements

OCR’s announcement of the CCDH Resolution Agreement is the latest in a growing series of HIPAA enforcement actions showing the growing risk covered entities and their business associates face for failing to take appropriate steps to comply with the BAA and other Privacy Rule requirements of HIPAA.

As compliance audits and surveys of covered entities and business associates suggest a high level of noncompliance with the business associate agreement requirements among covered entities and business associates, While the ever-growing list of Resolution Agreements and Civil Monetary Penalties announced by OCR cover a variety of categories of HIPAA violations, the CCDH Resolution Agreement highlights the importance of covered entities and their business associates ensuring that before the BA creates, accesses, receives, discloses, retains or destroys any PHI for the covered entity, a BAA meeting the Privacy Rule requirements is signed and retained for at least the six-year period the Privacy Rule requires in a manner easily producible when and if OCR or another agency asks for a copy as part of an investigation or other compliance audit. See Privacy Rule §§ 164.502(e), 164.504(e), 164.532(d) and (e).

The Privacy Rule requires that covered entities and business associates enter into a written and signed business associate agreement that contains the elements specified in Privacy Rule § 164.504(e) before the business associate creates, uses, accesses or discloses PHI of the covered entity. Meanwhile, the Privacy Rule recordkeeping requirements require that covered entities and BAs maintain copies of these BAAs for a minimum of six years.

Violations of the Privacy Rule can carry stiff civil or even criminal penalties Pursuant to amendments to HIPAA enacted as part of the HITECH Act, civil penalties typically do not apply to violations punished under the criminal penalty rules of HIPAA set forth in Social Security Act , 42 U.S.C § 1320d-6 (Section 1177).

Under Section 1177, the criminal enforcement provisions of HIPAA authorize the Justice Department to prosecute a person who knowingly in violation of the Privacy Rule (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, punishable by the following criminal sanctions and penalties:

A fine of up to $50,000, imprisoned not more than 1 year, or both;
If the offense is committed under false pretenses, a fine of up to $100,000, imprisonment of not more than 5 years, or both; and
If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of up to $250,000, imprisoned not more than 10 years, or both.

In contrast, as amended by the HITECH Act, the civil enforcement provisions of HIPAA empower OCR to impose Civil Monetary Penalties on both covered entities and BAs for violations of any of the requirements of the Privacy or Security Rules. The penalty ranges for civil violations depends upon the circumstances associated with the violations and are subject to upward adjustment for inflation. As most recently adjusted here effective September 6, 2016, the following currently are the progressively increasing Civil Monetary Penalty tiers:

A minimum penalty of $100 and a maximum penalty of $50,000 per violation, for violations which the CE or BA “did not know, and by exercising reasonable diligence would not have known” about using “the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances;”
A minimum penalty of $1,000 and a maximum penalty of $50,000 per violation, for violations for “reasonable cause” which do not rise to the level of “willful neglect” where “reasonable cause” means the “circumstances that would make it unreasonable for the covered entity, despite the exercise of ordinary business care and prudence, to comply with the violated Privacy Rule requirement;”
A minimum penalty of $10,000 and a maximum penalty of $50,000 per violation, for violations attributed to “willful neglect,” defined as “the conscious, intentional failure or reckless indifference to the obligation to comply” with the requirement or prohibition; and
A minimum penalty of $50,000 and a maximum penalty of $1.5 million per violation, for violations attributed to “willful neglect” not remedied within 30 days of the date that the covered entity or BA knew or should have known of the violation.

For continuing violations such as failing to implement a required BAA, OCR can treat each day of noncompliance as a separate violation. However, sanctions under each of these tiers generally are subject to a maximum penalty of $1,500,000 for violations of identical requirements or prohibitions during a calendar year. For violations such as the failure to implement and maintain a required BAA where more than one covered entity bears responsibility for the violation, OCR an impose Civil Monetary Penalties against each culpable party. OCR considers a variety of mitigating and aggravating facts and circumstances when arriving at the amount of the penalty within each of these applicable tiers to impose.

While criminal enforcement of HIPAA remains relatively rare, a review of the OCR enforcement record in recent years makes clear that civil enforcement of HIPAA and the sanctions imposed is growing. See e.g., $400K HIPAA Settlement Shows Need To Conduct Timely & Appropriate Risk Assessments; $5.5M Memorial HIPAA Resolution Agreement Shows Need To Audit. For more examples, also see here.

CCDH Sanctions For Violation Of HIPAA Business Associate Agreement Rules

The CCDH Resolution Agreement arises from violations of this requirement that OCR says it discovered as a result of a compliance review conducted in response to an OCR investigation of a CCDH business associate, FileFax, Inc. According to OCR, OCR found from the compliance review of CCDH triggered by OCR’s investigation of FileFax that while CCDH began disclosing PHI to Filefax in 2003 and that Filefax stored records containing protected health information (PHI) for CCDH, neither CCDH nor Filefax could produce a signed Business Associate Agreement (BAA) covering their relationship for any period before October 12, 2015.

Based on the resulting investigation, OCR concluded:

CCDH failed to obtain a BAA providing written assurances from Filefax that it would appropriately safeguard the PHI in Filefax’s possession or control satisfactory assurances as required by Privacy Rule §164.502(e); and
Because CCDH failed to secure the required BAA, it violated the Privacy Rule by impermissibly disclosing the PHI of at least 10,728 individuals to Filefax when CCDH transferred the PHI to Filefax without obtaining the requisite BAA from Filefax (Covered Conduct).

In the Resolution Agreement, CCDH agrees to pay HHS $31,000.00 (Resolution Amount) and enter into and comply with a Corrective Action Plan (CAP) in return for OCR’s release of CCDH from liability for “any actions it may have against CCDH under the HIPAA Rules” for the Covered Conduct. The Resolution Agreement only settles the civil monetary penalty and other OCR enforcement liabilities of CCDH with respect to the Covered Conduct. Its provisions expressly state the Resolution Agreement does not affect any exposures of CCDH to CCDH to OCR civil monetary penalties or other enforcement for any HIPAA violations other than the Covered Conduct.

Perhaps even more noteworthy given the HITECH Act’s provisions coordinating the civil and criminal sanctions of HIPAA, while the Resolution Agreement provides no clear indication that the Justice Department might be considering criminally prosecuting CCDH or any other party in relation to the Covered Conduct, the Resolution Agreement also expressly states that its provisions do not affect CCDH’s potential exposure, if any, to criminal prosecution by the Justice Department for a criminal violation of the Privacy Rules under Section 1177 of the Social Security Act.

Implications For Covered Entities & Business Associates

Covered entities and their business associates should heed the CCDH Resolution Agreement as a strong message from OCR to ensure their organizations are complying with HIPAA’s BAA and other requirements. The Resolution Agreement makes clear that the starting point of this compliance effort must be obtaining and maintaining the requisite BAAs for each BA relationship.

To position their organizations to withstand potential investigation by OCR, covered entities and BAs should start by conducting a well-documented audit within the scope of attorney-client privilege both to verify that an appropriate, signed BAA is in place for each BA relationship as well as adequacy of processes for identifying business associate relationships, ensuring that signed BAAs are in effect before BAs access any PHI, and for investigating, reporting and resolving any breaches of the HIPAA Privacy or Security Rules that may arise in the course of operations.

Conducting this audit as soon as possible is particularly important in light of reported findings of widespread compliance concerns. See HIPAA Compliance Survey Churns Up Many Business Associate Problems (January 3, 2017). As the audit process could identify potential violations or other legally sensitive concerns, covered entities and business associates generally will want to arrange for this audit and evaluation to be conducted under the supervision of legal counsel experienced with HIPAA within or pursuant to processes structured with the assistance of legal counsel within the scope of attorney-client privilege.

Beyond confirming all necessary BAAs are in place, covered entities and business associates also generally will want to evaluate the adequacy of BAs’ processes and procedures for maintaining compliance with the Privacy and Security Rules as well as processes and procedures for responding to audits, investigations and complaints, reporting and addressing breaches of electronic and other PHI and other possible compliance concerns under HIPAA and other related laws. In many instances, parties may n wish to revise and strengthen existing BAAs to more specifically define these policies and procedures more specifically as well as indemnification, cyber or other liability coverage requirements and other contractual provisions for allocating potential costs and liabilities arising from breaches, audits, investigations and other expenses associated with the administration of these provisions.

About The Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar, insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements | ARRA, Attorney-Client Privilege, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, employee, Employee Benefits, Employer, Employers, Employment, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Patient Empowerment, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Uncategorized | Tagged: Business Associate, Health Care, Health Insurer, Health Plans, HIPAA, HIPAA OCR, HIPAA Privacy, HITECH, Insurer, Technology, tpa | Permalink
Posted by Cynthia Marcotte Stamer

When Trust Matters, Preparations Critical

March 5, 2017

Actual or perceived disloyalty or other reaches of Trece is one of the quickest ways to destroy a working relationship between an a business and its management or other employees or other service providers.

Heading off problems begins with both the management of a business and those providing services to it understanding the call mama and other conflict of interest, loyalty and other responsibilities of the service provider to the businesses

Historically, the common law has recognized that common law management and other employees – but not necessarily independent contractors or other non common law employee service providers – owe a duty of loyalty to their employer that among other things. Inventions, knowledge and other value created by an employee and value derived from the employee generally are presumed the property of the employee under the doctrine of “works for hire.” An employee’s common law duty of loyalty generally also prihibits the employee from engaging in competition with the employer, self dealing, or conflicts of interest unless the the employee proves the employee consented after full disclosure of relevant facts by the employee.

In the age of federal sentencing guidelines and other federal and state internal controls mandates, carefully crafted loyalty, conflict of interest, confidentiality and trade secret, nonsolicitation, noncompete and other provisions in employee contracts, handbooks and policies can promote important regulatory risk management and compliance goals as well as deter employee breaches of loyalty by educating the employee of their duty, limit or overrun statutorial restrictions on some of these common law duties, and otherwise strengthen the ability of an employer to enforce these duties in the event of a violation.

As the common law does not necessarily apply these same duties of loyalty automatically businesses of contractor and other no traditional worker or other service provider relationships, however, ensuring that independent contractors and other nontraditional service providers are engaged pursuant to written agreements that include carefully crafted provisions that clearly reserve the business’ exclusive or other ownership of created products, internal controls mandates, and loyalty, conflict of interest, confidentiality and trade secret, nonsolicitation, noncompete and other safeguards can be critical to protect the interests of the business.

Whether dealing with employees or other service providers, today’s privacy and other limits on business investigatory powers also create a strong demand for businesses to back up their ability to investigate and redress these and other breaches by adopting and requiring all service providers to consent or otherwise be subject to appropriate disclaimers of privacy, computer and other use and monitoring, pre, concurrent and post terminationinvestigation, disclosure, cooperation, and other policies.

Comments Off on When Trust Matters, Preparations Critical | Bankruptcy, board of directors, conflict of interest, Corporate Compliance, Cybercrime, directors, employee, Employer, Employers, Employment, fiduciary duty, Government Contractors, Hiring, HR, Identity Theft, Internal Controls, Internal Investigations, Labor Management Relations, Loyalty, Management, Managment, OFCCP, Retaliation, Risk Management, Technology, Uncategorized, Worker Classification, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

IRS Changing Employee Plans & Exempt Organization Audit Procedures

November 21, 2016

Employee benefit plans and tax-exempt organizations facing Internal Revenue Service (IRS) audits or investigations after April, 2016, their leaders and advisors should prepare for some changes in the practices IRS agents will use to issue and enforce document requests (IDRs) after March 31.

The IRS Tax Exempt and Government Entities Division (TEGE) just issued updated internal guidance (Guidance) governing the procedures its agents will use to gather information for employee benefit plan and exempt organization examinations including information requests made in connection with:

Employee Benefit Form 5500 Examination Procedures
Exempt Organizations Pre-Audit Procedures
On-Site Examinations
Tax Exempt Bonds Examinations
Indian Tribal Government Examinations and
Federal, State and Local Governments (FSLG) Examinations

The new Guidance follows other recent announcements of changes of IRS employee plan or exempt organization procedures such as recently announced changes in IRS employee plan correction procedures. See, e.g., IRS Qualified Plan Correction Procedures Changing 1/1/17.

The new procedures defined in the Guidance apply more broadly and take effect April 1, 2017. The Guidance also requires that TEGE update the following IRMs to specifically reflect the new procedures within the next two years:

IRM 4.71.1, Overview of Form 5500 Examination Procedures;
IRM 4.75.10, Exempt Organizations Pre-Audit Procedures;
IRM 4.75.11, On-Site Examination Guidelines;
IRM 4.81.5, Tax Exempt Bonds Examination Program Procedures – Conducting the Examination;
IRM 4.86.5, Conducting Indian Tribal Government Examinations; and
IRM 4.90.9, Federal, State and Local Governments (FSLG) – Procedures, Workpapers and Report Writing.

Among other things, the new Guidance will require “active involvement” by managers of IRS examiners’ early in the process. The Guidance also calls for:

Taxpayers to be involved in the IDR process.
Examiners to discuss the issue being examined and the information needed with the taxpayer prior to issuing an IDR.
Examiners to ensure that the IDR clearly states the issue and the relevant information they are requesting.
If the taxpayer does not timely provide the information requested in the IDR by the agreed upon date, including extensions, examiners to issue a delinquency notice.
If the taxpayer fails to respond to the delinquency notice or provides an incomplete response, for the examiner to issue a pre-summons notice to advise the taxpayer that the IRS will issue a summons unless the missing items are fully provided.
For a summons to be issued if the taxpayer fails to provide a complete response to the pre-summons letter by its response due date.

According to TEGE the new procedures set forth in the Guidance are designed to “ensure” that IRS Counsel is prepared to enforce IDRs through the issuance of a summons when necessary while also reinforcing the IRS’ commitment to the respect of taxpayer rights under the Taxpayer Bill of Rights. TEGE says the updated procedures established in the Guidance will promote these goals by:

Providing for open and meaningful communication between the IRS and taxpayers;
Reducing taxpayer burdens
Providing for consistent treatment of taxpayers;
Allowing the IRS to secure more complete and timely responses to IDRs;
Providing consistent timelines for IRS agents to review IDR responses; and
Promoting timely issue resolution.

While it remains to be seen exactly how well the new procedures will promote these goals in operation, leaders, sponsors, administrators and tax advisors to employee benefit plans and exempt organizations tagged for audits after the Guidelines take effect will want to ensure that they review and fully understand the new procedures as soon as possible after receiving notice of the audit.

A clear understanding of the procedures can help the entities and their representatives to take advantage of all available options for mitigating exposures and liability from the audit as well as to avoid unfortunate missteps that could result in forfeiture of otherwise available tax-related rights and options or otherwise increase the tax and other associated risks and liabilities of the entities or others associated with them arising from the audit.

Along with responding to these tax-related risks, leaders and advisors of employee benefit plan and exempt organizations also need to keep in mind the often substantial non-tax related risks that may arise concurrently or evolve from a TEGE or other tax-related audit or investigation. The often substantial tax and non-tax exposures typically makes it desirable if not necessary to involve experienced legal counsel in the process as soon as possible.

To help respond to the audit and manage its tax and non-tax related risks and, leaders responsible for these entities generally not only will want to seek legal advice within the scope of attorney-client privilege from legal counsel immediately after receiving an IDR or other notice of an audit or investigation, as well as consider periodically consulting experienced legal counsel for assistance in conducting pre-audit assessment of compliance and other compliance and risk management planning.

Early involvement of legal counsel generally is necessary both to understand and manage both the tax and non-tax exposures associated with the audit, as well as to preserve and utilize the potential benefits of attorney-client privilege and other evidentiary privileges that could help to mitigate both the tax and non-tax related risks. While federal tax rules afford some evidentiary privileges to certain accounting professionals when providing tax representation or advice, the protective scope of such privileges generally are more limited than attorney-client privilege and work product evidentiary privileges and typically do not apply to non-tax matters. As a result, most entities and their leaders will want to consider involvement of legal counsel to maximize privilege protections and non-tax related exposures even if the parties plan for a qualified tax professional or other consultant to play a significant role in assisting them to prepare for and respond to the audit.

About The Author

Ms. Stamer works with health industry and other businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment, employee benefits, compensation, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein

Comments Off on IRS Changing Employee Plans & Exempt Organization Audit Procedures | 105(h), 401(k), 4980D, 4980H, 6039D, ACA, Affordable Care Act, Attorney-Client Privilege, board of directors, Brokers, Cafeteria Plans, church plan, COBRA, compensation, compliance, Corporate Compliance, corporate governance, defined benefit plan, Defined Benefit Plans, defined contribution plan, Defined Contribution Plans, directors, Discrimination, EBSA, employee, Employee Benefits, Employer, Employers, Employment, Employment Tax, ERISA, ESOP, Excise Tax, Excise Taxes, Executive Compensation, Exempt, Form 5500, health reform, HR, Human Resources, Identity Theft, Income Tax, Internal Controls, Internal Investigations, Internal Revenue Code, IRC, Pay, Payroll Tax, pension plan, Plan Admistrator, Tax, Tax Credit, Tax Qualification, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

DOL Aggressively Targeting Restaurants For Wage & Hour & Child Labor Law Violations

November 3, 2016

Restaurant employers beware! Restaurants are the target of a highly successful, U.S. Department of Labor Wage and Hour Division (WHD) restaurant enforcement and compliance initiative that WHD already has used to nail a multitude of restaurants across the country for “widespread violations” of Fair Labor Standards Act (FLSA) minimum wage, overtime, child labor and other wage and hour laws (WH Law).

Having reportedly found WH Law violations in “nearly every one” of the WH Law investigations conducted against restaurant employers during 2016 and recovered millions of dollars of back pay and penalties from restaurants caught through investigations conducted under its WHD Restaurant Enforcement Initiative, WHD Administrator Dr. David Weil recently confirmed WHD plans to expand the restaurant employers targeted for investigation and other efforts to punish and correct WH Law violations under the Restaurant Enforcement Initiative through 2017 in an October 5, 2016 WHD News Release: Significant Violations In The Austin Restaurant Industry Raise Concerns For Us Labor Department Officials (News Release).

The News Release quotes Administrator Weil as stating:

The current level of noncompliance found in these investigations is not acceptable …WHD will continue to use every tool we have available to combat this issue. This includes vigorous enforcement as well as outreach to employer associations and worker advocates to ensure that Austin restaurant workers receive a fair day’s pay for a fair day’s work.

Given the substantial back pay, interest, civil or in the case of willful violations, criminal penalties, costs of defense and prosecution and other sanctions that restaurant employers, their owners and management can face if their restaurant is caught violating FLSA or other WH Laws, restaurants and their leaders should arrange for a comprehensive review within the scope of attorney-client privilege of the adequacy and defensibility of their existing policies, practices and documentation for classifying, assigning duties, tracking regular and overtime hours, paying workers and other WH Law compliance responsibilities and opportunities to mitigate risks and liabilities from WH Law claims and investigations.

Many Restaurants Already Nailed Through Restaurant Enforcement Initiative

Even before the planned 2017 expansion of its Restaurant Enforcement Initiative, WHD’s enforcement record shows WHD’s efforts to find and punish restaurants that violate WH Laws are highly successful. Restaurant employers overwhelmingly are the employers targeted by WHD in the vast majority of the WH Law settlements and prosecutions announced in WHD News Releases published over the past two years, including aggregate back pay and penalty awards of more than $11.4 million recovered through the following 31 actions announced by WHD between January 1, 2016 and October 31, 2016:

US Labor Department Investigation Finds Thundercloud Subs Owes Nearly $128K In Back Wages, Damages To Austin Restaurant Workers (October 20, 2016);
US Labor Department Announces Hotline To Offer Updates To Capitol Hill Cafeteria Workers Owed Back Wage Payments (October 20, 2016);
US Labor Department Recovers More Than $570K In Back Wages, Damages For 55 Workers At Johnny Rockets Restaurants In Washington Metro Area (October 11, 2016);
Portland, Texas, Restaurant Settles Worker Retaliation Allegation After US Labor Department Finds Nine Employees Owed $25K In Back Wages (October 06, 2016);
Providence Restaurant, Owner To Pay $567K In Back Wages, Damages To 104 Employees Denied Minimum Wage, Overtime Pay (September 23, 2016);
US Labor Department Investigation Finds Capitol Hill Cafeteria Workers Illegally Denied More Than $1M In Wages By Federal Food Service Contractors (July 26, 2016);
El Azteca Restaurant Group To Pay $700K In Back Wages, Damages To 129 Workers At Four Wisconsin Eateries (July 26, 2016);
Historic Oklahoma City Restaurant Pays Workers $52K In Back Wages, Damages After Labor Department Investigation (June 22, 2016);
Kissimmee, Florida, Restaurant To Pay Nearly $41KIn Back Wages To 15 Employees After US Department Of Labor Investigation (June 15, 2016);
Court Orders Buffet Restaurant, Owners To Pay $128K In Back Wages, Penalties To Resolve Allegations Of Federal Minimum Wage, Overtime Violations (June 09, 2016);
Grand Rapids Restaurant, Owners Agree With Court Order To Comply With Federal Record-Keeping Rules After Department’s Wage And Hour Investigation (May 31, 2016);
Court Judgment Orders Four Phoenix-Area Federico’s Mexican Food Restaurants To Pay Workers $202KIn Overtime Back Wages, Damages (May 24, 2016);
US Labor Department Investigation Finds Child Labor, Minimum Wage And Other Violations At Street’s Seafood Restaurant (May 17, 2016);
US Labor Department Initiative Finds 14 Lawrence Restaurants Owe More Than $112K In Back Wages To 130 Workers (May 17, 2016);
US Labor Department Obtains Order To Stop Arlington Restaurant Owners From Intimidating Workers Who Cooperate With Federal Investigators (May 16, 2016);
Charleston Restaurants’ Minimum Wage, Overtime Violations Result In Nearly $217K In Back Wages For 26 Employees (May 9, 2016);
Las Investigaciones Dieron Como Resultado Casi $1.2 Millones En Salarios Retroactivos Y Daños Y Perjuicios Para Más De 100 Trabajadores En 13 Restaurantes En El Área De Charleston and Investigations Result In Nearly $1.2M In Back Wages, Damages For More Than 100 Workers At 13 Charleston Area Restaurants (April 19, 2016);
Clairmont Diner Will Pay $213K In Back Wages, Damages And Penalties After Federal Wage And Hour Investigation (March 30, 2016);
Tampico Restaurants Agree To Pay $190K In Back Wages To 67 Workers (March 26, 2016);
S. Labor Department Lawsuit Seeks Back Wages And Damages For Austintown, Ohio Restaurant Workers (March 16, 2016);
Popular Cajun Food Enterprise Will Pay More Than $138K In Back Wages, Penalties Following U.S. Labor Department Investigation (March 07, 2016);
US Labor Department Initiative Finds Ames Restaurants Owe Nearly $100K In Back Wages To More Than 150 Workers (March 02, 2016);
S. Labor Department Sues To Recover Unpaid Minimum Wage, Overtime Plus Additional Damages For Akron Restaurant Workers (February 25, 2016);
Paying To Work? Sophia’s House Of Pancakes Resolves Allegations Servers Made To Pay $2 Per Hour To Work At Restaurants (February 16, 2016)($245K);
Two Hawaii Restaurants Found In Violation Of Overtime Pay Requirements (February 10, 2016)($81,294);
Labor Department Launches West Coast Sweep To Investigate Pay Practices At Fast Food Establishments To Ensure Fairness, Compliance (February 4, 2016);
Sushi And Ramen Restaurants Pay $621K In Back Wages, Damages And Penalties After US Labor Department Investigation (January 25, 2016)
Federal Judge Overturns Jury Verdict, Orders El Tequila Restaurants And Owner Carlos Aguirre To Pay $2.1 Million In Back Wages And Damages To Workers (January 14, 2016);
Taqueria La Herradura En Pharr, Texas, Paga Más De $33 Mil En Concepto De Salarios Retroactivos Y Daños Al Personal De La Cocina Después De Una Investigación Del Departamento De Trabajo De Ee.Uu.(January 12, 2016);
Investigations At 10 North Carolina Restaurants Find More Than $510K In Back Wages Owed To 125 Workers (January 12, 2016);
Restaurant Enforcement Initiative Finds More Than $2.27M In Back Wages, Damages Owed To More Than 3,000 Georgia Workers (January 05, 2016).

Enforcement Actions Highlight Common Restaurant WH Law Compliance Concerns

Restaurant employers, like employers in most other industries, are subject to a host of minimum wage, overtime and other requirements including the FLSA requirement that covered, nonexempt employees earn at least the federal minimum wage of $7.25 per hour for all regular hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records and must comply with child labor, anti-retaliation and other WH Law requirements.

The News Release identified some of the common violations WHD uncovered in these investigations included employers:

Requiring employees to work exclusively for tips, with no regard to minimum-wage standards;
Making illegal deductions from workers’ wages for walkouts, breakages, credit card transaction fees and cash register shortages, which reduce wages below the required minimum wage;
Paying straight-time wages for overtime hours worked.
Calculating overtime incorrectly for servers based on their $2.13 per hour base rates before tips, instead of the federal minimum wage of $7.25 per hour.
Failing to pay proper overtime for salaried non-exempt cooks or other workers;
Creating illegal tip pools involving kitchen staff;
Failing to maintain accurate and thorough records of employees’ wages and work hours.
Committing significant child labor violations, such as allowing minors to operate and clean hazardous equipment, including dough mixers and meat slicers.

Use Care To Verify Tipped Employees Paid Properly

Based on the reported violations, restaurants employing tipped employees generally will want to carefully review their policies, practices and records regarding their payment of tipped employees. Among other things, these common violations reflect a widespread misunderstanding or misapplication of special rules for calculating the minimum hourly wage that a restaurant must pay an employee that qualifies as a tipped employee. While special FLSA rules for tipped employees may permit a restaurant to claim tips (not in excess of $5.12 per hour) actually received and retained by a “tipped employee,” not all workers that receive tips are necessarily covered by this special rule. For purposes of this rule, the definition of “tipped employee” only applies to an employee who customarily and regularly receives more than $30 per month in tips.

Also, contrary to popular perception, the FLSA as construed by the WHD does not set the minimum wage for tipped employees at $2.13 per hour. On the contrary, the FLSA requirement that non-exempt workers be paid at least the minimum wage of $7.25 per hour for each regular hour worked also applies to tipped employees. When applicable, the special rule for tipped employees merely only allows an employer to claim the amount of the tips that the restaurant can prove the tipped employee actually received and retained (not in excess of $5.13 per hour) as a credit against the minimum wage of $7.25 per hour the FLSA otherwise would require the employer to pay the tipped employee. Only tips actually received by the employee may be counted in determining whether the employee is a tipped employee and in applying the tip credit. If a tipped employee earns less than $5.13 per hour in tips, the restaurant must be able to demonstrate that the combined total of the tips retained by the employee and the hourly wage otherwise paid to the tipped employee by the restaurant equaled at least the minimum wage of $7.25 per hour.

Furthermore, restaurant or other employers claiming a tip credit must keep in mind that the FLSA generally provides that tips are the property of the employee. The FLSA generally prohibits an employer from using an employee’s tips for any reason other than as a credit against its minimum wage obligation to the employee (“tip credit”) or in furtherance of a valid tip pool.

Also, whether for purposes of applying the tip credit rules or other applicable requirements of the FLSA and other wage and hour laws, restaurant employers must create and retain appropriate records and other documentation regarding worker age, classification, hours worked, tips and other compensation paid and other evidence necessary to defend their actions with respect to tipped or other employees under the FLSA and other WH Law rules. Beyond accurately and reliably capturing all of the documentation required to show proper payment in accordance with the FLSA, restaurants also should use care to appropriately document leave, discipline and other related activities as necessary to show compliance with anti-retaliation, equal pay, family and medical leave, and other mandates, as applicable. Since state law also may impose additional minimum leave, break time or other requirements, restaurants also generally will want to review their policies, practices and records to verify their ability to defend their actions under those rules as well.

Child Labor Rules Require Special Care When Employing Minors

While hiring workers under the age of 18 (minors) can help a restaurant fulfill its staffing needs while providing young workers valuable first time or other work experience, restaurants that hire minors must understand and properly comply with any restrictions on the duties, work hours or other requirements for employment of the minor imposed by federal or state child labor laws.

As a starting point, the legal requirements for employing minors generally greater, not less, than those applicable to the employment of an adult in the same position. Employers employing workers who are less than 18 years of age (minors) should not assume that the employer can pay the minor less than minimum wage or skip complying with other legal requirements that normally apply to the employment of an adult in that position by employing the minor in an “internship” or other special capacity. The same federal and state minimum wage, overtime, safety and health and nondiscrimination rules that generally apply to the employment of an adult generally will apply to its employment of a worker who is a minor.

Beyond complying with the rules for employment of adults, restaurants employing minors also must ensure that they fully comply with all applicable requirements for the employment of minors imposed under the FLSA child labor rules and applicable state law enacted to ensure that when young people work, the work is safe and does not jeopardize their health, well-being or educational opportunities. Depending on the age of the minor, the FLSA or state child labor rules may necessitate that a restaurant tailor the duties and hours of work of an employee who is a minor to avoid the substantial liability that can result when an employer violates one of these child labor rules.

The FLSA child labor rules, for instance, impose various special requirements for the employment of youth 14 to 17 years old. See here. As a starting point, the FLSA child labor rules prohibit the any worker less than 18 years of age from operating or cleaning dough mixers, meat slicers or other hazardous equipment. Depending on the age of the minor worker, the FLSA child labor rules or state child labor laws also may impose other restrictions on the duties that the restaurant can assign or allow the minor to perform. Restaurants hiring any worker that is a minor must evaluate the duties identified as hazardous “occupations” that the FLSA child labor rules prohibit a minor of that age to perform here as an “occupation” and take the necessary steps to ensure the minor is not assigned and does not perform any of those prohibited activities in the course of his employment.

In addition to ensuring that minors don’t perform prohibited duties, restaurants employing minors also comply with all applicable restrictions on the hours that the minor is permitted to work based on the age of the minor worker. For instance, the FLSA and state child labor rules typically prohibit scheduling a minor less than 16 years of age to work during school hours and restrict the hours outside school hours the minor can work based on his age. Additional restrictions on the types of jobs and hours 14- and 15-year-olds may work also may apply.

Compliance with the FLSA child labor rules is critically important for any restaurant or other employer that employs a minor, particularly since the penalties for violation of these requirements were substantially increased in 2010, as Streets Seafood Restaurant learned earlier this year.

According to a WHD News Release, Street’s Seafood Restaurant paid $14,288 in minimum wage and overtime back wages and an equal amount in liquidated damages totaling $28,577 to eight employees, and also was assessed a civil money penalty of $14,125 for FLSA child labor violations committed in the course of its employment of four minors ages 15 to 17. Specifically, investigators found Street’s Seafood Restaurant:

Required minors to operate, dismantle, clean and reassemble a meat slicer and a dough mixer.
Required a 17-year-old to operate a motor vehicle to transport food to catering events.
Required a 15-year-old to work more hours than allowed by law.
Paid some workers only $6 per hour, below the required federal minimum wage of $7.25 per hour.
Paid employees straight time for overtime when they worked more than 40 hours in a week, instead of paying them time-and-one-half, as the law requires.
Failed to maintain proof of age of minors.
Failed to maintain required time and payroll records.

WHD’s announcement of the settlement resolving these child labor laws quotes Kenneth Stripling, director of the division’s Birmingham District Office as stating:

Employing young people provides valuable experience, but that experience must never come at the expense of their safety …Additionally, employers have an obligation to pay employees what they have legally earned. All workers deserve a fair day’s pay for a fair day’s work. Unfortunately, Street’s Seafood violated not only child labor laws, but has also shorted workers’ pay. The resolution of this case sends a strong message that we will not tolerate either of those behaviors.

Restaurants Must Act To Minimize Risks

Beyond WHD’s direct enforcement actions, WHD also is seeking to encourage private enforcement of WH Law violations by conducting an aggressive outreach to employees, their union and private plaintiff representatives, states and others. Successful plaintiffs in private actions typically recover actual back pay, double damage penalties plus attorneys’ fees and costs. The availability of these often lucrative private damages makes FLSA and other WH Law claims highly popular to disgruntled or terminated workers and their lawyers. When contemplating options to settle claims WH Law claims made by a worker, employers need to keep in mind that WHD takes the position that settlements with workers do not bar the WHD from taking action unless the WHD joins in the settlement and in fact, past settlements may provide evidence of knowingness or willfulness by the employer in the event of a WHD prosecution. The substantial private recoveries coupled with these and other WHD enforcement and other compliance actions mean bad news for restaurant employers that fail to manage their FLSA and other WH Law compliance. Restaurant employers should act within the scope of attorney-client privilege to review and verify their compliance and consult with legal counsel about other options to minimize their risk and streamline and strengthen their ability to respond to and defend against audits, investigations and litigation.

Beyond verifying the appropriateness of their timekeeping and compensation activities and documentation, restaurants and staffing or management organizations working with them also should use care to mitigate exposures that often arise from missteps or overly aggressive conduct by others providing or receiving management services or staffing services. All parties to these arrangements and their management should keep in mind that both parties participating in such arrangements bear significant risk if responsibilities are not properly performed. Both service and staffing providers and restaurants using their services should insist on carefully crafted commitments from the other party to properly classify, track hours, calculate and pay workers, keep records, and otherwise comply with WH Laws and other legal requirements. Parties to these arrangements both generally also will want to insist that these contractual reassurances are backed up with meaningful audit and indemnification rights and carefully monitor the actions of service providers rendering these services.

About The Author

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment, employee benefits, compensation, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on DOL Aggressively Targeting Restaurants For Wage & Hour & Child Labor Law Violations | Attorney-Client Privilege, board of directors, Civil Monetary Penalties, Corporate Compliance, corporate governance, employee, Employer, Employers, Employment, Employment Discrimination, Employment Tax, Fair Labor Standards Act, family leave, FLSA, Government Contractors, Hiring, Hospitality, HR, Human Resources, Internal Controls, Internal Investigations, Labor Management Relations, Leave, Management, Non-Exempt, Pay, Risk Management, Salaried, Uncategorized | Tagged: Child Labor, Employer, Exempt, FLSA, hospitality, Minimum Wage, Non-Exempt, Overtime, pay, Restaurant, wage and hour | Permalink
Posted by Cynthia Marcotte Stamer

Health Plans, Other Covered Entities Have Continuing Duty To Reevaluate HIPAA Enterprise Risk To PHI & Address Security Risks & Other Compliance Concern On Ongoing Basis

October 27, 2016

Compliance with the Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA) is a living process that requires employer and other health plans, health insurers, health care providers and healthcare clearinghouses to recurrently reevaluate their HIPAA enterprise risk and timely act to mitigate security threats to electronic (ePHI) and other protected health information and other HIPAA compliance concerns on an ongoing basis. That’s the clear take away applicable to all HIPAA-Covered Entities and business associates from the St. Joseph Health Resolution Agreement and Corrective Action Plan (SJH Settlement) and the Oregon Health & Science University Resolution Agreement and Corrective Action Plan (OHSU Settlement) announced by the Department of Health & Human Services Office of Civil Rights (OCR) in the past 30 days. Health plans, their sponsors, fiduciaries and vendors, health care providers and health care clearinghouses should carefully heed this message and in response take documented steps to ensure

Their existing policies, practices and procedures properly are updated in response to changing guidance and events;
They in place the current, comprehensive enterprise risk assessment along with a mitigation plan documenting actions taken to address these risks;
Ensure that the organization has and is administering appropriate, documented processes and procedures to ensure that the organization reassesses its enterprise risk assessment and compliance on a timely basis as warranted by changes or other events that could impact ePHI, regulatory developments or other events that might impact its compliance; and
Have an appropriate, documented process for oversight by C-level management.

OHSU Charges & Settlement

The OHSU Settlement Agreement announced by OCR on September 23, 2016 requires OHSU to pay a $2.7 million settlement payment and adopt and implement a comprehensive three-year corrective action plan to address “widespread and diverse” HIPAA compliance problems OCR reports uncovering while investigating multiple HIPAA breach reports the large public academic health center and research university centered in Portland, Oregon.

OCR began investigating OHSU after the large public academic health center and research university centered in Portland, Oregon, submitted three HIPAA breach reports affecting thousands of individuals, including two reports involving unencrypted laptops and another large breach involving a stolen unencrypted thumb drive:

On March 23, 2013, HHS received notification from OHSU regarding a breach of its unsecured electronic protected health information (“ePHI”) resulting from a stolen laptop computer;
On July 28, 2013, HHS received notification from OHSU regarding a breach of its ePHI resulting from storing ePHI at an internet-based service provider without a business associate agreement; and.

These incidents each garnered significant local and national press coverage. OCR’s investigation uncovered evidence of widespread vulnerabilities within OHSU’s HIPAA compliance program, including the storage of the ePHI of more than 3,000 individuals on a cloud-based server without a business associate agreement. OCR found significant risk of harm to 1,361 of these individuals due to the sensitive nature of their diagnoses.

OCR’s investigation showed the reported breaches resulted from widespread, long-term, systematic and unresolved HIPAA violations by OHSU that OCR attributed to an inadequate commitment to and oversight of HIPAA compliance by OHSU C-level management which resulted in the failure by OHSU to appropriately monitor the adequacy of its ongoing compliance and to assess and address changes in its enterprise-wide risk and compliance obligations on an ongoing basis. OHSU performed risk analyses in 2003, 2005, 2006, 2008, 2010, and 2013, but OCR’s investigation found that these analyses did not cover all ePHI in OHSU’s enterprise, as required by the Security Rule. While the analyses identified vulnerabilities and risks to ePHI located in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these documented risks and vulnerabilities to a reasonable and appropriate level. OHSU also lacked policies and procedures to prevent, detect, contain, and correct security violations and failed to implement a mechanism to encrypt and decrypt ePHI or an equivalent alternative measure for ePHI maintained on its workstations, despite having identified this lack of encryption as a risk.

OCR concluded that the reported breaches were the result of long-standing, systematic deficiences in OHSU’s processes and procedures for HIPAA compliance, including the following:

While OHSU reportedly performed risk analyses in 2003, 2005, 2006, 2008, 2010, and 2013, OCR says its investigation found that these analyses did not cover all ePHI in OHSU’s enterprise, as required by the Security Rule;
While the analyses identified vulnerabilities and risks to ePHI located in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these documented risks and vulnerabilities to a reasonable and appropriate level;
OHSU also lacked policies and procedures to prevent, detect, contain, and correct security violations and failed to implement a mechanism to encrypt and decrypt ePHI or an equivalent alternative measure for ePHI maintained on its workstations, despite having identified this lack of encryption as a risk;
OHSU failed to comply with its duty under HIPAA to enter into a business associate agreement with a vendor before allowing a vendor business associate to store ePHI; and
The absence of meaningful C-suite leadership oversight and commitment to HIPAA compliance.

Based on these investigations, OCR concluded that while OHSU initially adopted HIPAA Policies, the reported breaches were the result of a series of widespread and ongoing breaches of HIPAA resulted including the following:

From January 5, 2011, until July 3, 2013, OHSU disclosed the ePHI of 3,044 individuals in violation of Privacy Rules §§160.103 and 164.502(a) when workforce members disclosed the ePHI to a third party internet-based service provider without obtaining a business associate agreement or other satisfactory assurance that the internet-based service provider would safeguard the ePHI;
From January 5, 2011 until July 3, 2013 OHSU failed to obtain a business associate agreement from an internet-based service provider that was storing ePHI on its behalf as a business associate as required by 45 C.F.R. § 164.308(b);
From January 5, 2011 until July 3, 2013 OHSU failed to implement policies and procedures to prevent, detect, contain, and correct security violations as required under Privacy Rule § 164.308(a)(1)(i);
From July 12, 2010 to present, OHSU failed to implement a mechanism to encrypt and decrypt ePHI or an equivalent alternative measure for all ePHI maintained in OHSU’s enterprise as required by Privacy Rules §§ 164.312(a)(2)(iv) and 164.306(d)(3)); and
From May 29, 2013 until July 3, 2013, OHSU failed to implement policies and procedures to address security incidents in violation of Privacy Rule § 164.308(a)(6)(i).

According to statements made by OCR Director Jocelyn Samuels in OCR’s announcement of the OHSU Settlement, the breaches should not have happened. “From well-publicized large scale breaches and findings in their own risk analyses, OHSU had every opportunity to address security management processes that were insufficient,” said OCR Director Jocelyn Samuels. OCR’s announcement also signals that OCR views inadequate commitment and oversight by OHSU’s senior management to have played a key role in the creation and perpetuation of the OHSU violations. It quotes OCR Director Jocelyn Samuels as stating, “This settlement underscores the importance of leadership engagement and why it is so critical for the C-suite to take HIPAA compliance seriously.”

OCR’s announcement of the OHSU Settlement emphasizes its determination that a lack of commitment and oversight by C-level management resulted in the failure by OHSU to periodically perform a comprehensive enterprise risk analysis and to reevaluate and update that analysis and its policies, practices, procedures and training as warranted by changing events and guidance.

To resolve the HIPAA charges, the OHSU Settlement requires OHSU to pay OCR $2,700,000 as well as take a long series of corrective actions detailed in the Corrective Action Plan incorporated into the Settlement Agreement. The requirements of the Corrective Action Plan both seek to address the specific weaknesses that lead to the breaches of unsecured ePHI reported by OHSU in its breach notifications as well as the broader deficiencies in OHSU’s overall HIPAA compliance practice by requiring among other things that OHSU:

Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI at all OHSU facilities and on all systems, networks, and devices that create, receive, maintain, or transmit ePHI;.
Develop and present to OCR for approval a comprehensive written risk management plan that explains OHSU’s strategy for implementing security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level based on OHSU’s circumstances as well as a comprehensive, enterprise-wide plan to implement effective oversight of OHSU workforce members to ensure their adherence to HIPAA Rules and OHSU’s internal privacy and security policies and procedures with specific timelines for their expected completion and compensating controls identified in the interim to safeguard OHSU’s ePHI;
Implement and administer the written risk management plan and other safeguards as approved by OCR;
Provide updates to OCR about OHSU’s implementation of required encryption including a Mobile Device Management (MDM) solution that ensures all OHSU- owned and personally-owned mobile devices (tablets, smart phones, and other mobile devices) that access ePHI on OHSU’s secure network are encrypted other than mobile devices for which OHSU has granted exceptions based on documented evidence of the implementation of alternative reasonable compensating controls to protect the ePHI on such devices;
Report to OCR on OHSU’s efforts to a solution to enforce encryption of ePHI on OHSU-owned and personally- owned devices (laptops, desktops, and medical equipment) connecting to OHSU’s secure wired and wireless networks except for any devices for which OHSU has granted exceptions to the encryption requirement;
Report to OCR about its implementation of policies that prohibit the transfer of data containing ePHI from OHSU-owned and personally-owned devices to unencrypted removable storage devices (USB drives and portable hard drives) and implementation of a technical solution that enforces the policies prohibiting transfers of this type when attached to the OHSU secure network, except for any removable storage devices for which OHSU has granted exceptions based on documented evidence of reasonable compensating controls that have been implemented to protect the ePHI on such devices;
Send a communication to all members of the OHSU community describing its commitment to enterprise encryption;
Prepare to the satisfaction of OCR security awareness training materials needed to implement its security management processing including specific privacy and security awareness related to a) use of internet-based information storage services; b) disclosures to third party entities that require a business associate agreement or other reasonable assurance in place to ensure that the business associate will safeguard the protected health information (PHI) and/or ePHI; c) regarding managers, effective oversight of workforce members’ uses and disclosures of PHI, including ePHI, to ensure the workforce members’ compliance with the Privacy and Security Rules and OHSU’s internal policies and procedures; d) security incident reporting; and e) password management;
Initially train all workforce members with access to PHI and/or ePHI with 120 days of OCR’s approval of the training and thereafter ensure that new workforce members are trained with 15 days of hire and that all workforce members subsequently continue to receive training on an on-going basis;
Review the security awareness training materials annually, and, where appropriate, update the training to reflect changes in Federal law or HHS guidance, any issues discovered during audits or reviews, and any other relevant developments;
Management oversight and supervision of the implementation and administration of the corrective actions required by the Corrective Action Plan and HIPAA compliance; and

Management reporting to OCR on its actions and compliance with the Corrective Action Plan.

SJH Settlement

Similarly, the SJH Settlement OCR announced on October 18, 2016 with St. Joseph Health (SJH) requires SJH to pay a $2.4 million plus settlement payment, conduct an enterprise-wide risk analysis and implement and administer a comprehensive correction plan to settle OCR charges that SJH violated HIPAA by allowing files containing ePHI of 31,800 individuals that SJH created for its participation in the Medicare meaningful use program to be publicly accessible on the internet from February 1, 2011, until February 13, 2012.

A nonprofit integrated Catholic health care delivery system sponsored by the St. Joseph Health Ministry, who through its 24,000 employees and 6,000 physicians provides a range of health care services to more than 137,000 inpatients and 3.6 million outpatients each year at SHS’ 4 acute care hospitals, home health agencies, hospice care, outpatient services, skilled nursing facilities, community clinics and physician organizations located throughout California and in parts of Texas and New Mexico.

OCR’s charges against SJH arose out of OCR’s investigation into a 2012 breach notification report SJS filed with OCR. On February 14, 2012, SJH reported to OCR that files containing electronic protected health information (ePHI) of 31,800 individuals from five of the SJH hospitals-St. Jude Medical Center, Mission Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital, and Petaluma Valley Hospital that SJH created for its participation in the meaningful use program were publicly accessible on the internet from February 1, 2011, until February 13, 2012, via Google and possibly other internet search engines.

SJH’s report to OCR indicated that this public access resulted from a configuration within its network server in which PDF files containing following patient information were uploaded: patient names; BMI; blood pressure; lab results; smoking status; diagnoses lists; medication allergies; advance directive status and demographic information (language, ethnicity, race, sex, and birth date). The server SJH purchased to store the files included a file sharing application whose default settings allowed anyone with an internet connection to access them. Upon implementation of this server and the file sharing application, SJH did not examine or modify it. As a result, the public had unrestricted access to PDF files containing the ePHI of 31,800 individuals, including patient names, health statuses, diagnoses, and demographic information from February 14, 2012 until SJH blocked external access to the ePHI when it shut down the application February 13, 2012.

OCR’s investigation indicated the following potential violations of the HIPAA Rules:

From February 1, 2011 to February 13, 2012, SJH potentially disclosed the PHI of 31,800 individuals;
Evidence indicated that SJH failed to conduct an evaluation in response to the environmental and operational changes presented by implementation of a new server for its meaningful use project, thereby compromising the security of ePHI;
Although SJH hired a number of contractors to assess the risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by SJH, evidence indicated that this was conducted in a patchwork fashion and did not result in an enterprise-wide risk analysis, as required by the HIPAA Security Rule.

To resolve charges resulting from these findings, the SJH Resolution Agreement requires SJH to pay OCR a $2,140,500 settlement payment and adopt a comprehensive corrective action plan which among other things, requires SJH to conduct an enterprise-wide risk analysis, develop and implement a risk management plan, revise its policies and procedures, and train its staff on these policies and procedures. SJH’s Chief Executive Officer, Annette M. Walker, is named in the Corrective Action Plan as the SJH authorized representative and contact person responsible for overseeing the CAP implementation.

Among other things, the Corrective Action Plan specifically requires that SJH:

Within 240 days, conduct an enterprise-wide analysis and provide a report to OCR which includes a complete inventory of all electronic equipment, data systems, and applications that contain or store ePHI, and prepare and deliver to OCR for review an enterprise-wide risk analysis that identifies all security risks and vulnerabilities that incorporates all electronic equipment, data systems, and applications controlled, administered, or owned by SJH, its workforce members, and affiliated staff that contains, stores, transmits, or receives electronic protected health information (ePHJ);
Revise this risk analysis plan as directed by OCR based on its review of the presented risk analysis;
Develop and implement to the satisfaction of OCR an organization-wide risk management plan to address and mitigate any security risks and vulnerabilities identified in the risk analysis;
Distribute the risk management plan as finally approved by OCR to to workforce members involved with implementation of the plan within 30 days of OCR approval;
Revise to OCR’s satisfaction, adopt and implement within 30 days of OCR’s approval compliant HIPAA policies and procedures;
Prepare for review of OCR training materials and once approved by OCR, provide initial training to required workforce members, and obtain certification of completion of that training from each required workforce member within 60 days of OCR’s approval of the training and thereafter at least annually as long as the Corrective Action Plan remains in force;
Promptly conduct a documented investigation of any information indicating a potential workforce member violation of the new HIPAA policies in the manner required by OCR and if the investigation confirms a violation (Reportable Event), notify OCR of the relevant facts, findings, corrective actions and sanctions imposed against the violating workforce member in the manner required by the Corrective Action Plan;
Submit annual report to OCR signed and attested to by an SJH officer, which contains the information and attestations of compliance with the requirements of the Corrective Action Plan in accordance with the Corrective Action Plan;
Retain for inspection and copying and provide to OCR upon request all documents and records relating to compliance with this Corrective Action Plan for six (6) years from the Effective Date of the SJH Settlement Agreement.

Take Away For Other Covered Entities & Business Associates

The OHSU and SJH Settlement Agreements send a clear message to all Covered Entities and business associates that they must be prepared to demonstrate not only that their initial adoption and implementation of required HIPAA Privacy and Security policies and safeguards, but also that their organization’s leadership needs to be prepared to demonstrate their commitment to HIPAA compliance by making adequate provision for HIPAA compliance, and appropriately monitoring developments that could impact the adequacy of their existing measures and timely update their systems and security, policies, procedures, training and other relevant safeguards.

The Settlements make clear that Covered Entities and their business associates should ensure that their organization possesses a well-documented current enterprise-wide risk assessment, as well as has in place and is administering as necessary to maintain the currency and adequacy of its risk assessment strong practices for conducting documented evaluations of their own HIPAA security, policies, practices, audits and investigations and other procedures necessary to comply with HIPAA, taking into account recent OCR guidance, its initiation of its Phase II audit program, the insights offered by OCR’s ever growing list of enforcement actions and compliance tools, as well as changes in systems, documentation, software, equipment or other occurrences within the operations of the Covered Entity or business associate’s operations that could impact the currency and adequacy of its risk assessment or otherwise raise compliance risks.

In this respect, Covered Entities and business associates are encouraged to take special note of the advisability of specifically reviewing and updating their HIPAA policies, practices, business associate agreements, training, oversight and documentation to in response to the guidance and insight that OCR provides, including:

A series of recent OCR Resolution Agreements emphasizing the need for Covered Entities and their Business Associates to verify that have in place, and review and update as necessary business associate agreements e.g. HIPAA Settlement Illustrates The Importance Of Reviewing And Updating, As Necessary, Business Associate Agreements (September 23, 2016); Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement (June 29, 2016);
Clarification of Permissible Fees for HIPAA Right of Access – Flat Rate Option Up to $6.50 is Not a Cap on All Fees for Copies of PHI (May 23, 2016)
Guidance On HIPAA & Cloud Computing released October 6, 2016, which provides guidance for Covered Entities and business associates about contracting and other procedures that HIPAA-regulated Covered Entities and their business associates should implement when contracting for and using Cloud Computing Services;
Joint Guidance published October 21, 2016 by the Federal Trade Commission and OCR reminding Covered Entities and their business associates of the need to ensure that in addition to fulfilling the technical content requirements of HIPAA, their HIPAA authorizations, privacy practices notices and other HIPAA notices and communications are written and presented in plan language, include required specific terms and descriptions and in a manner that does not mislead individuals about their rights or about what is happening with their PHI. Furthermore, where Covered Entities and their business associates contemplate that businesses associates may request that individuals sign HIPAA authorizations, Covered Entities and their business associates should the Covered Entity and business associate have in place a current, signed HIPAA-compliant business associate agreement that that expressly authorizes the business associate to request the HIPAA authorization in light of statements in the Joint Guidance indicating that OCR views the Privacy Rules as prohibiting a business associate from asking a consumer to sign a HIPAA authorization unless its business associate contract expressly permits the business associate to do so; and
Other OCR enforcement actions, tools and guidance. See, e.g. All Covered Entities Should Learn Lessons From Mississippi Medical Center’s $2.75 Million HIPAA Resolution Agreement; Providers, Health Plans Should Confirm Copy Charges Comply With New OCR HIPAA Guidance; $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use; Addressing Gaps in Cybersecurity: OCR Releases Crosswalk Between HIPAA Security Rule and NIST Cybersecurity Framework; HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework.

Employer and other health plan sponsors, health plan fiduciaries and business associates, and their service providers also generally will want to consider their responsibilities to provide and enforce employer certifications, as well as the fiduciary obligations health plan fiduciaries under the fiduciary responsibility rules of the Employee Retirement Income Security Act (ERISA). Among other things, wrongful disclosure of PHI to a sponsoring employer or others could violate HIPAA or other plan terms. Furthermore, Department of Labor officials have indicated stated that a fiduciary’s general fiduciary responsibilities can apply to the protection and administration of PHI and other health plan information as well as create a duty by a responsible fiduciary to prudently investigate and take steps to address breaches or other potential concerns that place PHI at risk. See, HIPAA Settlement Warns Health Plans, Sponsoring Employers & Business Associates To Manage HIPAA Risks.

Furthermore, as breaches of PHI and other violations of HIPAA also frequently give rise to responsibilities or risks under a broad range of other federal and state laws medical and financial privacy and data security, Medicare and other terms of federal program participation, medical credentialing, licensure and ethics, insurance and Employee Retirement Income Security Act fiduciary responsibilities in the case of health plans, contractual, tort and other exposures, Covered Entities and their business associates also generally are best served to take into account these other responsibilities and exposures in conjunction with the design and administration of their HIPAA compliance and risk management policies and practices.

Covered Entities and their business associates also should seek advice from legal counsel regarding the adequacy of their compliance, investigatory, training, management oversight, training, reporting, documentation, document retention and other processes and procedures that could reduce risks of HIPAA violations and position the organization to effectively and more efficiently respond to a potential breach, audit, investigation or enforcement action and mitigate the costs and potential liability exposures that increasingly attends these events. In addition, given the typically high financial, operational and legal costs typically incurred to conduct investigations, report and redress breaches, and respond to OCR audits or investigations, much less make any payments and implement any corrective actions required to settle OCR changes, most Covered Entities and their business associations will want to consider the advisability and adequacy of insurance and other sources of funding or indemnification for the often substantial costs that often attend a HIPAA breach, audit or enforcement event. Since HIPAA violations under certain circumstances also can give rise to felony criminal liability, boards of directors and other leaders of Covered Entities and business associates also will want to ensure that their HIPAA compliance policies and practices also are incorporated and monitored by management as part of their organization’s overall Federal Sentencing Guideline Compliance programs and practices.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,”“Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications on HIPAA and other privacy and data security concerns earned in connection with her more than 28 years’ of involvement advising and representing business and government clients domestically and internationally about workforce and human resources, employee benefits; health care; insurance and financial; privacy and data security and other performance management, regulatory, internal controls and other compliance, risk management, public policy and operational other key concerns.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Group Chair and current Defined Contribution Plans Committee Co-Chair, Groups and Substantive Committee and Membership Committee Members, past Welfare Plans Committee Chair and Co-Chair, and former Fiduciary Responsibility Vice Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current ABA International Section Life Sciences Committee Vice Chair, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, former ABA Joint Committee on Employee Benefits Council Representative and Marketing Committee Chair and a prolific author and highly popular speaker and consultant, Ms. Stamer helps management manage.

Ms. Stamer’s legal and management consulting work throughout her nearly 30-year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Beyond her extensive involvement advising and representing clients on privacy and data security concerns and other health industry matters, Ms. Stamer also has served for several years as a scrivener for the ABA JCEB’s meeting with OCR, the Chair of the Southern California ISSA Health Care Privacy & Security Summit, and an editorial advisory board member, author, program chair or steering committee member, and faculties for a multitude of other programs and publications regarding privacy, data security, technology and other compliance, risk management and operational concerns in the health care, health and other insurance, employee benefits and human resources, retail, financial services and other arenas.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Health Plans, Other Covered Entities Have Continuing Duty To Reevaluate HIPAA Enterprise Risk To PHI & Address Security Risks & Other Compliance Concern On Ongoing Basis | ARRA, board of directors, Brokers, Cafeteria Plans, CHIP, Civil Monetary Penalties, Civil Rights, Claims, compliance, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, EBSA, Electronic Medical Record, employee, Employee Benefits, Employer, Employers, Employment, EMR, fiduciary duty, Fiduciary Responsibility, GINA, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Technology, third party administrators, Uncategorized, Union, Workforce | Tagged: Breach Notification, broker, Covered Entity, Data Breach, Data Security, EPHI, ERISA, health care providers, Health Plans, HIPAA, Medical Privach, Medical Privacy, Personal Health Information, Privacy, Technology | Permalink
Posted by Cynthia Marcotte Stamer

Manage Retaliation Risks In Response To Updated EEOC Enforcement Guidance, Rising Retaliation Claims

August 31, 2016

U.S. employers, employment agencies, unions, their benefit plans and fiduciaries, and their management and service providers should move quickly to review and strengthen their employment and other practices to guard against a foreseeable surge in employee retaliation claims and judgements likely to follow the August 30, 2016 issuance by the Equal Employment Opportunity Commission (EEOC) of its new final EEOC Enforcement Guidance on Retaliation and Related Issues and concurrently published Question and Answer Guidance(Guidance).

Updating and superceding 2008 guidance previously set forth in the Retaliation Chapter of the EEOC Enforcement Manual, the Guidance details the EEOC’s current policy for investigating and enforcing the retaliation prohibitions under each of the equal employment opportunity (EEO) laws enforced by EEOC, including Title VII of the Civil Rights Act of 1964, the Age Discrimination in Employment Act (ADEA), Title V of the Americans with Disabilities Act (ADA), Section 501 of the Rehabilitation Act, the Equal Pay Act (EPA) and Title II of the Genetic Information Nondiscrimination Act (GINA) as well as the ADA’s separate “interference” prohibitions, which prohibit coercion, threats, or other acts that interfere with the exercise of ADA rights. Among other things, the Guidance discusses :

What “retaliation means” and the scope of employee activity protected by the prohibitions against retaliation included in all laws enforced by the EEOC as well as the interference prohibitions of the ADA;
Legal analysis the EEOC will use to determine if evidence supports a claim of retaliation against an employer or other party;
Detailed examples of employer actions that the EEOC says may constitute prohibited retaliation; and
Remedies available for retaliation.

Understanding and properly responding to the Guidance is critically important for employers and other subject to the EEO laws because in light of the substantial and growing liability exposures retaliation claims present and the likely that the issuance of the Guidance will further fuel these risks.

Even before the EEOC published the Guidance, retaliation and interference exposures were a substantial source of concern for most employers. Employers, employment agencies and unions caught engaging in prohibited retaliation or intimidation in violation of EEO laws can incur compensatory and (except for governmental employers) punitive damage awards, back pay, front pay, reinstatement into a job or other equitable remedies, injunctive or administrative orders requiring changes in employer policies and procedures, managerial training, reporting to the EEOC and other corrective measures, as well as substantial investigation and defense costs.

These substantial liability exposures have become particularly concerning as retaliation and interference claims also have become increasingly common over the past decade. According to the EEOC, for example, EEO law retaliation charges have remained the most frequently alleged basis of charges filed with the EEOC since 2009 and in Fiscal Year 2015 accounted for 44.5 percent of all employment discrimination charges received by EEOC.
Since the EEOC’s issuance of the Retaliation Regs are likely to encourage additional retaliation or interference claims, employers, employment agencies, unions and their management, service providers and agents should quickly to evaluate the updated guidance provided in the Retaliation Reg and act to mitigate their exposure to retaliation retaliation and interference claims under these EEO laws.

Retaliation Risks Under EEO Laws

Federal EEO laws generally prohibit employers, employment agencies, or unions from punishing or taking other adverse actions against job applicants or employees for “asserting their rights” (often referred to as “protected activity”) to be free from harassment or other prohibited employment discrimination as well as certain other conduct. Such claims generally are referred to as “retaliation claims.”
Prohibited retaliation in violation of EEO laws occurs when an employer, employment agency or union takes a materially adverse action because an applicant or employee asserts rights or engages in certain other activities protected by the EEO laws.

To prevail in a retaliation claim, an applicant, employee or other individual generally must show that:

The individual engaged in prior protected activity;
The employer, employment agency or union took a materially adverse action; and
More likely than not, retaliation caused the adverse action by the employer, employment agency or union.

Persons Protected By EEO Retaliation Rules

EEO retaliation prohibitions protect both applicants and current and former employees (full-time, part-time, probationary, seasonal, and temporary) against retaliation under the EEO laws. The retaliation prohibitions bar an employer from refusing to hire or otherwise taking adverse action against any current or former applicant or employee because of his EEO complaint or other protected activity under applicable EEO laws. The EEOC interprets the retaliation rules as prohibiting an employer from giving a false negative job reference to punish a former employee for making an EEO complaint or engaging in other protected activity as well as as prohibiting an employer from refusing to hire or otherwise retaliating or discriminating against an applicant or employee based on a complaint made or other protected activity engaged against any a prior employer. The Guidance also makes clear that the retaliation prohibitions apply regardless of an applicant or employee’s citizenship or work authorization status.

Protected Activity

“Protected activity” generally means either participating in an EEO process or reasonably opposing conduct made unlawful by an EEO law.

The prohibition against an employer retaliating against an individual for “participating” in an EEO process means that an employer cannot punish an applicant or employee for filing an EEO complaint, serving as a witness, or participating in any other way in an EEO matter, even if the underlying discrimination allegation is unsuccessful or untimely. As a part of these prohibitions, the EEOC says that an employer, employment agency or union is not allowed to do anything in response to EEO activity that would discourage someone from resisting or complaining about future discrimination. For example, depending on the facts of the particular case, it could be retaliation because of the employee’s EEO activity for an employer to:

Reprimand an employee or give a performance evaluation that is lower than it should be;
Transfer the employee to a less desirable position;
Engage in verbal or physical abuse;
Threaten to make, or actually make reports to authorities (such as reporting immigration status or contacting the police);
Increase scrutiny;
Spread false rumors, treat a family member negatively (for example, cancel a contract with the person’s spouse); or
Take action that makes the person’s work more difficult (for example, punishing an employee for an EEO complaint by purposefully changing his work schedule to conflict with family responsibilities).

The Guidance clearly states that the EEOC views participating in any capacity in a complaint process or other protected equal employment opportunity as protected activity which is protected from retaliation under all circumstances. The EEOC views other acts to oppose discrimination also as protected as long as the employee was acting on a reasonable belief that something in the workplace may violate EEO laws, even if he or she did not use legal terminology to describe the issue. EEOC’s view is that protections against retaliation extend to participation in an employer’s internal EEO complaint process, even if a charge of discrimination has not yet been filed with the EEOC. The EEOC also takes the position that participation in the EEO process is protected whether or not the EEO allegation is based on a reasonable, good faith belief that a violation occurred. While an employer is free to bring these to light in the EEO matter where it may rightly affect the outcome, the Retaliation Regs state it is unlawful retaliation for an employer to take matters into its own hands and impose consequences for participating in an EEO matter.

In addition to prohibition for participation in protected activities, EEO law also prohibits retaliation against an individual for “opposing” a perceived unlawful EEO practice. The EEOC construes prohibition against retaliation for opposition as prohibiting an employer or other covered entity from punishing an applicant or employee for communicating or taking other action in opposition of a perceived EEO violation if the individual acted reasonably and based on a reasonable good faith belief that the conduct opposed is or could become unlawful if repeated.

According to the EEOC, opposition also can be protected even if it is informal or does not include the words “harassment,” “discrimination,” or other legal terminology. A communication or act may be protected opposition as long as the circumstances show that the individual is conveying resistance to a perceived potential EEO violation such as, for example:

Complaining or threatening to complain about alleged discrimination against oneself or others;
Taking part in an internal or external investigation of employment discrimination, including harassment;
Filing or being a witness in a charge, complaint, or lawsuit alleging discrimination;
Communicating with a supervisor or manager about employment discrimination, including harassment;
Answering questions during an employer investigation of alleged harassment;
Refusing to follow orders that would result in discrimination;
Resisting sexual advances, or intervening to protect others;
Reporting an instance of harassment to a supervisor;
Requesting accommodation of a disability or for a religious practice;
Asking managers or co-workers about salary information to uncover potentially discriminatory wages;
Providing information in an employer’s internal investigation of an EEO matter;
Refusing to obey an order reasonably believed to be discriminatory;
Advising an employer on EEO compliance;
Resisting sexual advances or intervening to protect others;
Passive resistance (allowing others to express opposition);
Requesting reasonable accommodation for disability or religion;
Complaining to management about EEO-related compensation disparities;
Talking to coworkers to gather information or evidence in support of a potential EEO claim; or
Other acts of opposition.

In order for the protection against opposition to apply, however, the individual must act with a reasonable good faith belief that the conduct opposed is unlawful or could become unlawful if repeated. Opposition not based on such a good faith belief is not protected. Employers should note that the EEOC takes the position that opposition by an employee could qualify as reasonable opposition protected against retaliation when an employee or applicant complains about behavior that is not yet legally harassment (i.e., even if the mistreatment has not yet become severe or pervasive) or to complain about conduct the employee believes violates the EEO laws if the EEOC has adopted that interpretation, even if some courts disagree with the EEOC on the issue.

Furthermore, an individual opposing a perceived violation of an EEO law is disqualified for protection against retaliation for his opposition unless the individual behaves in a reasonable manner when expressing his opposition. For example, threats of violence, or badgering a subordinate employee to give a witness statement, are not protected opposition.

Subject to these conditions, however, the Guidance states that retaliation for opposing perceived unlawful EEOC practices need not be applied directly to the employee to qualify for protection. If an employer, employment agency or union takes an action against someone else, such as a family member or close friend, in order to retaliate against an employee, the EEOC says both individuals would have a legal claim against the employer.

Moreover, according to the EEOC, the prohibitions against retaliation for participation and opposition apply regardless of whether the person is suffers the retaliation for acting as a witness or otherwise participating in the investigation of a prohibited practice regarding an EEO complaint brought by others, or for complaining of conduct that directly affects himself.

Materially Adverse Action

To fall within EEO law prohibitions against retaliation, the retaliatory actions must be “materially adverse,” which the Guidance defines to include any action that under the facts and circumstances might deter a reasonable person from engaging in protected activity. This definition of “materially adverse” sweeps broadly to include more than employment actions such as denial of promotion, non-hire, denial of job benefits, demotion, suspension, discharge, or other actions that can be challenged directly as employment discrimination. It also encompasses within the scope of retaliation employer action that is work-related, as well as other actions with no tangible effect on employment, or even an action that takes place exclusively outside of work, as long as it may well dissuade a reasonable person from engaging in protected activity.

Whether an action is materially adverse depends on the facts and circumstances of the particular case. The U.S. Supreme Court has held that transferring a worker to a harder, dirtier job within the same pay grade, and suspending her without pay for more than a month (even though the pay was later reimbursed) were both “materially adverse actions” that could be challenged as retaliation. The Supreme Court has also said that actionable retaliation includes: the FBI’s refusing to investigate death threats against an agent; the filing of false criminal charges against a former employee; changing the work schedule of a parent who has caretaking responsibilities for school-age children; and excluding an employee from a weekly training lunch that contributes to professional advancement.

In contrast, a petty slight, minor annoyance, trivial punishment, or any other action that is not likely to dissuade an employee from engaging in protected activity in the circumstances is not “materially adverse.” For example, courts have concluded on the facts of given cases that temporarily transferring an employee from an office to a cubicle was not a materially adverse action and that occasional brief delays by an employer in issuing refund checks to an employee that involved small amounts of money were not materially adverse.

The facts and circumstances of each case determine whether a particular action is retaliatory in that context. For this reason, the same action may be retaliatory in one case but not in another. Depending on the facts, other examples of “materially adverse” actions may include:

Work-related threats, warnings, or reprimands;
Negative or lowered evaluations;
Transfers to less prestigious or desirable work or work locations;
Making false reports to government authorities or in the media;
Filing a civil action;
Threatening reassignment;
Scrutinizing work or attendance more closely than that of other employees, without justification;
Removing supervisory responsibilities;
Engaging in abusive verbal or physical behavior that is reasonably likely to deter protected activity, even if it is not yet “severe or pervasive” as required for a hostile work environment;
Requiring re-verification of work status, making threats of deportation, or initiating other action with immigration authorities because of protected activity;
Terminating a union grievance process or other action to block access to otherwise available remedial mechanisms; or
Taking (or threatening to take) a materially adverse action against a close family member (who would then also have a retaliation claim, even if not an employee).

ADA Interference Claims

In addition to the need to manage potential exposures for prohibited retaliation, employers, employment agencies and unions also should be careful to manage their exposure to potential liability arising from claims for wrongful interference and individual’s exercise of the disability rights or protections granted under the ADA.

The ADA generally prohibits disability discrimination, limits an employer’s ability to ask for medical information, requires confidentiality of medical information, and gives employees who have disabilities the right to reasonable accommodations at work absent undue hardship and like other EEO laws, prohibits retaliation. In addition to its prohibitions against retaliation, however, the ADA also more broadly prohibits “interference” with statutory rights under the ADA.

Interference is broader than retaliation. The ADA’s interference provision makes it unlawful to coerce, intimidate, threaten, or otherwise interfere with an individual’s exercise of ADA rights, or with an individual who is assisting another to exercise ADA rights.

In addition, the ADA also prohibits employers from interfering with ADA rights by doing anything that makes it more difficult for an applicant or employee to assert any of these rights such as using threats or other actions to discourage someone from asking for, or keeping, a reasonable accommodation; intimidating an applicant or employee into undergoing an unlawful medical examination; or pressuring an applicant or employee not to file a disability discrimination complaint.

Prohibited interference may be actionable under the ADA even if ineffective and even if the person subjected to intimidation goes on to exercise his ADA rights.

While acknowledging that some employer actions may be both retaliation and interference, or may overlap with unlawful denial of accommodation, the Guidance identifies the following actions as examples of interference prohibited under the ADA:
Coercing an individual to relinquish or forgo an accommodation to which he or she is otherwise entitled;
Intimidating an applicant from requesting accommodation for the application process by indicating that such a request will result in the applicant not being hired;
Threatening an employee with loss of employment or other adverse treatment if he does not “voluntarily” submit to a medical examination or inquiry that is otherwise prohibited under the statute;
Issuing a policy or requirement that purports to limit an employee’s rights to invoke ADA protections (e.g., a fixed leave policy that states “no exceptions will be made for any reason”);
Interfering with a former employee’s right to file an ADA lawsuit against the former employer by stating that a negative job reference will be given to prospective employers if the suit is filed; and
Subjecting an employee to unwarranted discipline, demotion, or other adverse treatment because he assisted a coworker in requesting reasonable accommodation.

According to the EEOC, a threat does not have to be carried out in order to violate the interference provision, and an individual does not actually have to be deterred from exercising or enjoying ADA rights in order for the interference to be actionable.

Strategies To Help Deter Or Rebut Retaliation Charges

Even though individuals claiming retaliation technically bear the burden of proving more likely than not that he suffered an adverse employment action more probably than not as a result of retaliation, an employer, employment agency or union charged with illegal retaliation frequently need to rebut or undermine a claimant’s evidence of retaliation by having and introducing admissible evidence that it a non-retaliatory reason for taking the challenged action such as evidence that:

The employer was not, in fact, aware of the protected activity;
There was a legitimate non-retaliatory motive for the challenged action, that the employer can demonstrate, such as poor performance; inadequate qualifications for position sought; qualifications, application, or interview performance inferior to the selectee; negative job references (provided they set forth legitimate reasons for not hiring or promoting an individual); misconduct (e.g., threats, insubordination, unexcused absences, employee dishonesty, abusive or threatening conduct, or theft); or reduction in force or other downsizing;
Similarly-situated applicants or employees who did not engage in protected activity were similarly treated;
Where the “but-for” causation standard applies, there is evidence that the challenged adverse action would have occurred anyway, despite the existence of a retaliatory motive; or
Other credible evidence showing a legitimate, non-discriminatory and non-retalitory motive behind the action.

It is important that employer other other potential defendants in retaliation actions recognize and take appropriate steps to create and retain evidence documenting these or other legitimate business reasons justifying the action prior to taking adverse action. Many employer or other defendants charged with discrimination or retaliation discover too late that a rule of evidence commonly referred to as the “After Acquired Evidence Doctrine” often prevents an employer or other defendant from using documentation or other evidence of motive created after the adverse action occurs. Consequently, employer and other potential targets of retaliation claims before taking the adverse action would be wise to carefully collect, document and retain the evidence and analysis showing their adverse action was taken for a legitimate, nonretalitory, nondiscriminatory reason rather than for any retaliatory purpose.

Other Defensive Actions & Strategies

Beyond taking care to document and retain evidence of its legitimate motivations for taking an adverse employment action, employers, employment agencies and unions interested in avoiding or enhancing their defenses against retaliation or interference claims also may find it helpful to:

Maintain a written, plain-language anti-retaliation and anti-interference policy that provides practical guidance on the employer’s expectations with user-friendly examples of what to do and not to do;
Send a message from top management that retaliation and interference are prohibited and will not be tolerated;
Ensure that top management understands and complies with policies against prohibited discrimination, retaliation and interference;
Consistently and fairly administer all equal employment opportunity and other policies and procedures in accordance with applicable laws in a documented, defensible manner;
Post and provide all required posters or other equal employment opportunity notices;
Timely and accurately complete and file all required EEO reports;
Clearly communicate orally and in writing the policy against prohibited retaliation and interference, as well as procedures for reporting, investigating and addressing concerns about potential violations of these policies in corporate policies as well as to employees complaining or participating in investigations or other protected activities;
Conduct documented training for all managers, supervisors and other employees and agents of the employer about policies against prohibited discrimination, retaliation, and interference including, as necessary, specific education about specific behaviors or situations that could raise retaliation or interference concerns, when and how to report or respond to such concerns and other actions to take to prevent or stop potential retaliation and interference;
Establish and administer clear policies and procedures for reporting and investigating claims or other indicators of potential prohibited employment discrimination, retaliation, interference including appropriate procedures for monitoring and protecting applicants and workers who have made claims of discrimination or have a record of involvement in activities that might qualify for corrective action;
Review performance, compensation and other criteria for potential evidence of overt or hidden bias or other evidence of potential prohibited retaliation or interference and take documented corrective action as needed to prevent improper bias from adversely corrupting decision-making process;
Conduct timely, well-documented investigations of all reports or other evidence of suspected discrimination, retaliation, and interference including any disciplinary, remedial or corrective action taken or foregone and the justification underlying these actions;
Obtain and enforce contractual reassurances from recruiting, staffing and other contractors to adhere to, and cooperate with the employer in its investigation and redress of the nondiscrimination, data collection and reporting, anti-retaliation and anti-interference requirements of equal employment opportunity and other laws;
Incorporate appropriate inquiries and other procedures for documented evaluating and monitoring that hiring, staffing, performance review, promotion, demotion, discipline, termination and other employment decisions and actions for evidence or other indicators of potential prohibited discrimination, retaliation, interference or other prohibited conduct and take corrective action as necessary based on the evidence developed; and
Designate appropriately empowered and trained members of the management of the employer to receive and investigate complaints and other potential concerns;
Arrange for an unbiased third party review of the adverse action or the performance or other decision criteria, processes and analysis that the employer or other defendant contemplates relying on to decide and implement employment decisions for indicators of potential discriminatory, retaliatory or other illegal or undesirable biasand take corrective action as needed to address those concerns before undertaking employment actions;
Evaluate and allocate appropriate funds within the employer’s budget to support the employer’s compliance efforts as well as to provide for the availability of sufficient funds to investigate and defend potential charges or public or private charges of illegal discrimination, retaliation or interference through the purchase of employment practices liablity or other insurance coverages or otherwise;
If a manager or other party recommends an adverse action in the wake of an employee’s filing of an EEOC charge or participation in other protected activity, conducting or arranging for an another party to ndependently evaluate whether the adverse action is appropriate;
Proactively seek assistance from qualified legal counsel with the design and review of policies, practices and operations, investigation and analysis of internal or external complaints or other concerns about potential prohibited discrimination, retaliation or interference, review and execution of termination, discipline or other workforce events to mitigate discrimination, retaliation or interference risks as well as the defense of EEOC or private enforcement actions; and
Be ever diligent in your efforts to prevent, detect and redress actions or situations that could be a basis for retaliation or interference claims.

About The Author

Cynthia Marcotte Stamer is a noted Texas-based management lawyer and consultant, author, lecture and policy advocate, recognized for her nearly 30-years of cutting edge management work as among the “Top Rated Labor & Employment Lawyers in Texas” by LexisNexis® Martindale-Hubbell® and as among the “Best Lawyers In Dallas” for her work in the field of “Labor & Employment,”“Tax: Erisa & Employee Benefits” “Health Care” and “Business and Commercial Law” by D Magazine.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Chair and current committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, a former ABA Joint Committee on Employee Benefits Council Representative and , Ms. Stamer helps management manage.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal control and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.Solutionslawpress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™. All other rights reserved.

Comments Off on Manage Retaliation Risks In Response To Updated EEOC Enforcement Guidance, Rising Retaliation Claims | Accommodation, ADA, Affirmative Action, Civil Rights, compensation, Corporate Compliance, corporate governance, Disability, Disability, Disability Discrimination, Disability Plans, Discrimination, E-Verify, EEOC, employee, Employee Benefits, Employer, Employers, Employment, Employment Discrimination, Government Contractors, Hiring, HR, Human Resources, Internal Controls, Internal Investigations, Leave, LEP, LGBT, Management, Managment, Risk Management, Sexual Harassment, Uncategorized, Workforce | Tagged: Civl Rights, Discrimination, EEOC, Employee, Employer, Employment Agency, employment discrimination, Equal Employment Opportunity, Interference, Retaliation, Union | Permalink
Posted by Cynthia Marcotte Stamer

Criminal Conviction Of Plan Trustee, Outside Legal Counsel Shows Risks of Retaliating Against Whistleblowers For Reporting ERISA Violations

August 1, 2016

The U.S. Department of Labor’s just announced successful whistleblower prosecution in Perez v. Scott Brain, et al of an employee benefit plan trustee, and an individual lawyer and her law firm that served as the employee benefit plan’s outside legal counsel of violating the fiduciary responsibility and whistleblower rules of the Employee Retirement Income Security Act of 1974 (ERISA) illustrates why employee benefit plan sponsors, trustees or other fiduciaries, their management, legal counsel, auditors and other service providers must both prudently investigate whistleblower allegations or other evidence of potential wrongdoing involving their employee benefit plans and resist the temptation to retaliate against employees or others for reporting or cooperating in the investigation of alleged improprieties involving an employee benefit plan.

The Brain decision highlights the care that employee benefit plan sponsors, fiduciaries, advisors and service providers and their management must use when responding to allegations or other evidence of wrongdoing relating to an employee benefit plan or its administration, investigating and addressing alleged misconduct or other performance or disciplinary concerns involving parties whose report or involvement in investigations of ERISA or other misconduct could form the basis of a potential ERISA 510 or other retaliation complaint.

The decision also makes clear that outside legal counsel advising an employee benefit plan or its fiduciaries in relation to the investigation or response to charges of ERISA misconduct involving an employee benefit plan must use care to avoid actions that could render them liable for participation in acts of illegal retaliation, violating their duty of loyalty to the plan by allowing themselves to become involved in a conflict of interest when investigating or defending potential wrongdoing involving an employee benefit plan, or engaging in other discretionary actions that could constitute a breach of fiduciary duty in violation of ERISA.

In Perez v. Scott Brain, et al., the U.S. District Court for the Central District of California ruled that Cement Masons Southern California Trust Fund’s trustee and Cement Masons Local 600 business manager, Scott Brain (Brain) and outside trust fund legal counsel, Melissa Cook, violated sections 510 and 404 of ERISA by causing the firing a trust fund employee Cheryle Robbins (Robbins) and an employee of the plan’s third party administrator, Cory Rice (Rice), in retaliation for their involvement in filing an internal complaint about and cooperating with the Labor Department’s Employee Benefit Security Administration’s federal criminal investigation of reports of Brain’s wrongful interference as a trustee with collections and contributions from unionized employers.

In 2011, Robbins, director of the trust funds’ audit and collections department, responded to a federal criminal investigation into Brain’s activities with contractors. The same year, she and Rice, who worked for the third-party administrator to the trust fund, American Benefit Plan Administrators, now, Zenith American Solutions (Zenith), participated in an effort to complain about Brain’s interference with efforts to collect delinquent contributions from contractors. Within weeks of this conduct, Robbins was suspended from her employment with the trust fund. Less than six months later, both Robbins and Rice were fired.

The court’s 71-page decision chronicles the coordinated retaliatory campaign orchestrated by Brain and Cook that led to Robbins’ suspension and firing by the employee benefit plan as well as the termination of Cook by his employer, Zenith..

With respect to Robbins’ suspension, the court found that the evidence showed Brain and Cook “were very upset with Robbins due to her contact with the [Department of Labor],” and that Brain and Cook “used their positions and influence to cause the other trustees to vote in favor of” suspending Robbins. To do so, the court explained, Brain and Cook “took the lead at the . . . [b]oard meeting with respect to the discussion of Robbins’ contact with the [Department of Labor]” and “created an environment that was hostile to her,” which “caused the trustees to vote to place her on leave.” The court noted that the two “‘set in motion’ the decision by the Joint Board to put Robbins on leave [.]”

As for Rice’s firing, the court explained how Brain and Cook retaliated against Rice by pressuring his employer, Zenith, into firing Rice and manipulating the Zenith relationship to deter Zenith from rehiring Rice in retaliation for his involvement in efforts to make an internal complaint about Brain.

Based upon evidence introduced during a five-day trial, the District Court ruled that Brain, Cook and Cook’s law firm violated ERISA section 510 by suspending and then discharging Robbins, and causing Zenith to refuse to hire Robbins and to discharge Rice in retaliation for their participation in reporting Brian’s misconduct to the General President of the Operative Plasterers’ and Cement Masons’ International Association and because Robbins participated in a federal criminal investigation of Brain. Specifically, the District Court ruled:

Brain, Cook and Cook’s law firm wrongfully retaliated against Robbins in violation of ERISA 510 for her communications with the DOL by placing her on administrative leave; causing the work performed by the department that Robbins previously managed to be outsourced to Zenith and by causing Zenith not to hire Robbins to participate in its work;
Brain, Cook and Cook’s law firm wrongfully retaliated against Rice in violation of ERISA 510 by causing Zenith to terminate Cook;
Brain breached his fiduciary duty under ERISA 404 by retaliating against Robbins and causing her to be placed on administrative leave and that Cook knowingly participated in that breach.

The court held that Brain and Cook’s retaliatory conduct violated section 510 of ERISA, which prohibits retaliation against whistleblowers for complaining of ERISA violations or cooperating with a governmental investigation of such violations. The court also held that the couple’s retaliation against Robbins breached Brain’s fiduciary duties under ERISA section 404 to the trust funds and that Cook participated knowingly in that breach.

In reaching its decision, the court rejected attorney Cook’s argument that she was somehow immunized from her unlawful conduct because she was an attorney to the trust funds. Among other things, the court noted the “apparent conflict of interest” Cook had in representing the trust funds while being in an undisclosed “romantic relationship” with Brain, which existed as defendants carried out their retaliatory scheme. Reminding lawyers of their ethical duties in California, the court cited California Rule of Professional Conduct 3-310(B), which the court explained “requires that an attorney disclose to a client any personal relationship or interest that he or she knows, or with the exercise of reasonable diligence should know, could substantially affect her his or her professional judgment in advising the client.”

As punishing for these criminal violations of ERISA, the District Court ordered the permanent removal of Brain as a trustee. It also ordered the permanent barring of Brain, Cook and her law firm from serving the Cement Masons Southern California Trust Funds. In addition, the court ordered Cook and her law firm to repay all attorneys’ fees she billed the trust funds for the actions she took in retaliating against whistleblowers Robbins and Rice. These criminal sanctions were in addition to the $630,000 civil damage award that the Labor Department previously secured in lost wages and damages for Robbins, Rice and another worker victimized by Brain and Cook in August 2015.

In addition to its successful prosecution of Brain, Cook and Cook’s law firm on these charges, the DOL also had sought, but failed to convince the District Court based on the evidence presented at trial to find Brain, Cook, Cook’s law firm and Brain’s fellow trust fund trustee Local 600 business agent and Joint Board of Trustees member Jaime Briceno guilty of wrongful retaliation against another alleged whistleblower or Briceno of breaching his fiduciary duties under ERISA by failing to prudently investigate Robbins’ allegations against Brain; or by voting to use assets of the Trust Funds to pay the cost of the settlement of the civil action brought by Robbins. The District Court also refused to consider a newly raised charge that Brain breached his fiduciary duty by failing to collect all monies owed to the Trust Funds on the grounds that the Labor Department had failed to timely raise the charge. While the court refused to convict Briceno, Brain, Cook or Cook’s law firm on the additional charges, the Labor Department’s prosecution of these claims illustrates that along with abstaining from retaliating against ERISA whistleblowers, employee benefit plan fiduciaries also should position themselves to defend against potential breach of fiduciary duty claims based on alleged inadequacies in their investigation or response to reports or other evidence of misconduct involving the plan by prudently investigating and acting to redress allegations or other evidence of potential wrongdoing in the administration of employee benefit plans or their assets.

About The Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, the author of this update, attorney Cynthia Marcotte Stamer, is AV-Preeminent (the highest) rated attorney repeatedly recognized as a Martindale-Hubble as a “LEGAL LEADER™” and “Texas Top Rated Lawyer” in Health Care Law, Labor and Employment Law, and Business & Commercial Law and among the “Best Lawyers In Dallas” in ERISA, Labor and Employment and Healthcare Law by D Magazine for her nearly 30 years of experience and knowledge representing and advising employers, employee benefit plans, their sponsors, fiduciaries, service providers and vendors and others on these and other planning, business transaction and contracting, administration, compliance, risk management, audits, investigations, government and private litigation and other enforcement and other related matters.

past Chair and current committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, a former ABA Joint Committee on Employee Benefits Council Representative ,

Ms. Stamer’s legal and management consulting work throughout her nearly 30-year career has focused on helping management manage. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, she de[;pus jer her extensive legal and operational knowledge and experience to help organizations and their management use the law and process to manage people, process, compliance, operations and risk.

As a key part of this work, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.

Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, expat and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.

A former lead consultant to the Government of Bolivia on its Social Security reform law Ms. Stamer also is well-known for her leadership on U.S. health and pension, wage and hour, tax, workforce, tax, education, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer for many years acted as the scribe responsible for leading the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights annual agency meeting and regularly participates in the OCR and other JCEB annual agency meetings, and participates in the development and submission of comments and other input to the agencies on regulatory, enforcement and other concerns. She also works as a policy advisor and advocate to many business, professional and civic organizations.

Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer serves on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and as an editorial advisor and contributing author of many other publications. Her leadership involvements with the American Bar Association (ABA) include year’s serving many years as a Joint Committee on Employee Benefits Council representative; ABA RPTE Section current Practice Management Vice Chair and Substantive Groups & Committees Committee Member, RPTE Employee Benefits & Other Compensation Committee Past Group Chair and Diversity Award Recipient, current Defined Contribution Plans Committee Co-Chair, and past Welfare Benefit Plans Committee Chair Co-Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; International Section Life Sciences Committee Policy Vice Chair; and a speaker, contributing author, comment chair and contributor to numerous Labor, Tax, RPTE, Health Law, TIPS, International and other Section publications, programs and task forces. Other selected service involvements of note include Vice President of the North Texas Healthcare Compliance Professionals Association; past EO Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former Southwest Benefits Association Board of Directors member, Continuing Education Chair and Treasurer; former Texas Association of Business BACPAC Committee Member, Executive Committee member, Regional Chair and Dallas Chapter Chair; former Society of Human Resources Region 4 Chair and Consultants Forum Board Member and Dallas HR Public Policy Committee Chair; former National Board Member and Dallas Chapter President of Web Network of Benefit Professionals; former Dallas Business League President and others. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

If you found these updates of interest, you may be interested in other recent Solutions Law Press, Inc. updates like the following:

Go here to register to receive other Solutions Law Press, Inc. updates and announcements about other upcoming briefings, training or other programs, products, services, and activities or to learn more about Solutions Law Press, Inc., its publications, programs and training, PROJECT COPE: Coalition on Patient Empowerment community service and education projects, event management and other resources and services.

For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Comments Off on Criminal Conviction Of Plan Trustee, Outside Legal Counsel Shows Risks of Retaliating Against Whistleblowers For Reporting ERISA Violations | 401(k), Appeals, Attorney-Client Privilege, Banking, Bankruptcy, board of directors, Brokers, Claims Administration, compensation, compliance, Corporate Compliance, corporate governance, Cybercrime, defined benefit plan, defined contribution plan, Disability Plans, EBSA, employee, Employee Benefits, Employer, Employers, ERISA, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health insurance, health plan, Health Plans, HR, Human Resources, Insurance, insurers, Internal Controls, Internal Investigations, Labor Management Relations, Malpractice, Reporting & Disclosure, Uncategorized | Tagged: defined contribution plan, EBSA, employee benefit plans, Employer, ERISA, ERISA 404, ERISA 510, Fiduciary responsiility, Health Plan, Health Plans, Multiemployer collectively bargained employee benefit plans, Retailiation, Retirement Plans, Union, Whistleblower | Permalink
Posted by Cynthia Marcotte Stamer

Health Plans Disclosing Data To State All Payer Data Banks Face HIPAA Risks

May 31, 2016

Self-insured employer or union sponsored health plans (Plans), their fiduciaries, third party administrative or other service providers, and sponsors should consult legal counsel for advice about whether their Plans might violate the Privacy Rule of the Health Insurance Portability & Accountability Act (HIPAA) by disclosing individually identifiable claims or other Plan records or data to a state “all payer” claims or other data base in response to a state law or regulation mandating those disclosures in light of the Supreme Court’s recent ruling in Gobeille v. Liberty Mutual, 136 S. Ct. 936 (2016).

Gobeille involved a challenge to a Vermont “all payer” law similar to laws enacted by at least 20 other states, that requires health plan payers, their administrators or both to disclose individually identifiable health claims and other claims data about Plan members to a state created all payer data base. The Vermont law challenged in Gobeille required health insurers and other payers to disclose treatment information about Plan members as well as other certain health care claim payment and other data to an all payer claims database, which under the law is made “available as a resource for insurers, employers, providers, purchasers of health care, and State agencies to continuously review health care utilization, expenditures, and performance in Vermont. See Gobeille at 941. Vermont’s law requires third party administrators of self-insured Plans and other payers to disclose the information regardless of whether the member resides or received the treatment in Vermont.

In Gobeille, the Supreme Court ruled that the preemption provisions of Section 514 of the Employee Retirement Income Security Act (ERISA) bar Vermont from requiring self-insured ERISA Plans

In addition to excusing self-insured Plans from the trouble and expense of complying with Vermont’s disclosure law, the Supreme Court’s ruling in Gobeille that Vermont cannot enforce the law against self-insured ERISA Plans raises a concern that the Privacy Rules of HIPAA may prohibit Plans from disclosing certain individually identifiable claims information. The HIPAA compliance concern arises because the claims information and other data that the Vermont and most other similar laws require Plans and other payers to disclose generally is or include information that qualifies as “protected health information” within the meaning of the HIPAA Privacy Rule. These laws generally are structured either to directly require self-insured Plans to disclose the claims data directly, indirectly compel the disclosure by requiring third party administrators of such Plans to disclose the claims information for Plans they administer, or both.

Under the HIPAA Privacy Rule, Plans and other HIPAA-covered entities and service providers acting as business associates of the Plans are prohibited from using or disclosing individually identifiable protected health information unless the use or disclosure is expressly authorized by the Privacy Rule. Since violations of the Privacy Rule trigger substantial civil or even criminal penalties under HIPAA, Plans, their fiduciaries, service providers acting as business associates and other members of their workforce need to verify that the disclosure meets all of the requirements to fall within an exception to the Privacy Rule’s prohibition against disclosure before allowing such a disclosure

Before Gobeille, many self-insured Plans and their administrators treated the disclosures of individually identifiable claims data of the Plans as permitted as a disclosure “required by law” Privacy § 164.512(a), which provides in relevant part:

a) Standard: Uses and disclosures required by law.

(1) A covered entity may use or disclose protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law.

(2) A covered entity must meet the requirements described in paragraph (c), (e), or (f) of this section for uses or disclosures required by law.

The Gobeille ruling that that the Vermont law is unenforceable against self-insured Plans appears to eliminate the availability of this exception as a basis for allowing disclosures in response to the Vermont law as well as calls into question the ability of Plans to rely upon the “required by law” exception to the Privacy Rule to justify disclosures of protected health information to state all payer data bases in response to similar requirements enacted in the other 20 states that have enacted similar mandates. Plans that previously disclose or intend in the future to disclose protected health information to a state all payer data base in Vermont or another state generally will want to carefully document their justification, if any for making that disclosure under the Privacy Rule.

Unless the disclosure otherwise falls within another exception to the HIPAA Privacy Rule against disclosures without authorization, Plans, their sponsors, fiduciaries, third party administrators and other service providers and other members of the Plan workforce at minimum should be concerned that the HIPAA risks of disclosing protected health information in response to these state mandates after Gobeille. Plans that decide not to disclose information otherwise required by such state law requirements in light of the Gobeille ruling or HIPAA concerns may want to consult with qualified legal counsel about the steps, if any, that the Plan might want to take to document its ERISA preemption or other justifications for not providing the otherwise required disclosures.

Beyond evaluating the advisability of future disclosures in response to the Vermont or another similar all payer statute, Plans whose data previously was disclosed by the Plan or its administrator to an all payer data base under the belief that the disclosure was required by law also may want to seek the advice of qualified legal counsel about whether these prior disclosures triggered breach notification responsibilities under the Breach Notification rules of HIPAA with respect to any disclosures previously made. When electronic protected health information is used or disclosed in violation of HIPAA, the Breach Notification Rules of HIPAA generally require Plans and their business associates timely notify impacted individuals and the Department of Health & Human Services Office of Civil Rights (OCR) in accordance with the detailed requirements set forth in OCR’s implementing regulations. Furthermore, where a breach involves 500 or more individuals, the timetable for providing notification to OCR is accelerated and the Plan also is required to provide notification to the media and others.

About The Author

Cynthia Marcotte Stamer is a noted Texas-based management lawyer and consultant, author, lecturer and policy advocate, recognized for her nearly 30-years of cutting edge management work as among the “Top Rated Labor & Employment Lawyers in Texas” by LexisNexis® Martindale-Hubbell® and as among the “Best Lawyers In Dallas” for her work in the field of “Tax: Erisa & Employee Benefits” and “Health Care” by D Magazine.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal control and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at Solutionslawpress.com such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. ™. All other rights reserved.

Comments Off on Health Plans Disclosing Data To State All Payer Data Banks Face HIPAA Risks | Brokers, Civil Rights, Claims, Claims Administration, Corporate Compliance, Cybercrime, Data Breach, Data Security, EBSA, employee, Employee Benefits, Employer, Employers, Employment, ERISA, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health plan, Health Plans, health reform, HIPAA, HIPAA, HR, Human Resources, insurers, Internal Controls, Internal Investigations, Patient Empowerment, Preemption, Privacy, Reporting & Disclosure, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Final Investment Advice Fiduciary Rules Mean Work For Employers, Fiduciaries & Advisors

April 12, 2016

Employer and other employee benefit plan sponsors, benefit plan committees and fiduciaries, and the broker-dealers, financial advisors, insurance agents and other plan service providers that provide investment-related platforms, advice, recommendations or other services for employee benefit plans need to reevaluate the fiduciary status of their service providers and begin restructuring as necessary their associated relationships, service provider commission or other compensation, service agreements and arrangements or other services in response to a new Regulatory Guidance Package (Rule) that explicitly classifies parties providing “covered investment advice” as fiduciaries subject to the conflict of interest and other fiduciary responsibility rules of the Employee Retirement Income Security Act (ERISA).

Supplementing existing precedent and EBSA’s already existing broad, functional definition of “fiduciary,” the Rule clarifies when individuals and entities that provide “covered investment advice” to plans, plan sponsors, fiduciaries, plan participants, beneficiaries and Individual Retirement Accounts (IRAs) and IRA owners are:

Fiduciaries of the Plan or IRA for purposes of Title I of ERISA;
Required to acknowledge their status and the status of their individual advisers as “fiduciaries” of the plan for purposes of ERISA;
Accountable as fiduciaries for making prudent investment recommendations without regard to their own interests, or the interests of those other than the plan or plan participant or beneficiary that is the customer;
Restricted to charging only “reasonable compensation” for their advice or service;
Prohibited from making misrepresentations to their customers regarding recommended investments; and
Prohibited from providing advice or making payments that involve any conflicts of interest prohibited by ERISA unless the arrangements fully complies with a prohibited transaction exemption issued by EBSA under ERISA Section 408 that otherwise complies with ERISA Section 404.

Concurrent with its adoption of final regulations implementing these new rules concerning investment advisors and their fiduciary responsibilities, the Rule also adopts certain new Prohibited Transaction Exemptions that define requirements that providers of covered investment advice and the plan fiduciaries that engage them generally will be required after April 7, 2017 to ensure are met for investment advisors to receive commission-based compensation for their services, to sell or purchase certain recommended debt securities and other investments out of their own inventories to or from plans and IRAs, or to receive compensation for recommending fixed rate annuity contracts to plans and IRAs.

Investment Advice Covered By The Rule

The final rule applies to “covered investment advice.” For purposes of the rule, “covered investment advice” generally includes:

A recommendation to a plan, plan fiduciary, plan participant and beneficiary and IRA owner for a fee or other compensation, direct or indirect, as to the advisability of buying, holding, selling or exchanging securities or other investment property, including recommendations as to the investment of securities or other property after the securities or other property are rolled over or distributed from a plan or IRA;
A recommendation as to the management of securities or other investment property, including, among other things, recommendations on investment policies or strategies, portfolio composition, selection of other persons to provide investment advice or investment management services, selection of investment account arrangements (e.g., brokerage versus advisory); or recommendations with respect to rollovers, transfers, or distributions from a plan or IRA, including whether, in what amount, in what form, and to what destination such a rollover, transfer, or distribution should be made.

Under the Rule, the fundamental threshold element in establishing the existence of fiduciary investment advice is whether a “recommendation” occurred. The Department has taken an approach to defining “recommendation” that is consistent with and based upon the approach taken by the Financial Industry Regulatory Authority (FINRA), the independent regulatory authority of the broker-dealer industry, subject to the oversight of the Securities and Exchange Commission (SEC).

The Rule specifies that a “recommendation” is a communication that, based on its content, context, and presentation, would reasonably be viewed as a suggestion that the advice recipient engage in or refrain from taking a particular course of action. Under the Rule, the more individually tailored the communication is to a specific advice recipient or recipients, the more likely the communication will be viewed as a recommendation.

The types of relationships that must exist for such recommendations to give rise to fiduciary investment advice responsibilities include recommendations made either directly or indirectly (e.g. through or together with any affiliate) by a person who:

Represents or acknowledges that they are acting as a fiduciary within the meaning of ERISA or the Internal Revenue Code (Code);
Renders advice pursuant to a written or verbal agreement, arrangement or understanding that the advice is based on the particular investment needs of the advice recipient; or
Directs the advice to a specific recipient or recipients regarding the advisability of a particular investment or management decision with respect to securities or other investment property of the plan or IRA.

Also, the Rule only applies where a recommendation is provided directly or indirectly in exchange for a “fee or other compensation.” “Fee or other compensation, direct or indirect” means any explicit fee or compensation for the advice received by the person (or by an affiliate) from any source, and any other fee or compensation received from any source in connection with or as a result of the recommended purchase or sale of a security or the provision of investment advice services including, though not limited to, such things as commissions, loads, finder’s fees, and revenue sharing payments. A fee or compensation is paid “in connection with or as a result of” such transaction or service if the fee or compensation would not have been paid but for the transaction or service or if eligibility for or the amount of the fee or compensation is based in whole or in part on the transaction or service.

Investment Advice Not Covered By Rule

While the Rule reaches broadly, not all communications with financial advisers are covered fiduciary investment advice under the Rule. As a threshold issue, if the communications do not meet the definition of “recommendations” as described above, the communications will be considered non-fiduciary. In response to requests from commenters, and for clarification, the final rule includes some specific examples of communications that would not rise to the level of a recommendation and therefore would not constitute a fiduciary investment advice communication under the Rule.

When evaluating the applicability and effect of these exemptions, however, it is important to keep in mind that by adding the new Rule, EBSA seeks to make clear that individuals or organizations that engage in activities described in the Rule as covered investment advice are fiduciaries subject to these requirements. Since the Rule does not revoke existing EBSA fiduciary guidance or judicial precedent, service providers and other parties with discretionary authority or responsibility over employee benefit plans not covered by the Rule still could qualify as fiduciaries if their authority, responsibility or actions functionally causes them to fall within the definition of a fiduciary under these other pre-existing definitions of fiduciary status. Subject to this cautionary proviso, the following are some of the activities that the Rule identifies as activities that might fall outside the Rule’s covered investment activities in the manner required by the Rule:

“Education” as defined and provided in accordance with the Rule;
“General communications that a reasonable person would not view as an investment recommendation;”
Simply making available a platform of investment alternatives without regard to the individualized needs of the plan, its participants, or beneficiaries if a plan fiduciary independent of the platform service provider actually decides what investment options are offered and the platform service provider also represents in writing to the plan fiduciary that they are not undertaking to provide impartial investment advice or to give advice in a fiduciary capacity; and
Transactions with independent plan fiduciaries where the adviser knows or reasonably believes that the independent fiduciary is a licensed and regulated provider of financial services (banks, insurance companies, registered investment advisers, broker-dealers) or those that have responsibility for the management of $50 million in assets, and other conditions set forth in the Rule are met;
Communications and activities made by advisers to ERISA-covered employee benefit plans in swap or security-based swap transactions when the swap transaction meets certain conditions set forth in the Rule, which EBSA designed in coordination with the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) to avoid conflicts between the Rule and the swap and security-based swap rules promulgated by those agencies under the Dodd–Frank Wall Street Reform and Consumer Protection Act; and
Activities and communications of employees working in the payroll, accounting, human resources, and financial departments of the plan sponsor or its affiliated business who routinely develop reports and recommendations for the company and other named fiduciaries of the sponsors’ plans if the employees receive no fee or other compensation in connection with any such recommendations beyond their normal compensation for work performed for their employer.

New Prohibited Transaction Exemptions Published With Rule

Concurrent with its publication of the Rule, EBSA also is adopting the following new “Prohibited Transaction Exemptions to the otherwise applicable statutory list of prohibited conflict of interest transactions in ERISA Section 406 and the companion rules of the Internal Revenue Code (Code) applicable to qualified retirement plans.

Noncompliance with the Rule, including where necessary to avoid violating ERISA Section 406’s prohibited transaction prohibitions, by parties providing covered investment advice or the engagement or retention of such a service provider by an employer or other party exercising or with responsibility or authority to make that engagement carriers big legal risk. Advisers and financial institutions that don’t meet the BICE standards and other requirements of the Rule expose themselves to liability from breach of fiduciary duty claims under ERISA brought by ERISA plans, participants, and beneficiaries or in the case of IRAs or other non-ERISA plans, state law breach of contract or other state law claims brought by IRAs and other non-ERISA plans or accountholders. Likewise an employer, member of its management or other party responsible for or having authority to choose the service provider risks breaching its own fiduciary duties under ERISA by engaging a party that renders covered investment advice without complying with the Rule. In addition, to the extent that the engagement or activities of the service provider involves commission compensation payments, swaps or other activities that would constitute a prohibited conflict of interest under ERISA Section 406 not structured and conducted with an applicable prohibited transaction exemption, both the service provider and the fiduciary could bear personal liability for involving the plan or its assets in a prohibited transaction in violation of ERISA Section 406. For this reason, to help positions themselves to mitigate or defend against liability for such potential claims, advisors generally should take steps to ensure that the advisor can prove the advisor acted in their clients’ best interest by documenting their use of a reasonable process and adherence to professional standards in deciding to make the recommendation and determining it was in the customer’s best interest, and by documenting their compliance with the financial institution’s policies and procedures required by the Best Interest Contract Exemption.

“Best Interest Contract Exemption” (BICE)

ERISA and the Internal Revenue Code rules for qualified retirement plans generally prohibit individuals or entities providing fiduciary investment advice to plan sponsors, plan participants, and IRA owners to receive payments creating any of the listed statutory conflicts of interest listed in ERISA or the Code without a prohibited transaction exemption (PTE), employee benefit plan sponsors, benefit plan committees and other fiduciaries, and the broker-dealers, financial advisors, insurance agents and other plan service providers providing covered investment services to employee benefit plans also need to ensure that their compensation is structured to ensure that the compensation and other arrangements do not violate these prohibited transaction and conflict of interest prohibitions of the Code and ERISA, ERISA’s reasonable compensation rules, or the other requirements of ERISA.

Concerning ERISA Section 406’s party-in-interest and other conflict of interest requirements, EBSA issued in conjunction with its publication of the Rule a new “Best Interest Contract Exemption” (BICE), which provides a prohibited transaction exception that permits the payment of commission-based compensation to fiduciary investment advisors as long as the conditions specified in the BICE are met. Among other things, the BICE requires as a condition of the applicability of this exception that:

The financial institution to acknowledge in writing fiduciary status for itself and its advisers;
The financial institution and advisers to adhere to ERISA’s basic standards of impartial conduct, including giving prudent advice that is in the customer’s best interest, avoiding making misleading statements, and receiving no more than reasonable compensation;
The financial institution to have policies and procedures designed to mitigate harmful impacts of conflicts of interest; and
The financial institution to disclose specified information about their conflicts of interest and the cost of their advice.

The specified disclosures required to meet the conditions of the BICE include:

Descriptions of material conflicts of interest;
Descriptions of fees or charges paid by the retirement investor
A statement of the types of compensation the firm expects to receive from third parties in connection with recommended investments;
Notification that investors have the right to obtain specific disclosure of costs, fees, and other compensation upon request; and
A requirement that a website must be maintained and updated regularly that includes information about the financial institution’s business model and associated material conflicts of interest, a written description of the financial institution’s policies and procedures that mitigate conflicts of interest, and disclosure of compensation and incentive arrangements with advisers, among other information. However, the BICE currently does not require that the website include individualized information about a particular adviser’s compensation.

Noncompliance with the Rule by parties providing covered investment advice or the engagement or retention of such a service provider by an employer or other party exercising or with responsibility or authority to make that engagement carriers big legal risk. Advisers and financial institutions that don’t meet the BICE standards and other requirements of the Rule expose themselves to liability from breach of fiduciary duty claims under ERISA brought by ERISA plans, participants, and beneficiaries or in the case of IRAs or other non-ERISA plans, state law breach of contract or other state law claims brought by IRAs and other non-ERISA plans or accountholders. Likewise an employer, member of its management or other party responsible for or having authority to choose the service provider risks breaching its own fiduciary duties under ERISA by engaging a party that renders covered investment advice without complying with the Rule. In addition, to the extent that the engagement or activities of the service provider involves commission compensation payments, swaps or other activities that would constitute a prohibited conflict of interest under ERISA Section 406 not structured and conducted with an applicable prohibited transaction exemption, both the service provider and the fiduciary could bear personal liability for involving the plan or its assets in a prohibited transaction in violation of ERISA Section 406. For this reason, to help positions themselves to mitigate or defend against liability for such potential claims, advisors generally should take steps to ensure that the advisor can prove the advisor acted in their clients’ best interest by documenting their use of a reasonable process and adherence to professional standards in deciding to make the recommendation and determining it was in the customer’s best interest, and by documenting their compliance with the financial institution’s policies and procedures required by the Best Interest Contract Exemption.

Principle Transactions Exemption

The “Principal Transactions Exemption” published in connection with the Rule provides an exemption from the prohibitions of ERISA Section 406 to allow investment advice fiduciaries to sell or purchase certain recommended debt securities and other investments out of their own inventories to or from plans and IRAs where the requirements of the Exemption are met. As with the Best Interest Contract Exemption, the Principle Transaction Exemption requires, among other things, that investment advice fiduciaries adhere to certain impartial conduct standards, including obligations to act in the customer’s best interest, avoid misleading statements, and seek to obtain the best execution reasonably available under the circumstances for the transaction.

Existing PTE For Fixed Rate Annuity Contracts

In connection with its adoption of the Rule, EBSA also is amending existing exemption, PTE 84-24, which provides relief for insurance agents and brokers, and insurance companies, to receive compensation for recommending fixed rate annuity contracts to plans and IRAs. As amended in connection with the Rule, the requirements of PTE 84-24 are modified to provide increased safeguards for retirement investors while still providing “more streamlined conditions” than those required to meet the Best Interest Contract Exemption. Consistent with its enthusiasm for encouraging the offering and adoption of life time income products to retirees over the past several years, EBSA says these more streamlined conditions of PTE 84-24 are appropriate to “facilitate access by plans and IRAs to these relatively simple lifetime income products.” More complex products, such as variable annuities and indexed annuities, will be able to be recommended by advisers and financial institutions under the terms of the Best Interest Contract Exemption.

Other PTE Exemptions Modified To Raise Requirements

The Department is amending other existing exemptions, as well, to ensure that plan and IRA investors receiving investment advice are consistently protected by impartial conduct standards, regardless of the particular exemption upon which the adviser and the fiduciary engaging that advisor intend to rely upon to avoid violating of ERISA 406.

While the compliance deadline for the new Rule is not until April 8, 2017, the relief from ERISA Section 406 offered by the new Exemptions announced in connection with the Rule’s publication generally became available when EBSA published them in connection with the Rule on April 8, 2016. As this relief could provide helpful protection against fiduciary challenges or exposures that some service providers might already face under already existing fiduciary precedent or guidance, many service providers involved in dealings with plan or IRA investments may wish to take steps to position themselves to claim protection under one of these new PTE Exemptions even before the Rule takes effect. When evaluating this option, some service providers should be aware of the availability of transitional relief that may make it easier for some service providers to claim relief under the new BICE or Principal Transactions Exemption between April 8, 2017 and January 1, 2018 (Transition Period). In addition, parties that contemplate wishing to take advantage of the relief offered by the new BICE or Principal Transactions Exemption may benefit from taking advantage of reduced requirements for meeting these conditions during the phase in Transition Period. During this Transition Period, EBSA still will require firms and advisers to adhere to the Exemptions’ impartial conduct standards, provide a notice to retirement investors that, among other things, acknowledges their fiduciary status and describes their material conflicts of interest, and to designate a person responsible for addressing material conflicts of interest and monitoring advisers’ adherence to the impartial conduct standards; however compliance with certain other requirements is waived until January 1, 2018. Of course, full compliance with all requirements of the applicable Exemptions will be required as of January 1, 2018.

Rule Requires Action By Plan Sponsors, Fiduciaries & Service Providers

The new Rule creates lots of new work both for advisors and other service providers in, as well as plan sponsors, plan administrative committees or other fiduciaries responsible for selection, retention and oversight of those providing these services. All such parties have much to do to fulfill their ERISA responsibilities by the April 8, 2017 deadline for compliance with the new Rule and to deal with other likely fallout from the new Rule.

Fallout for Covered Investment Advisors & Other Service Providers

Clearly, advisors, financial institutions and other service providers providing covered investment advice and others with involvement with investments or investment platforms have much work to do to prepare for the new rule. However, compliance with the Rule is not merely a service provider problem. Employer or other plan sponsors, plan fiduciaries or other responsible for the credentialing, selection, retention, and oversight of service providers dealing with investments also need to ensure that the party or parties responsible for these vendor dealings fulfills its own fiduciary responsibilities in dealing with vendors and service providers that may be impacted by these requirements.

Advisers and financial institutions that don’t meet the requirements of the new Rule expose themselves to liability from breach of fiduciary duty claims under ERISA brought by ERISA plans, participants, and beneficiaries or in the case of IRAs or other non-ERISA plans, state law breach of contract or other state law claims brought by IRAs and other non-ERISA plans or accountholders. Obviously, advisors, financial institutions and other service providers providing advice or having dealings or involvement with IRA or employee benefit plan investments, their selection or administration will want to review and update their relationships and their associated compensation, contracts, disclosures and other arrangements and processes in light of the new Rule. Clearly, those that could be considered to offer or provide covered investment advice need to start revising contracts, compensation, policies, practices and other arrangements in anticipation of the Rule. At the same time, the Rule also is likely to create work for certain service providers with involvement or dealings with investments that the service provider considers to fall outside of the Rule:

To respond to changes in client requests for proposals, contracts or other due diligence in response to the Rule;
To respond to changes in response to the Rule by covered investment advisors to reconfigure services, relationships and contracts in response to the Rule;
To clarify and institutionalize and document communications by the uncovered service provider to clients and others of limits on the service provider’s services and capacity that are necessary or helpful to avoid or limit exposure of the service provider to coverage by or claims of liability arising out of the Rule; and/or
Otherwise.

Fallout For Plan Sponsors & Plan Fiduciaries Selecting & Overseeing Service Providers

Employer or other plan sponsors, plan fiduciaries or other responsible for the credentialing, selection, retention, and oversight of service providers dealing with investments also need to anticipate and be prepared to deal the effects of adoption of the Rule on their responsibilities and risks as they relate to the selection, retention, contracting, compensation and other dealings with service providers impacted by the Rule.

The Rule’s explicit designation as fiduciaries of certain service providers that previously may have been characterized as providing services as non-fiduciaries, much less its tightening of requirements for the investment advisors that are covered fiduciaries, creates a host of new responsibilities and considerations for employers sponsoring plans and its members of management that select, retain, contract with and oversee these service providers.

Under ERISA, parties designated in writing or function exercising discretionary authority or responsibility for the selection, retention, compensation and oversight of fiduciary or other service providers generally are considered fiduciaries for purposes of carrying out these responsibilities and bear personal liability for prudently selecting, retaining and monitoring the service provider in accordance with ERISA.

To fulfill this fiduciary obligation, those involved in selecting and retaining investment advisors covered by the rules should expect to bear responsibility for ensuring that the covered investment advisor is engaged in compliance with the Rule and the otherwise applicable requirements of ERISA, including that the engagement and compensation of the selected investment advisor will not involve the plan or its assets in a prohibited conflict of interest listed in ERISA Section 406. Furthermore, failing to ensure that the engagement of an investment advisor does not violate these conflict of interest rules also exposes a sponsoring employer of a qualified plan to excise tax liability under the Code’s companion party-in-interest rules applicable to such plans.

Accordingly, whether the employer itself retains and directly exercises the discretionary authority to select and retain a service provider or appoints a committee or member of its staff to perform these responsibilities as a designated fiduciary, an accurate understanding of which service providers, taking into account the rule, now will be considered fiduciaries and the requirements of the Rule flowing from this status is essential to understand and make appropriate provisions to ensure that proper steps are taken to ensure that the Rule and ERISA’s other requirements for prudent credentialing, bonding, contracting, compensation, and other dealings with the service provider and to budget for the proper conduct of the activities needed to fulfill these obligations.

In light of these and other exposures and obligations, employer and other plan sponsors, plan fiduciaries and plan service providers alike all should start preparing to respond to the new Rule.

To help positions themselves to mitigate or defend against liability for such potential claims, each party generally will want to take prudent and well-documented steps to evaluate the fiduciary status of each applicable service provider, as well as its own fiduciary status, capacity, responsibility and other exposures in light of the new Rule. Since ERISA fiduciary status attaches functionally based on the functional facts and circumstances, sponsoring employers, as well as service providers generally will want to consider taking appropriate steps to document this analysis and other compliance and risk management efforts to avoid violations of the Rule, as well as to position themselves to defend against other claims and liabilities.

In all cases, each impacted party should make an effort to apply and retain evidence documenting its efforts including, in the case of all service providers, whether or not covered investment advisors under the Rule, their efforts to act in their clients’ best interest by documenting their use of a reasonable process and adherence to professional standards in deciding to make the recommendation and determining it was in the customer’s best interest, and by documenting their compliance with the financial institution’s policies and procedures and applicable requirements of the law.

About The Author

Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Group Chair, past Welfare Benefit Committee Chair, and Current Defined Contribution Plan Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, a past ABA Joint Committee on Employee Benefits Council Representative Cynthia Marcotte Stamer is a practicing attorney, regulatory and public policy advocate, author, lecturer and industry and public policy thought leader recognized as a “Top” attorney in employee benefits, labor and employment and health care law for her more than 28 years’ of leading edge experience nationally and internationally providing practical and effective advice and representation to management.

Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management understand and use the law and process to manage people, performance, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative and pragmatic problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

As a key part of this work, Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements.

She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. In these and other engagements, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.

Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. In the course of this work, Ms. Stamer has accumulated an impressive resume of more than 28 years’ of experience advising and representing clients on Title I and other ERISA fiduciary responsibility concerns including assisting and advising plan sponsors, plan fiduciary and plan service providers to design and administer fiduciary and other compliance and risk management policies and practices, conducting investigations of potential fiduciary or other breaches, and serving as special counsel, advising and representing these and other clients in connection with EBSA, IRS, SEC and other governmental audits, investigations and enforcement actions; in private disputes and litigation regarding plan investments or other fiduciary concerns between plan participant and beneficiaries, plans, plan fiduciaries, plan sponsors and plan service providers; or both.

Ms. Stamer also is deeply involved in helping to influence health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. Deeply involved in both U.S. statutory and regulatory pension and health care reform throughout her career, Ms. Stamer both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas. She also works as a policy advisor and advocate to health plans, their sponsors, administrators, insurers and many other business, professional and civic organizations.

Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see www.cynthiastamer.com, or http://www.stamerchadwicksoefje.com the member of contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc. ™ resources at www.solutionslawpress.com such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press. All other rights reserved.

Comments Off on Final Investment Advice Fiduciary Rules Mean Work For Employers, Fiduciaries & Advisors | 401(k), Banking, board of directors, Brokers, compensation, compliance, Consumer Protection, Corporate Compliance, corporate governance, defined benefit plan, defined contribution plan, directors, EBSA, Employee Benefits, Employer, Employers, Employment, ERISA, Excise Tax, Excise Taxes, fiduciary duty, Fiduciary Responsibility, HR, Human Resources, insurers, Internal Controls, Internal Investigations, Internal Revenue Code, IRC, Tax, Tax Qualification, Uncategorized | Tagged: benefit plan, conflict of interest, conflict of interest rule, employee benefit plan, Employee Benefits, Employer, ERISA, Fiduciary, Fiduciary Responsibility, investment advice, investment advisor, plan, prohibited transaction | Permalink
Posted by Cynthia Marcotte Stamer

Health Plans, Sponsoring Employers & Others Urged To Act Immediately In Response To Premera, Anthem Blue Cross Breaches

March 17, 2015

Today’s report by Premera Blue Cross of a massive data breach affecting as many as 11 million customers’ personal health and financial information on the heels of the large-scale data breach announcement by fellow Blue Cross Association, Anthem, is another reminder that employers and other health plan sponsors, fiduciaries, insurers specifically, and U.S. businesses generally should immediately assess and tighten up their privacy, data security and data breach compliance and risk management to fulfill applicable legal mandates and to strengthen defenses against resulting liabilities and member backlash likely to arise from these or future breaches.

Notice of the Premera and Anthem breaches are likely to trigger obligations for health plans and their sponsoring employers or unions, administrators, insurers, and other vendors and service providers to take immediate steps to conduct documented investigations, take corrective action and provide breach notifications the Privacy, Security and Breach Notification rules of the Health Insurance Portability & Accountability Act require health plans and their business associates to provide in response to notice of a breach. Depending on the scope and nature of data affected and their involvement with the affected plans, employer or other plan sponsors, fiduciaries, administrators and service providers also may be subject additional responsibilities under applicable contracts and policies, the fiduciary responsibility requirements of the Employee Retirement Income Security Act of 1974 (ERISA), the Internal Revenue Code, and a host of other laws. Insurance industry or other vendors providing services to these plans also may face specific responsibilities under applicable insurance, health care, federal or state identity theft, privacy or data security, or other federal or state laws. See, e.g., Restated HIPAA Regulations Require Health Plans To Tighten Privacy Policies And Practices; Cybercrime and Identity Theft: Health Information Security Beyond; HIPAA Compliance & Breach Data Shares Helpful Lessons For Health Plans, Providers and Business Associates.

The need for prompt assessment and action is not necessarily limited to health plans and organizations sponsoring, administering or doing business with the plans involved in the Premera or Anthem breaches. The occurrence of these breaches arguably raises the questions about the adequacy of the safeguards, practices and policies of other health plans and insurers, their sponsors and fiduciaries, insurers, administrators and other vendors. places other health plans. Health plans, their sponsors, fiduciaries, administrators, insurers and other vendors generally will want to make prudent documented inquiries about the adequacy of their health plan’s data security and privacy safeguards in anticipation of potential future breaches, audits or other scrutiny.

Beyond the specific health plan related concerns, most businesses also will want to consider the adequacy and defensibility of the data collection, use, disclosure, security and other practices affecting sensitive data within or on behalf of their organization. The report of these and other health plan breaches, as well recent reports of identity theft and other fraud impacting federal tax returns and other large data breach reports involving retailers and other prominent businesses are spurring recognition of the large risks and need for greater scrutiny and accountability to business collection, use, and protection of sensitive personal and other data.

Of course, as in the case of health plans, the risk is exploding largely in response to the continued evolution of electronic payment and other business operating systems coupled with the emergence of data harvesting and other capabilities. These new technologies and practices are fueling a host of new mandates, opportunities and risks for virtually every U.S. business. Cyber criminals seem to always be one step ahead of business and government in leveraging these emerging opportunities for their criminal purposes.

With everyone from the Internal Revenue Service and other federal and state government agencies to private business partners pushing to leverage the efficiencies and other opportunity of electronic transactions and data, businesses in the US and around the world increasing are encouraged if not required to conduct more and more transactions containing sensitive business and individual tax information, personal financial information, personal health information, trade secrets and other confidential business and personal information electronically. Meanwhile big data and other business and marketing gurus also encourage business to leverage their own opportunities to use data collected for these business mandates and expanding technology also to collect, use and repurpose customer, prospect or other business information collected in the course of business to benefit their business’ marketing, transactional and other opportunities.

As these practices take hold and expand, data breaches and other cyber crime events, the legal requirements and risks of collection and use of data also are growing. Privacy, identity theft and other cyber crime and other concerns have led federal and state lawmakers to enact an ever-growing list of notice, consent, disclosure, security and other laws and regulations including but not limited to the Fair & Accurate Credit Transaction Act (FACTA),the Gramm-Leach-Bliley Act, the HIPAA Privacy & Security Rules, state identity theft, data security and data breach and other electronic privacy and security laws and an ever-growing plethora of others.

As the cyber crime epidemic continues to grow and notorious breeches and schemes involving the Internal Revenue Service, Veterans Administration, retail giants like Target, Home Depot, and others, insurance giants like Anthem and Premera and others, government and private enforcement is rising and the judgments, penalties and other costs soaring even as federal and state regulators are looking at the need for expanded rules and penalties. See Cybercrime Enforcement Statistics; DOJ Enforcement Priorities & Statistics. In addition, widening data privacy and security concerns from these massive data breach reports also are prompting Congress and State regulatorsto consider the need for added reforms, see, McCaul to Hold Hearing on President’s Cybersecurity. In deed, even before news of the Premera breach broke, he Federal Trade Commission today announced plans to host a workshop on Nov. 16, 2015, to look at the privacy issues around the tracking of consumers’ activities across their different devices for advertising and marketing purposes.

While these and other legal and enforcement developments promise new liabilities and expenses, the business losses and customer and business partner implications experienced by Target, Anthem and other businesses already affected illustrate the severe business consequences that inevitably result if a business appears to have failed to take customer privacy or other data security concerns seriously.

The now notorious Target hacking data breach event is illustrative. Target reported in late 2013 that credit and debit card thieves stole the name, address, email address and phone number from the credit and debit card records of around 70 million Target shoppers between November 27 and December 15, 2013. After announcing the breach, Target reported a 46% drop in profits in the fourth quarter of 2013, compared with the year before despite having announced plans to invest $100 million upgrading their payment terminals to support Chip-and-PIN enabled cards and millions of dollars more in rectification efforts. See The Target Breach, By the Numbers. Subsequently, Target’s losses have continued to mount even as it now faces lawsuits and other enforcement actions as a result of the breach. See Banks’ Lawsuits Against Target for Losses Related to Hacking Can Continue. Meanwhile, the enforcement and other fallout continues to evolve.

While businesses generally need to tighten their defenses and compliance, health plans, their sponsors, fiduciaries, administrators and vendors have specific obligations that require immediate, well-documented action when an actual or potential breach happens. The Privacy, Security and Breach Notification requirements of HIPAA require that health plans adopt specific policies and maintain and administer specific safeguards to prevent and respond to breaches of protected health information. In the event of a breach, these rules require that the health plan, usually acting through its fiduciaries, and affected service providers that qualify as business associates both investigate and redress the breach, as well as provide specific notification as soon as possible and usually no later than 30 days after the health plan knows or has reason to know of the breach. Significant civil and even criminal penalties can apply if a health plan, health insurer or its business associate fails to fulfill these obligations.

Beyond the specific requirements of HIPAA, employers and other plan sponsors and others involved in the maintenance and administration of the health plan or the selection and oversight of its vendors often may have other less-realized responsibilities. As health plan data often includes payroll and other tax data, employers, the health plans and other parties involved also may have specific responsibilities under the Internal Revenue Code or other laws. To the extent that the plan sponsor or another party is named as the plan administrator or otherwise exercises discretion and control over the selection of the insurer or other plan vendor or other plan operations, the fiduciary obligations of ERISA also may require a prudent investigation and other action to meet fiduciary obligations of ERISA. Brokers, insurers, third party administrators, preferred provider organizations or other managed care providers and others doing business with the health plan also may have specific responsibilities under state insurance, health care, data breach and identity theft or other laws. Under the provisions of most of these laws, leaving it to the insurer or other vendor involved in the breach generally will not suffice to fulfill applicable legal responsibilities, much less allay the fears of plan members, employees, health care providers and others involved with the health plan.

In the face of these developments, health plans and their sponsors, fiduciaries and others working with them must take immediate action in response to the breaches reported. Along with these specific health plan related responses, businesses also should the adequacy and defensibility of their current overall data collection, use and security practices while remaining ever vigilant for new requirements, as well as weaknesses in their own practices. Health plans specifically and businesses generally need to build their defenses in anticipation of these events both to withstand government and private litigation and enforcement, and to survive the harsh judgment of public opinion.

For Help With Risk Management, Compliance & Other Management Concerns

If you need assistance in responding to a health plan breach concern or with auditing or assessing, updating or defending your organization’s compliance, risk management or other internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469) 767-8872.

Scribe for the ABA JCEB Annual Agency Meeting with the Office of Civil Rights, a faculty and steering committee for the Southern California ISSA-HIMSS Health Care Privacy Program, Board Certified in Labor & Employment Law, a Fellow in the American College of Employee Benefits Counsel recognized as a “Top 100” lawyer in labor and employment, employee benefits and health care law, Ms. Stamer is nationally recognized for her work, publications, public speaking and education and other leadership on privacy and data security and other risk management and compliance.

A management attorney who works with businesses and government to manage and redress people, process and risk, Ms. Stamer has worked extensively on data and other privacy risk management and compliance, Throughout her career, she has conducted investigations and advised, and assisted health care, insurance, retail and a broad range of other public and private organizations with privacy and data security audit and risk management, contracting, investigation, defense and remediation throughout her more than 25 year career.

Past Chair and of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, current Co-Chair of the RPTE Welfare Benefit Committee and Vice Chair of the ABA TIPS Employee Benefits Committee, Ms. Stamer works, publishes and speaks extensively on cyber crime and other privacy, management, reengineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other concerns and regularly speaks and conducts training on these matters.Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the ABA, Insurance Thought Leadership, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications.

As part of her extensive involvements in privacy and data security concerns, Ms. Stamer will be among the panelists discussing “Fiduciary Obligations In the Context of a Data Breach” conference call to be hosted on April 2, 2015 by Fiduciary Responsibility Committee of the American Bar Association (ABA) Real Property Probate and Estate Section Employee Benefits & Other Compensation Group. During the program, Ms. Stamer and other panelists will discuss the quagmire of fiduciary legal and operational challenges that data breach announcements by health plan vendors and insurers present for employer and union-sponsored health plan fiduciaries and health plans. She also will serves as the scribe for the upcoming ABA Joint Committee On Employee Benefits Annual Agency Meeting with the Federal agency that enforces HIPAA, the Office of Civil Rights, and 2014 Conference Chair and steering committee and faculty member of the Southern California ISSA/HIMSS Healthcare Privacy & Security Summit scheduled for June 4, 2015 in Los Angeles.

For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly. For information about participation in the April 2 Conference Call or joining the Committee, see here.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.

1 Comment | Claims Administration, Data Security, Employers, ERISA, Fiduciary Responsibility, Health Plans, HIPAA, Insurance, Internal Controls, Internal Investigations, Reporting & Disclosure | Tagged: Anthem, Data Breach, HIPAA, Personal Health Information, PHI, Premera | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Kicks Off Dallas HR 2015 Monthly Lunch Series With 2015 Federal Legislative, Regulatory & Enforcement Update

November 10, 2014

Human resources and other management leaders are watching Washington to see if the change in Congressional control resulting from the November 4, 2014 mid-term election ushers in a more management friendly federal legal environment. Since President Obama took office, the Democrats aggressive pursuit of health care, minimum wage and other federal pro-labor legislation, regulations and enforcement has increased management responsibilities, costs and liabilities.

Nationally recognized management attorney, public policy advisor and advocate, author and lecturer Cynthia Marcotte Stamer will help human resources and other management leaders prepare for 2015 when she speaks on “2015 Federal Legislative, Regulatory & Enforcement Update: What HR & Benefit Leaders Should Expect & Do Now” at the 2015 Dallas HR monthly luncheon series kickoff meeting on January 13, 2014.

About The Program

While November 4, 2014 Republican election victories gave Republicans a narrow majority in both the House and Senate when the new Congress takes office January 3, 2015, the new Republican Majority may face significant challenges delivering on their promises to move quickly to enact more business-friendly health care, guest worker, tax and other key reforms Republicans say will boost the employment and the economy.

While President Obama and Democrat Congressional leaders say they plan to work with the new majority, President Obama already is threatening to use vetoes, regulations and executive orders to block Republicans from obstructing or rolling back his pro-labor policy and enforcement agenda. When the new Congress takes office, the narrowness of the Republican Majority in the Senate means Republicans can’t block a Democratic filibuster or override a Presidential veto without recruiting some Democratic support.

As the Democrats and Republicans head into battle again, Board Certified Labor & Employment attorney and public policy advocate Cynthia Marcotte Stamer will help human resources and other management leaders get oriented for the year ahead by sharing her insights and predictions on the legislative, regulatory and enforcement agendas that HR, benefit and other business leaders need to plan for and watch in 2015. Among other things, Ms. Stamer will:

Discuss how management can benefit from monitoring and working to influence potential legislative, regulatory and enforcement developments when planning and administering HR and related workforce policies;
Discuss the key workforce and other legislative, regulatory and enforcement priorities and proposals Democrats and Republicans plan to pursue during 2015;
Share her insights and predictions about how the narrow Republican majority, Mr. Obama’s lame duck presidency and other factors could impact each Party’s ability to pursue its agenda
Share tips management leaders can use to help monitor developments and to help shape legislation, regulation and enforcement through Dallas HR, SHRM and other organizations as well as individually;
Learn tips for anticipating and maintaining flexibility to respond to legislative, regulatory and enforcement developments; and
More

To register or get more details about the program, DallasHR, or both, see http://www.dallashr.org.

About Ms. Stamer

Board certified labor and employment attorney, public policy leader, author, speaker Cynthia Marcotte Stamer is nationally and internationally recognized and valued for her more than 25 years of work advising and representing employers, insurers, employee benefit plans, their fiduciaries and advisors, business and community leaders and governments about workforce, employee benefits, social security and pension, health and insurance, immigration and other performance and risk management, public policy and related regulatory and public policy, management and other operational concerns.

Throughout her career, Ms. Stamer continuously both has helped businesses and their management to monitor and respond to federal and state legislative, regulatory and enforcement concerns and to anticipate and shape federal, state and other laws, regulations, and enforcement in the United States and internationally.

Well known for her leadership on workforce, health and pension policy through her extensive work with clients as well as through her high profile involvements as the Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment, a founding Board member of the Alliance for Health Care Excellence, a Fellow in the American College of Employee Benefit Counsel, the American Bar Association (ABA), and the State Bar of Texas leadership and other involvements with the ABA including her annual service leading the annual agency meeting of Joint Committee on Employee Benefits (JCEB) representatives with the HHS Office of Civil Rights and participation in other JCEB agency meetings, past involvements with legislative affairs for the Texas Association of Business and Dallas HR and others, and many speeches, publications, and other educational outreach efforts, Ms. Stamer has worked closely with Congress and federal and state regulators on the Patient Protection & Affordable Care Act and other health care, pension, immigration, tax and other workforce-related legislative and regulatory reforms for more than 30 years. One of the primary drafters of the Bolivian Social Security reform law and a highly involved leader on U.S. workforce, benefits, immigration and health care policy reform, Ms. Stamer’s experience also includes working with U.S. and foreign government, trade association, private business and other organizations to help reform other countries’ and U.S. workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Ms. Stamer also contributes her policy, regulatory and other leadership to many professional and civic organizations including as Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the American Bar Association RPTE Employee Benefits & Other Compensation Committee and its current Welfare Benefit Plans Committee Co-Chair, a Substantive Groups & Committee Member; a member of the leadership council of the ABA Joint Committee on Employee Benefits; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; the current Vice Chair of the ABA TIPS Employee Benefit Committee, and the past Coordinator of the Gulf Coast TEGE Council TE Division.

The publisher and editor of Solutions Law Press, Inc. who serves on the Editorial Advisory Boards of Employee Benefit News, HR.com, InsuranceThoughtLeadership.com and many other publications, Ms. Stamer also is a prolific and highly respected author and speaker, National Public Radio, CBS, NBC, and other national and regional news organization, Atlantic Information Services, The Bureau of National Affairs, HealthLeaders, Telemundo, Modern Healthcare, Business Insurance, Employee Benefit News, the Employee Benefits News, World At Work, Benefits Magazine, InsuranceThoughtLeadership.com, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, CEO Magazine, CFO Magazine, CIO Magazine, the Houston Business Journal, and many other prominent news and publications. She also serves as a planning faculty member and regularly conducts training and speaks on these and other management, compliance and public policy concerns for these and a diverse range of other organizations. For additional information about Ms. Stamer, see www.cynthiastamer.com.

For Added Information and Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

For Help Or More Information

If you need assistance in auditing or assessing, updating or defending your organization’s compliance, risk manage or other internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping employers and other management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend union-management relations, wage and hour, discrimination and other labor and employment laws, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, reengineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters.Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see hereor contact Ms. Stamer directly.

About Solutions Law Press

Comments Off on Stamer Kicks Off Dallas HR 2015 Monthly Lunch Series With 2015 Federal Legislative, Regulatory & Enforcement Update | 105(h), ACA, ADA, Affirmative Action, Affordable Care Act, Bankruptcy, Cafeteria Plans, Child Labor, CHIP, Civil Rights, Claims Administration, COBRA, compensation transparency, Corporate Compliance, Defined Benefit Plans, Defined Contribution Plans, Disability, Disability, Disability Plans, Discrimination, Disease Management, Drug & Alcohol, E-Verify, EEOC, EEOC, Employee Benefits, Employers, Employment Agreement, Employment Tax, ERISA, ESOP, Excise Tax, Executive Compensation, family leave, Fiduciary Responsibility, FMLA, GINA, Government Contractors, Health Care Reform, Health Plans, HIPAA, Human Resources, I-9, Immigration, Income Tax, Insurance, Internal Controls, Internal Investigations, Labor Management Relations, Leave, medical leave, Mental Health, Mental Health Parity, MEWA, Military Leave, Non-Compete, Non-Competition Agreement, Nonresident aliens, OFCCP, OSHA, Patient Protection and Affordable Care Act, Payroll Tax, Preemption, Premium Subsidies, Prescription Drugs, Privacy, Professional Liability, Protected Health Information, Public Policy, Rehabilitation Act, Reporting & Disclosure, Restructuring, Retaliation, Retirement Plans, Risk Management, Safety, Sexual Harassment, Tax, Tax Credit, Telecommuting, Unemployment Benefits, Unemployment Insurance, Union, USERRA, VEVRRA, Wage & Hour, Wellness, Wellness Programs | Tagged: Administrative Simplification, CMS, Health Benefits, Health Insurance, Health insurers, Health Plans, HHS, HPID, HPOES, out-of-pocket maximum, TPAs | Permalink
Posted by Cynthia Marcotte Stamer

Plan’s Purchase of Company Stock Triggers $6.48 Million Award Against ESOP Sponsor, Shareholder, Board Members & Trustees

November 2, 2014

A $6.48 million judgment against Direct TV satellite television installer, Bruister and Associates Inc.(BAI) its sole owner, Herbert Bruister, and other trustees of two BAI-sponsored employee stock ownership plans shows plan sponsors and trustees involved in stock purchase transactions where employee stock ownership plans commonly referred to as “ESOPs” and other employee benefit plan buy or hold investments in the stock of plan sponsors or other related businesses the risks of failing to conduct the transactions to ensure that the transactions are prudently performed and otherwise conducted in compliance with the Employee Retirement Income Security Act (ERISA) fiduciary responsibility requirements.

BAI Lawsuit & Judgment Highlights

The BAI judgment stems from a Department of Labor lawsuit that charged BAI, along with BAI board members and plan trustees Bruister and Amy Smith, and plan trustee Jonda Henry engaged in prohibited transactions and breached other fiduciary duties under ERISA by causing the plans to purchase 100 percent of BAI’s shares for $24 million in three sales transactions conducted between December 2002 to December 2005.

According to court documents, Bruister, Smith and Henry, as plan fiduciaries, engaged in prohibited transactions by causing the plans to pay excessive prices for BAI stock purchased from Bruister. For each purchase, the Labor Department charged the fiduciaries used flawed valuations prepared by Matthew Donnelly and his firm, Business Appraisal Institute.

The court also found that the three fiduciaries breached their duty of loyalty from start to finish. Additionally, Bruister and his attorney David Johanson went so far as to fire the initial attorney representing the plans because that attorney was too thorough. Moreover, the court found that Bruister and Johanson exercised undue influence over Donnelly’s valuations, and that as a result, Donnelly was not sufficiently independent to provide valuations for the plans.

The court concluded that Bruister, Henry and Smith, in their role as plan fiduciaries, failed to properly represent plan participants’ interests, and that they unreasonably relied on an appraiser who so obviously lacked independence. The court reasoned, “An informed trustee would not have remained idle while the seller communicated directly with the employee stock ownership trust’s independent appraiser and financial advisor to elevate the price at the participants’ expense.”

Although Johanson was not a fiduciary, the court found his conduct worthy of comment because he both was the attorney for the seller and structured each sale. The court noted that Johanson attempted to influence the valuations in Bruister’s favor, and the testimony Johanson gave at trial did not support his denials. The court even noted that Johanson coached Donnelly during a break in his deposition to retract his testimony that Johanson represented Bruister individually. “History rebuts Johanson’s suggestion that he did not interfere with Donnelly’s valuations and raises doubts as to each of the subject transactions,” the court said.

The order requires Bruister, Smith and Henry to jointly pay $4.5 million in restitution to the plans and requires Bruister to pay an additional $1.98 million in prejudgment interest. The order also held Bruister Family LLC liable with all defendants for $885,065 and jointly liable with Bruister for $390,604.

Company Stock Investments Carry Special ERISA Risks

Purchases of company stock by an ESOP or other employee benefit plan can create a wide range of risks under ERISA’s fiduciary responsibility rules. When making investment or other decisions under an employee benefit plan, the general fiduciary duty standards of ERISA § 404 generally require plan fiduciaries to act prudently and solely in the interest of participants and beneficiaries. Meanwhile, except in certain narrow circumstances and subject to fulfillment of ERISA § 404, the prohibited transaction rules of ERISA § 406 among other things prohibits plan fiduciaries from causing the plan to engage in a transaction, if he knows or should know that such transaction is a direct or indirect:

Sale or exchange, or leasing, of any property between the plan and a party in interest;
Furnishing of goods, services, or facilities between the plan and a party in interest;
Transfer to, or use by or for the benefit of a party in interest, of any assets of the plan; or
Acquisition, on behalf of the plan, of any employer security or employer real property in violation of section 1107 (a) of this title.

As for all plan investment transactions, detailed, unbiased valuation documentation showing the prudence of any decision to invest or hold the investments of the plan in company stock is critical when determining the initial purchase or sale prices for plan transactions involving company stock. Since the sponsoring company is a party-in-interest of the plan, holding, must less using plan assets to purchase company stock or other activities resulting in the inclusion of company stock among the plan assets held by the plan creates presumptions of impropriety that impose higher than usual burdens upon the plan, its sponsor and fiduciaries to prove the appropriateness of the transaction. See e.g., Pfeil v. State Street Bank & Trust Co., 671 F.3d 585 (6th Cir. 2012). As ESOP transactions to purchase company stock inherently require a host of complicated party-in-interest and other conflict of interest concerns, these risks are particularly heightened. Employee benefit plans, their fiduciaries and sponsors the need to continuously and prudently conduct documented monitoring and evaluations evaluate and monitor the investment of plan assets in company stock,the analysis and decisions about whether to continue to keep and offer this stock under the plan, as well as the qualifications, credentials and conduct of the fiduciaries and others empowered to influence these decisions. The Labor Department’s statement in announcing the Parrot litigation sums up the messages from these cases. “Plan officials are required by law to manage the ESOP in a careful, prudent manner and to act solely to benefit the plan’s participants,” said Jean Ackerman, director of the Employee Benefit Security Administration’s (EBSA’s) San Francisco Regional Office, which. “This action underscores the department’s commitment to protect the benefits that employers promise to their employees.”

In light of these exposures, plan fiduciaries, sponsors and their management, service providers and consultants participating in these activities need to both act with care and carefully document their actions to position to defend potential challenges.

Plans, their sponsors and fiduciaries also should ensure that appropriate steps are taken in selecting the fiduciaries, management and service providers responsible for administering or overseeing the administration of their plans, the selection of vendors, and other critical details. Appropriate background checks and other credentialing should be done both at commencement and periodically. Bonding and fiduciary liability insurance should be arranged and reviewed periodically along with their activities. Documentation of these and other steps should be carefully created and preserved.

When and if a change in stock value or other event that could compromise the investment occurs, consideration should be given as to the responsibilities that such events create under ERISA. As company leaders often have dual responsibilities to both the company and the plan, it is important that the company sponsoring the plan, its management and owners learn in advance how these responsibilities impact each other so that they are aware of the issues and have a good understanding of responsibilities and options as situations evolve.

Businesses and business leaders that fail to conduct and maintain the necessary evidence that these requirements are met when involving the plan in these transactions risk significant liability.

“Plan fiduciaries have an obligation to work solely in the interest of plan participants,” said Assistant Secretary of Labor for Employee Benefits Security Phyllis C. Borzi.in the Labor Department’s October 31, 2014 announcement of the judgment. “When they fail to do so, the retirement security of workers is put in jeopardy, and we will take action to make plan participants whole.”

For Help or More Information

If you need help reviewing and updating, administering or defending your employee benefit, human resources, insurance, health care matters or related documents or practices to monitor or respond to evolving laws and regulations, drafting or administering programs, resolving or defending audits, investigations or disputes or other employee benefit, human resources, safety, compliance or risk management concerns, please contact the author of this update, Cynthia Marcotte Stamer.

About Ms. Stamer

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns see here or contact Ms. Stamer via telephone at 469.767.8872 or via e-mail to cstamer@solutionslawyer.net.

About Solutions Law Press

Comments Off on Plan’s Purchase of Company Stock Triggers $6.48 Million Award Against ESOP Sponsor, Shareholder, Board Members & Trustees | ADA, Bankruptcy, Corporate Compliance, Defined Contribution Plans, Employee Benefits, Employers, ERISA, ESOP, Excise Tax, Fiduciary Responsibility, Human Resources, Internal Controls, Internal Investigations, Retirement Plans, Tax, Tax Qualification | Tagged: 404, 406, defined benefit plan, Employer, ERISA, ESOP, exclusive benefit, Fiduciary Responsibility, Human Resources, pension plan, plan qualification, profit sharing plan, prohibited transaction, Prudence, Retirement Plans, Tax | Permalink
Posted by Cynthia Marcotte Stamer

Government Contractors Get More Time To Comment On Burdens Of OFCCP Proposed Compensation Transparency Disclosure Regs

November 2, 2014

The U.S. Department of Labor’s Office of Federal Contract Compliance Programs is giving employers that are government contractors and the subcontractors working with them more time to comment on for its proposed rule (Proposed Rule) requiring federal contractors and subcontractors to submit an annual Equal Pay Report on employee compensation to the OFCCP. The Proposed Rule is one of several proposed or adopted rules that the Obama Administration hopes will make it easier for federal regulators like OFCCP and private plaintiffs to identify potential violations of federal discrimination rules and enforce their rights under these and other rules.

Like many OFCCP rules promulgated by the Obama Administration in the post-Stimulus Bill era, the Proposed Rule both reaches many contractors that historically might not have been subject to these types of OFCCP reporting requirements and broadens the reporting obligations of government contractors under the OFCCP regulations. The Proposed Rule would apply to companies that file EEO-1 reports, with more than 100 employees, and hold federal contracts or subcontracts worth $50,000 or more for at least 30 days. Through the Equal Pay Report, OFCCP would be able to collect summary employee pay and demographic data using existing government reporting frameworks.

The Proposed Rule seeks to formally implement the directives of the presidential memorandum President Obama signed April 8 instructing the Labor Secretary to propose a rule to collect summary compensation data from federal contractors and subcontractors. The Labor Department originally published a notice of proposed rulemaking in the Federal Register on Aug. 8, with a deadline to submit comments by November. 6. Under an announcement published last week, OFCCP is extending the comment period until Monday, January 5, 2015.

The Proposed Rule is one of several rule changes proposed or adopted by OFCCP and other agencies under the Obama Administration that seek to expand federal oversight and enforcement of federal employment discrimination requirements. In addition to the Proposed Rule, for instance, the OFCCP on September 17, 2014 also recently proposed Proposed Transparency Rule that would prohibit federal contractors from maintaining pay secrecy policies. The Proposed Transparency Rule would prohibit federal contractors and subcontractors from firing or otherwise discriminating against any employee or applicant for discussing, disclosing or inquiring about their compensation or that of another employee or applicant and also will face other new obligations.

Like a similar rule put forth by the National Labor Relations Board, the Proposed Transparency Rule scheduled for publication in the Federal Register on September 17, 2014 would:

Amend the equal opportunity clauses in Executive Order 11246 to afford protections to workers who talk about pay to include the nondiscrimination provision in Executive Order 13665.
Add definitions for compensation, compensation information, and essential job functions, terms which appear in the revised clauses.
Provide that contractors could use against allegations of discrimination under Executive Order 13665 one of the following two defenses as long as that defense is not based on a rule, policy, practice, agreement or other instrument that prohibits employees or applicants from discussing or disclosing their compensation or that of other employees consistent with the provisions in the equal opportunity:
- That the action was based on a legitimate workplace rule that does not violate the transparency rule; or
- That the adverse action was against an employee, who the employer entrusted with confidential compensation information of other employees or applicants as part of his or her essential job functions, for disclosing the compensation of other employees or applicants, unless the disclosure occurs in certain limited circumstances; and
- the Proposed Rule’s compensation transparency requirement; or

Add a requirement that Federal contractors to tell employees and job applicants of the nondiscrimination protection created by Executive Order 13665 using specific language dictated by the OFCCP in handbooks and manuals, and through electronic or physical postings.
In addition, OFCCP also is considering requiring government contractors that provide manager training or meetings to include nondiscrimination based on pay in their existing manager training programs or meetings while encouraging other contractors to adopt this as a best practice for minimizing the likelihood of workplace discrimination.

The deadline for comment on that Proposed Transparency Rule is in December.

Government contractors or other businesses concerned about the potential burdens of compliance with either of these proposed rules should act promptly to review and submit comments within the comment period.

For Help With Investigations, Policy Updates Or Other Needs

If you need help in conducting a risk assessment of or responding to an IRS, DOL, Justice Department, or other federal or state agencies or other private plaintiff or other legal challenges to your organization’s existing workforce classification or other labor and employment, compliance, employee benefit or compensation practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469) 767-8872 .

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested in exploring other Solutions Law Press, Inc. ™ tools, products, training and other resources here and reading some of our other Solutions Law Press, Inc.™ human resources news here including the following:

If you or someone you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Comments Off on Government Contractors Get More Time To Comment On Burdens Of OFCCP Proposed Compensation Transparency Disclosure Regs | ADA, Affirmative Action, compensation transparency, Corporate Compliance, EEOC, Employers, Executive Compensation, Government Contractors, Human Resources, Internal Controls, Internal Investigations, Military Leave, Nonresident aliens, OFCCP, Rehabilitation Act, Retaliation, Risk Management, USERRA, VEVRRA, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, Independent Contractor, IT, Labor Department, Minimum Wage, Misclassification, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Encourage Workers To Review Withholding As Part Of Annual Enrollment

October 23, 2014

Still Time to Act to Avoid Surprises at Tax-Time

With the year end approaching, employers can help employees get more bank from their paycheck by encouraging the employees to review their withholding before the year end as part of their annual enrollment periods. The Internal Revenue Service (IRS) is recommends tax payers consider taking some of the following steps to avoid owing more taxes or getting a larger refund than necessary to bring the taxes you pay in advance closer to what you’ll owe when you file your tax return:

Adjust your withholding. If you’re an employee and you think that your tax withholding will fall short of your total 2014 tax liability, you may be able to avoid an unexpected tax bill by increasing your withholding. If you are having too much tax withheld, you may get a larger refund than you expect. In either case, you can complete a new Form W-4, Employee’s Withholding Allowance Certificate and give it to your employer. Enter the added amount you want withheld from each paycheck until the end of the year on Line 6 of the W-4 form. You usually can have less tax withheld by increasing your withholding allowances on line 5. Use the IRS Withholding Calculator tool on IRS.gov to help you fill out the form.
Report changes in circumstances. If you purchase health insurance coverage through the Health Insurance Marketplace, you may receive advance payments of the premium tax credit in 2014. It is important that you report changes in circumstances to your Marketplace so you get the proper type and amount of premium assistance. Some of the changes that you should report include changes in your income, employment, or family size. Advance credit payments help you pay for the insurance you buy through the Marketplace. Reporting changes will help you avoid getting too much or too little premium assistance in advance.
Change taxes with life events. You may need to change the taxes you pay when certain life events take place. A change in your marital status or the birth of a child can change the amount of taxes you owe. When they happen you can submit a new Form W–4 at work or change your estimated tax payment.
Be accurate on your W-4. When you start a new job you fill out a Form W-4. It’s important for you to accurately complete the form. For example, special rules apply if you work two jobs or you claim tax credits on your tax return. Your employer will use the form to figure the amount of federal income tax to withhold from your pay.
Pay estimated tax if required. If you get income that’s not subject to withholding you may need to pay estimated tax. This may include income such as self-employment, interest, or rent. If you expect to owe a thousand dollars or more in tax, and meet other conditions, you may need to pay this tax. You normally pay the tax four times a year. Use Form 1040-ES, Estimated Tax for Individuals, to figure and pay the tax.

Annual enrollment is an excellent time for employees to consider these actions, as their employee benefit elections impact on their withholding and other related tax consequences. Sharing these ideas as part of the enrollment communications can help employees get the most out of their wages and their elections.

For Help With Investigations, Policy Updates Or Other Needs

If you need help with your organization’s management,workforce classification or other labor and employment, compliance, employee benefit or compensation practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469) 767-8872 .

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

Comments Off on Encourage Workers To Review Withholding As Part Of Annual Enrollment | compensation transparency, Corporate Compliance, Employers, Employment Agreement, Executive Compensation, Government Contractors, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, CAS minimum-wage, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, government contractor, Independent Contractor, IT, Labor Department, Misclassification, OFCCP, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

OFCCP FAQs On Veteran Hiring & Telework Rules

October 21, 2014

Facing heightened requirements, audits and scrutiny of their compliance with federal contracting requirements under the Obama Administration, federal government contractors and their subcontractors should review the adequacy of their existing practices and documentation in light of two new Office of Federal Contract Compliance Programs (OFCCP) Frequently Asked Questions (FAQs) concerning veteran hiring requirements and telework positions published October 17, 2014, as well as other recent guidance and enforcement developments.

The October 17 FAQs include :
A FAQ located here on ways in which contractors may store self-identification information in compliance with the revised Section 503 regulations, and provides several options; and
A FAQ located here about how contractors may list jobs that are remote, full-time telework positions in compliance with VEVRAA’s mandatory job listing requirement.

Audit and enforcement of discrimination and a host of other government contractor requirements is a key enforcement and audit priority of the Obama Administration. Additionally, the Obama Administration has expanded and tightened a wide range of OFCCP and other government contracting standards, reporting, notice and other requirements as part of its efforts to promote affirmative action, prounion and other regulatory agendas, particularly in light of challenges experienced in enacting legislation implementing these policy goals given the divided control of the House versus Senate in Congress.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

Comments Off on OFCCP FAQs On Veteran Hiring & Telework Rules | compensation transparency, Corporate Compliance, Employers, Employment Agreement, Executive Compensation, Government Contractors, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, CAS minimum-wage, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, government contractor, Independent Contractor, IT, Labor Department, Misclassification, OFCCP, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Shell Oil/Motiva Enterprises $4.5M FLSA Overtime Backpay Settlement Reminder To Pay Workers Properly

September 16, 2014

Shell Oil Co. and Motiva Enterprises LLC, which markets Shell gasoline and other products, will pay $4,470,764 in overtime back wages to 2,677 current and former chemical and refinery employees to settle Department of Labor (Labor Department) charges they violated the Fair Labor Standards Act (FLSA). The settlement with the Labor Department announced September 16, 2014 reminds businesses of the importance of properly tracking and paying workers for all compensable hours in accordance with the FLSA and other laws.

The FLSA requires that covered employees be paid at least the federal minimum wage of $7.25 per hour. Workers who are not employed in agriculture and not otherwise exempt from overtime compensation are entitled to time and one-half their regular rates of pay for every hour they work beyond 40 per week. The law also requires employers to maintain accurate records of employees’ wages, hours and other conditions of employment, and it prohibits employers from retaliating against employees who exercise their rights under the law.

The settlement resolves charges made by the Labor Department’s Wage and Hour Division based on investigations at eight Shell and Motiva facilities in Alabama, California, Louisiana, Texas and Washington, which the Labor Department says found that the companies violated FLSA overtime provisions by not paying workers for the time spent at mandatory pre-shift meetings and failing to record the time spent at these meetings.

The Labor Department also says the investigations also revealed that those eight Shell Oil and Motiva refineries failed to pay workers for time spent attending mandatory pre-shift meetings. The companies required the workers to come to the meetings before the start of their 12-hour shift. Because the companies failed to consider time spent at mandatory pre-shift meetings as compensable, employees were not paid for all hours worked and did not receive all of the overtime pay of time and one-half their regular rate of pay for hours worked over 40 in a workweek. Additionally, the refineries did not keep accurate time records.

Shell, with U.S. headquarters in Houston, is an oil and natural gas producer involved in processing crude oil to manufacture energy products, including gasoline, diesel fuel, jet fuel and petroleum coke. Motiva, which is partially owned by Shell, is a leading refiner, distributor and marketer of fuels in the Eastern and Gulf Coast regions of the United States. It markets petroleum products under the Shell brand.

In addition to paying backpay, Shell and Motiva have signed settlement agreements that call for training of managers, payroll personnel and human resources personnel on the FLSA’s requirements. The training will stress the importance of requiring accurate recording and pay for all hours worked with emphasis on pre-and post-shift activities.

The settlement reflects the importance for all employers to properly classify, track and keep records of hours and compensation, and pay workers covered by the FLSA. “Employers are legally required to pay workers for all hours worked,” said U.S. Secretary of Labor Thomas E. Perez. “Whether in the international oil industry, as in this case, or a local family-run restaurant, the Labor Department is working to ensure that responsible employers do not experience a competitive disadvantage because they play by the rules.”

Employers Should Strengthen Practices For Defensibility

To minimize exposure under the FLSA, employers should review and document the defensibility of their existing practices for classifying and compensating workers under existing Federal and state wage and hour laws and take other actions to minimize their potential liability under applicable wages and hour laws. Steps advisable as part of this process include, but are not necessarily limited to:

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

Because of the potentially significant liability exposure, employers generally will want to consult with qualified legal counsel before starting their risk assessment and assess risks and claims within the scope of attorney-client privilege to help protect the ability to claim attorney-client privilege or other evidentiary protections to help shelter conversations or certain other sensitive risk activities from discovery under the rules of evidence.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

Comments Off on Shell Oil/Motiva Enterprises $4.5M FLSA Overtime Backpay Settlement Reminder To Pay Workers Properly | Corporate Compliance, Employers, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, Independent Contractor, IT, Labor Department, Minimum Wage, Misclassification, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

OFCCP Proposes Compensation Transparency Mandates For Government Contractors

September 16, 2014

Government contractors should brace for more employee scrutiny, employee organizing and other employee and government pressure on compensation practices if the U.S. Department of Labor’s Office of Federal Contract Compliance Programs proceeds with plans to adopt a Proposed Rule on compensation transparency that would prohibit federal contractors from maintaining pay secrecy policies announced by the Obama Administration yesterday (September 15, 2014). Under the terms of the Proposed Rule, federal contractors and subcontractors may not fire or otherwise discriminate against any employee or applicant for discussing, disclosing or inquiring about their compensation or that of another employee or applicant and also will face other new obligations. Government contractors concerned about the potential burdens of compliance with the Proposed Rule should act promptly to review and submit comments on the Proposed Rule within 90 days of its official publication in the Federal Register tomorrow (September 17, 2014).

The Proposed Rule scheduled for publication in the Federal Register on September 17, 2014 would:

Amend the equal opportunity clauses in Executive Order 11246 to afford protections to workers who talk about pay to include the nondiscrimination provision in Executive Order 13665.
Add definitions for compensation, compensation information, and essential job functions, terms which appear in the revised clauses.
Provide that contractors could use against allegations of discrimination under Executive Order 13665 one of the following two defenses as long as that defense is not based on a rule, policy, practice, agreement or other instrument that prohibits employees or applicants from discussing or disclosing their compensation or that of other employees consistent with the provisions in the equal opportunity:
- That the action was based on a legitimate workplace rule that does not violate the transparency rule; or
- That the adverse action was against an employee, who the employer entrusted with confidential compensation information of other employees or applicants as part of his or her essential job functions, for disclosing the compensation of other employees or applicants, unless the disclosure occurs in certain limited circumstances; and
- the Proposed Rule’s compensation transparency requirement; or

Add a requirement that Federal contractors to tell employees and job applicants of the nondiscrimination protection created by Executive Order 13665 using specific language dictated by the OFCCP in handbooks and manuals, and through electronic or physical postings.
In addition, OFCCP also is considering requiring government contractors that provide manager training or meetings to include nondiscrimination based on pay in their existing manager training programs or meetings while encouraging other contractors to adopt this as a best practice for minimizing the likelihood of workplace discrimination.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

Comments Off on OFCCP Proposes Compensation Transparency Mandates For Government Contractors | compensation transparency, Corporate Compliance, Employers, Employment Agreement, Executive Compensation, Government Contractors, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, Independent Contractor, IT, Labor Department, Minimum Wage, Misclassification, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Labor Department Adds State Unemployment Insurance To War Against Worker Misclassification

September 15, 2014

The already significant enforcement risks of employers caught misclassifying workers as independent contractors, leased employees or in some other non-employee status are set to rise more as a result of more than $10 million in grants to 19 states announced today (September 15, 2014) by the U.S. Department of Labor (Labor Department). The grants add a new wrinkle to the ever-expanding campaign waged against employers that fail to fulfill legal responsibilities with respect to employees as a result of the misclassification of workers that the Labor Department and other federal and state agencies.

Grants To Help States Employers That Underpay Unemployment Insurance Taxes Due To Misclassification

In the latest wrinkle in its ever-expanding war against employers that avoid providing rights, paying taxes or fulfilling other employer responsibilities toward certain workers misclassified by the employer as independent contractor or in other non-employee statuses, the Labor Department awarded $10,225,183 to 19 states to implement or improve worker misclassification detection and enforcement initiatives in unemployment insurance (UI) programs. For a chart showing the grant recipients and amounts announced today, see here.

“This is one of many actions the department is taking to help level the playing field for employers while workers receive appropriate rights and protections,” said U.S. Secretary of Labor Thomas E. Perez. “Today’s federal grant awards will enhance states’ ability to detect incidents of worker misclassification and protect the integrity of state unemployment insurance trust funds.”

According to the Labor Department’s announcement of the grants, states will use the funds to increase the ability of state UI tax programs to identify instances where employers improperly classify employees as independent contractors or fail to report the wages paid to workers at all. The states that were selected to receive these grants will use the funds for a variety of improvements and initiatives, including enhancing employer audit programs and conducting employer education initiatives.

While several states have existing programs designed to reduce worker misclassification, this is the first year that the Labor Department has awarded grants dedicated to this effort. The Consolidated Appropriations Act of 2014 authorized this grant funding for “activities to address the misclassification of workers.

Under an innovative, “high-performance bonus” program, four states will receive a share of $2 million in additional grant funds due to their high performance or most improved performance in detecting incidents of worker misclassification. The remaining $8,225,183 was distributed to 19 states in competitive grants. The maximum grant available under the competitive grant award process was $500,000.

Broader War Against Employee Misclassification By Employers

The grants to help states detect and prosecute employer that underpay unemployment insurance contributions is part of a broader and growing campaign against employers that fail to fulfill employment, immigration, tax or other laws by misclassifying workers who by law properly should be treated as common law employees but that the employer treats as working as independent contractors, leased employees or in other non-employed capacities.

Under the Obama Administration, Labor Department, Immigration, tax and other agencies increasingly are successfully identifying and prosecuting businesses for violating the law by misclassification of certain workers as not employed by the business who under the facts and circumstances the agencies view as common law employees of the business. See.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay; Employer Faces $2M FLSA Lawsuit For Alleged Worker Misclassification; OIG 2013 Top Management Challenges List Signals Tightening of Labor Department Enforcement; New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers; 12 Steps Every Employer With A Health Plan Should Do Now No Matter Who Wins the Election.

The rollout of new health benefit mandates as part of the sweeping reforms enacted under the Patient Protection and Affordable Care Act (ACA) is further expanding the liability of misclassification and the risk of enforcement against employers.

Among other things, the employer mandates of ACA soon will require certain large employers either to provide health coverage meeting the requirements of ACA or pay the “employer penalty” established under Internal Revenue Code Section 4980H. While the rule now is delayed until 2015 for employers with more than 100 or more full-time and full-time equivalent employees and 2016 for employers of 50 or more full-time and full-time equivalent employees, ACA generally relies on the common law employment tests used under the FLSA and other federal and state laws determine which employers are considered large employers. It also requires employers provide other rights to workers who are considered common law employees under these rules.

Employers Should Strengthen Practices For Defensibility

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

Comments Off on Labor Department Adds State Unemployment Insurance To War Against Worker Misclassification | Corporate Compliance, Employers, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, Independent Contractor, IT, Labor Department, Minimum Wage, Misclassification, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Employer Faces $2M FLSA Lawsuit For Alleged Worker Misclassification

December 26, 2013

Health Care Reform Adds Fuel To Enforcement Fire

Employers must ensure they can defend their treatment of workers as as independent contractors or otherwise exempt from wage and hour and overtime requirements and take other steps to manage wage and hour risks that can arise under the Fair Labor Standards Act (FLSA) and other laws to when caught misclassifying workers. That’s the clear message the U.S. Department of Labor (Labor Department) is sending to employers by filing lawsuits against employers like the one it recently announced against Wang’s Partner Inc., doing business as Hibachi Grill and Supreme Buffet in Jonesboro, and its owner, Shu Wang, to recover $1,997,726 in back wages and liquidated damages for 84 employees.

The FLSA requires that covered employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. The requirements generally apply to any workers that the employer who receives its services cannot prove is not its common law employee or an exempt employee within the meaning of the FLSA. In general, “hours worked” includes all time an employee must be on duty, or on the employer’s premises or at any other prescribed place of work, from the beginning of the first principal work activity to the end of the last principal activity of the workday. Additionally, the law requires that accurate records of employees’ wages, hours and other conditions of employment be maintained. These requirements generally apply for all workers who the facts and circumstances reflect are common law employees and otherwise do not qualify as exempt employees under the FLSA. Violations of these requirements can result significant backpay and other damage awards to private plaintiffs, backpay and penalties assessments or settlements from Labor Department suits, and, if the violation is found willful, criminal liability.

Wang’s Partner Inc. Suit

The lawsuit against Want’s Partner Inc. shows employers the importance of avoiding improperly classifying workers as independent contractors for purposes of the FLSA. Employers that inappropriately classify workers as independent contractors often fail to maintain appropriate time and other records, pay minimum wage and overtime and violate other FLSA requirements. In general, a business receiving services of a worker generally bears the burden of providing that the worker is not its common law employee under the applicable facts and circumstances test applicable under the FLSA.

As in many other enforcement areas, the Labor Department Wage and Hour Division in recent years has stepped up its scrutiny of employer relationships with workers treated as independent contractors. The Labor Department and many other agencies increasingly view the misclassification of workers as something other than employees, such as independent contractors, as a serious problem for affected employees, employers and to the entire economy. According to the Labor Department, misclassified employees are often denied access to critical benefits and protections, such as family and medical leave, overtime, minimum wage and unemployment insurance and other rights. The Labor Department also says employee misclassification also generates substantial losses to state and federal treasuries, and to the Social Security and Medicare funds, as well as to state unemployment insurance and workers compensation funds. To address these and other concerns, the Labor Department has joined other agencies like the Internal Revenue Service increasingly is challenging employers’ treatment of workers as exempt from FLSA and other legal obligations as independent contractors or otherwise.

The lawsuit in the Northern District of Georgia against Wang’s Partner, Inc. illustrates this trend. One of the growing number of lawsuits and other enforcement actions resulting from this trend, the suit shows the significant exposures that an employer risks by misclassifying workers as independent contractors or otherwise exempt from the FLSA. The Labor Department says an investigation revealed that Wang’s Partner Inc. misclassified workers as independent contractors and engaged in numerous violations of the FLSA. The Labor Department seeks $1,997,726 in back wages and liquidated damages for 84 employees.

The Labor Department says investigators from the division’s Atlanta district office found that the employer misclassified servers as independent contractors, failed to pay servers and kitchen staff at least the federal minimum wage of $7.25 per hour and failed to pay overtime compensation at time and one-half employees’ regular rates for hours worked beyond 40 in a work week. Additionally, the employer did not maintain accurate records of hours worked and wages paid.

In announcing the Wang’s Partner Inc. lawsuit, the Labor Department warned employers against similar misclassification of workers. “The U.S. Department of Labor is committed to ensuring that all workers receive the wages to which they are legally entitled,” said Secretary of Labor Thomas E. Perez. “We will not stand by while employers use business models that hurt workers, their families and law-abiding employers. This lawsuit illustrates that the department will use every enforcement tool necessary to resolve cases where employees are unlawfully treated as independent contractors, and vulnerable workers are not paid the minimum wage.”

FLSA Violations Generally Costly; Enforcement Rising

The Labor Department’s prosecutions against employers arising from misclassification of workers document the Labor Department is acting in accordance with this warning. In recent years, misclassification of workers increasingly has become an element in its FLSA and other enforcement actions. According to the Labor Department, misclassified employees are often denied access to critical benefits and protections, such as family and medical leave, overtime, minimum wage and unemployment insurance and other rights. The Labor Department also says employee misclassification also generates substantial losses to state and federal treasuries, and to the Social Security and Medicare funds, as well as to state unemployment insurance and workers compensation funds. To address these and other concerns, the Labor Department has joined other agencies like the Internal Revenue Service increasingly is challenging employers’ treatment of workers as exempt from FLSA and other legal obligations as independent contractors or otherwise.Whether due to mischaracterization of workers as independent contractors or as common law employees that qualify as exempt under the FLSA rules, the Labor Department increasingly is acting on its promise to go after employers that violate the FLSA based on worker misclassifications.

In 2012, for instance, First Republic Bank paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions. The Labor Department announced the settlement resulting in the payment on November 27, 2012.

The settlement came after an investigation by the Labor Department’s Wage and Hour Division found that the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.

In announcing the settlement with First Republic Bank, the Labor Department warned employers to confirm the appropriateness of their classification of workers. “It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”

The Wang’s Partner Inc and First Republic Bank enforcement actions are not unique. The Labor Department and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers. Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay.

In an effort to further promote compliance and enforcement of these rules, the Labor Department is using smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers. As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the Labor Department and private litigation.

Health Care Reform Adds Risks, Fuels More Enforcement

Among other things, the employer mandates of ACA, now delayed until 2015, generally will require employers of 50 or more full-time employees either to provide health coverage meeting the requirements of ACA or pay the “employer penalty” established under Internal Revenue Code Section 4980H. While the rule now is delayed until 2015, the employment data for 2014 will be used to determine what employees that an employer must take into account for purposes of this rule. ACA generally relies on the common law employment tests used under the FLSA to make this determination. It also requires employers provide other rights to workers who are considered common law employees under these rules.

Employers Should Strengthen Practices For Defensibility

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

Comments Off on Employer Faces $2M FLSA Lawsuit For Alleged Worker Misclassification | Corporate Compliance, Employers, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FLSA, FSLA, Independent Contractor, IT, Labor Department, Minimum Wage, Misclassification, Overtime, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

New Final FLSA Rule Gives Home Workers Minimum Wage, Overtime, Other FLSA Protections

September 18, 2013

Health care and other parties employing or otherwise engaging the services of home care workers should review and update their policies and practices for scheduling, tracking hours worked and paying these workers to ensure that they comply by January 1, 2015 with a new final rule announced by the U.S. Department of Labor’s Wage and Hour Division today (September 18, 2013). Today’s announcement of the regulatory changes means employers of home care workers can expect to see costs rise and also will join most other U.S. businesses that must worry about getting caught in minimum wage and overtime enforcement traps.

New Home Care Worker Rules Effective January 2015

Under the new final rule, the Labor Department extends the Fair Labor Standards Act’s minimum wage and overtime protections to most of the nation’s direct care workers who provide essential home care assistance to elderly people and people with illnesses, injuries, or disabilities beginning January 1, 2015.

The new final rule generally will require that the approximately two million home care workers such as home health aides, personal care aides, and certified nursing assistants will qualify for minimum wage and overtime. Employers engaging these services also generally will need to keep records and comply with other FLSA requirements with respect to these workers as well.

In anticipation of the rollout of these new protections, the Labor Department is kicking off a public outreach campaign to educate home care workers and their employers about the rule change. The Department will be hosting five public webinars during the month of October and has created a new, dedicated web portal here with fact sheets, FAQs, interactive web tools, and other materials.

The Labor Department’s focus on home workers is an extension of its expanded regulation and enforcement efforts targeting a broad range of health care industry employers. Home care and other health industry employers should act to manage their rising exposures to minimum wage, overtime and other federal and state wage and hour law risks.

The impending change in the treatment of home care workers is part of a larger commitment by the Obama Administration to both expansion and enforcement of the FLSA’s minimum wage and overtime provisions, and a specific program targeting employers in health care and related services industries.

The Obama Administration since taking office has conducted an aggressive campaign seeking to significantly increase the minimum wage under the FLSA and expand other protections. Along with this proactive regulatory agenda, the Obama Administration also specifically is aggressively targeting health care and other caregiver businesses in its enforcement and audit activities. See, e.g. Home health care company in Dallas agrees to pay 80 nurses more than $92,000 in back wages following US Labor Department investigation; US Department of Labor secures nearly $62,000 in back overtime wages for 21 health care employees in Pine Bluff, Ark.; US Department of Labor initiative targeted toward increasing FLSA compliance in New York’s health care industry; US Department of Labor initiative targeted toward residential health care industry in Connecticut and Rhode Island to increase FLSA compliance; Partners HealthCare Systems agrees to pay 700 employees more than $2.7 million in overtime back wages to resolve U.S. Labor Department lawsuit; US Labor Dnda epartment sues Kentucky home health care provider to obtain more than $512,000 in back wages and damages for 22 employees; and Buffalo, Minn.-based home health care provider agrees to pay more than $150,000 in back wages following US Labor Department investigation.

Violation of wage and hour laws exposes health care and other employers to significant back pay awards, substantial civil penalties and, if the violation is found to be willful, even potential criminal liability. Because states all have their own wage and hour laws, employers may face liability under either or both laws. Coupled with these and other enforcement efforts against health and other caregiver businesses, today’s announcement reflects enforcement risks will continue to rise for employers of home care workers.

In light of the proposed regulatory changes and demonstrated willingness of the Labor Department and private plaintiffs to bring actions against employers violating these rules, health care and others employing home care workers should take well-documented steps to manage their risks. These employers should both confirm the adequacy of their practices under existing rules, as well as evaluate and begin preparing to respond to the proposed modifications to these rules. In both cases, employers of home care or other health care workers are encouraged to critically evaluate their classification or workers, both with respect to their status as employees versus contractor or leased employees, as well as their characterization as exempt versus non-exempt for wage and hour law purposes. In addition, given the nature of the scheduled frequently worked by home care givers, their employers also generally should pay particular attention to the adequacy of practices for recordkeeping.

Of course, the home care and health care industry are not the only industries that need to worry about FLSA enforcement. The Obama Administration is very aggressive in its enforcement of wage and hour and overtime laws generally. For instance, First Republic Bank recently paid $1,009,643.93 in overtime back wages for 392 First Republic Bank employees in California, Connecticut, Massachusetts, New York and Oregon after the Labor Department found the San Francisco-based bank wrongly classified the employees as exempt from the FLSA’s overtime and recordkeeping requirements, resulting in violations of the Fair Labor Standards Act’s overtime and record-keeping provisions. The Labor Department announced the settlement resulting in the payment on November 27, 2012. The settlement resulted from an investigation by the Labor Department that found the San Francisco-based bank wrongly classified the employees as exempt from overtime, resulting in violations of the FLSA’s overtime and record-keeping provisions.

The FLSA requires that covered, nonexempt employees be paid at least the federal minimum wage of $7.25 for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.

While the FLSA provides an exemption from both minimum wage and overtime pay requirements for individuals employed in bona fide executive, administrative, professional and outside sales positions, as well as certain computer employees, job titles do not determine the applicability of this or other FLSA exemptions. In order for an exemption to apply, an employee’s specific job duties and salary must meet all the requirements of the department’s regulations. To qualify for exemption, employees generally must meet certain tests regarding their job duties and be paid on a salary basis at not less than $455 per week.

Investigators found that First Republic Bank failed to consider the FLSA’s criteria that allow certain administrative and professional employees to be exempt from receiving overtime pay. In fact, the employees were entitled to overtime compensation at one and one-half times their regular rates for hours worked over 40 in a week. Additionally, the bank failed to include bonus payments in nonexempt employees’ regular rates of pay when computing overtime compensation, in violation of the act. Record-keeping violations resulted from the employer’s failure to record the number of hours worked by the misclassified employees.

“It is essential that employers take the time to carefully assess the FLSA classification of their workforce,” said Secretary of Labor Hilda L. Solis in the Labor Department’s announcement of the settlement. “As this investigation demonstrates, improper classification results in improper wages and causes workers real economic harm.”

FLSA Violations Generally Costly; Enforcement Rising

The enforcement record of the Labor Department confirms that employers that improperly treat workers as exempt from the FLSA’s overtime, minimum wage and recordkeeping requriements run a big risk. The Labor Deprtment and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers. Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay. In an effort to further promote compliance and enforcement of these rules, the Labor Department is using smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers. As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the Labor Department and private litigation.

Employers Should Strengthen Practices For Defensibility

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

Comments Off on New Final FLSA Rule Gives Home Workers Minimum Wage, Overtime, Other FLSA Protections | Corporate Compliance, Employers, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Cascom Inc. Owner Must Pay Nearly $1.5 M After Company Misclassified Employees As Independent Contractors

August 30, 2013

The owner of a now-defunct Ohio business, Cascom Inc., will pay a heavy price for now defunct Cascom, Inc.’s misclassification of workers as independent contractors and resulting wage and hour and overtime violations. U.S. businesses, their owners and their leaders should heed the strong warning to employers about the risks of misclassification of workers provided by the judgment and statements included in the Department of Labor (DOL) announcement of the court’s decision and take appropriate steps to audit and correct as necessary worker classification and other practices that Another in the growing tidal wave of judicial and administrative orders and settlements nailing businesses, their owners and management for misclassifications of workers resulting in violations of Federal employment, tax or other laws, the U.S. District Court for the Southern District of Ohio has ordered Cascom Inc. back wages and liquidated damages totaling $1,474,266 to approximately 250 cable installers that the court ruled that the Cascom Inc. misclassified as independent contractors in violation of the Fair Labor Standards Act (FLSA).

The misclassification of employees as something other than employees, such as independent contractors, presents a serious problem for affected employees, employers and the economy. Misclassified employees are often denied access to critical benefits and protections — such as family and medical leave, overtime, minimum wage and unemployment insurance — to which they are entitled. Employee misclassification also generates substantial losses to the Treasury and the Social Security and Medicare funds, as well as to state unemployment insurance and workers’ compensation funds. To nix these and other concerns, the DOL, Internal Revenue Services, Department of Health & Human Services, Customs & Immigration and other federal agencies increasingly are going after businesses that misclassify workers as non-employees.

Cascom Inc. In A Nutshell

The Cascom Inc. decision is one of a fast-growing list of situations where DOL or other agencies or private plaintiffs obtained judgments or settlements under the FLSA for employers that failed to comply with these FLSA obligations because the business treated workers that under the facts and circumstances were common law employees as independent contractors or otherwise exempt from the FLSA. See Solis v. Cascom Inc.

The FLSA generally requires that a business pay covered, nonexempt employees at least the federal minimum wage of $7.25 per hour for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.

For purposes of determining if a worker is an employee protected by the FLSA, the FLSA distinguishes an employment relationship from an independent contractor or other non-employed contractual relationship. The protections of the FLSA apply only to employees. An employee — as distinguished from a person who in a business of his or her own — is one who, as a matter of economic reality, follows the usual path of an employee and is dependent on the business that he or she serves. For more information, visit here.

The judgment jointly against Cascom Inc. and its owner, Julia J. Gress, arose following a damages hearing held in connection with a lawsuit originally filed by the U.S. Department of Labor (DOL) in 2009 based on a DOL Wage and Hour Division investigation which found that Cascom Inc. failed to pay overtime and engaged in other FLSA violations as a result of its wrongful classification of workers as independent contractors rather than employees. The court previously ruled in September 2011 that Cascom Inc. and its owner, Julia J. Gress, violated the FLSA by failing to compensate employees for hours worked in excess of 40 per work week because they were misclassified as independent contractors.

The installers were found to be employees covered by the FLSA, rather than independent contractors. The court found Cascom Inc. liable for $737,133 in back wages and an equal amount in liquidated damages, collectible from both from the company and its owner. Since the litigation began, the company has ceased operations. Consequently, DOL plans to collect damages from owner Gress.

Employer Misclassification Audits & Enforcement Significant Risk For US Businesses

The prosecution by DOL of Cascom Inc. under the FLSA reflects the increased readiness of the DOL and other agencies to scrutinize and challenge the characterization by a business of workers as independent contractors exempt from the FLSA or other federal requirements on the obligations of an employer to an employee. DOL and other federal agencies increasingly scrutinize the treatment by employers of a worker as an independent contractor and prosecute employers when DOL determines that FLSA or other legal obligations that the employer violated because the employer misclassified the workers.

Wage and hour laws are only one of a myriad of areas where the Department of Labor, Internal Revenue Service and other federal and state regulators increasingly are scrutinizing worker classifications to uncover violations of applicable law resulting from the mischaracterization of workers as exempt or as non-employee service providers.

The enforcement record of the Labor Department confirms that employers that improperly treat workers as exempt from the FLSA’s overtime, minimum wage and recordkeeping requirements run a big risk. The Labor Department and private plaintiffs alike regularly target employers that use aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers. Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Million+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay; Banks’ $1Million Overtime Settlement Shows Risks of Misapplying FLSA’s Administrative Exemption; Employer Charged With Misclassifying & Underpaying Workers To Pay $754,578 FLSA Backpay Settlement; $1 Million + FLSA Overtime Settlement Shows Employers Should Tighten On-Call, Other Wage & Hour Practices.

Meanwhile, the Internal Revenue Service (IRS) continues to conduct worker classification audits while encouraging employers to self correct existing payroll tax misclassifications by participating in a new Voluntary Worker Classification Settlement Program (“Settlement Program”) announced in September. However the limited scope of the relief provided makes use of the program challenging for most employers. See New IRS Voluntary IRS Settlement Program Offers New Option For Resolving Payroll Tax Risks Of Misclassification But Employers Also Must Manage Other Legal Risks; Medical Resident Stipend Ruling Shows Health Care, Other Employers Should Review Payroll Practices; Employment Tax Takes Center Stage as IRS Begins National Research Project , Executive Compensation Audits.

While these and other agencies continue to keep the heat up on employers that misclassify workers, Congress also continues to consider legislation that would further clarify and tighten worker classification rules. See e.g., Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; New IRS Worker Classification Settlement Program and Its Risks.

The uptake in worker misclassification related prosecutions is no accident. In her November 3, 2011 testimony to the House Subcommittee on Workforce Protections Committee on Education and the Workforce, U.S. Labor Department Wage & Hour Division (WHD) Deputy Administrator (WHD) Nancy Leppink confirmed that the Labor Department is joining a growing list of federal and state agencies that are making ending employee misclassification an audit and enforcement priority. Ms Leppink testified that “employee misclassification is a serious and, according to all available evidence, growing problem” that the Obama Administration is “committed to working to end.” See Testimony of Nancy J. Leppink, Deputy Wage and Hour Administrator, Wage and Hour Division, U.S. Department of Labor before the Subcommittee on Workforce Protections, Committee on Education and the Workforce, U.S. House of Representatives (November 3, 2011).

Her testimony also makes clear that interagency coöperation and sharing of information among agencies is an increasingly valuable tool to this effort. Ms. Leppink told the Subcommittee that the Labor Department is a part of a multi-agency Misclassification Initiative that seeks to strengthen and coördinate Federal and State efforts to enforce violations of the law that result from employee misclassification.

According to Ms. Leppink, the WHD’s exchange of information about investigations with other law enforcement agencies is as “particularly important with respect to our efforts to combat the violations of our laws that occur because of employees who are misclassified as independent contractors or other non-employees.” On September 19, 2011 the Labor Department and Internal Revenue Service (IRS) signed a Memorandum of Understanding (MOU) to share information about investigations with each other. The MOU helps the IRS investigate if employers the Labor Department has found in violation of federal labor laws have paid the proper employment taxes. Similarly, the WHD also entered into memoranda of understandings with several state labor agencies that allow the Labor Department to share information about its investigations and coordinate misclassification enforcement when appropriate.

“These agreements mean that all levels of government are working together to solve this critical problem,” she said.

Statements by the DOL in its announcement of its victory in Cascom Inc. confirm that the DOL’s enforcement resolve remains strong. The DOL sent a clear warning to employers that DOL and other agencies are targeting employers that violate minimum wage and overtime, tax, and other laws by misclassifying workers that are employees as independent contractors in its press release about the Cascom, Inc. ruling, which states:

“The misclassification of employees as something other than employees, such as independent contractors, presents a serious problem for affected employees, employers and the economy. Misclassified employees are often denied access to critical benefits and protections — such as family and medical leave, overtime, minimum wage and unemployment insurance — to which they are entitled. Employee misclassification also generates substantial losses to the Treasury and the Social Security and Medicare funds, as well as to state unemployment insurance and workers’ compensation funds.”.

Employers Urged To Audit & Strengthen Worker Classification Practices

As Federal and state regulators take aim at misclassification abuses, U.S. employers need to review each arrangement where their business receives services that the business treats as not employed by their business, as well as any employees of their business that the business treats as exempt employees keeping in mind that they generally will bear the burden of proving the appropriateness of that characterization for most purposes of law.

To guard against these and other growing risks of worker classification, employers receiving services from workers who are not considered employees for purposes of income or payroll should review within the scope of attorney-client privilege the defensibility of their existing worker classification, employee benefit, fringe benefit, employment, wage and hour, and other workforce policies and consult with qualified legal counsel about the advisability to adjust these practices to mitigate exposures to potential IRS, Labor Department or other penalties associated with worker misclassification.

Review and management of these issues is particularly timely in light of the opening by the Internal Revenue Service (IRS) of a new settlement program for resolving payroll tax issues resulting from misclassification. Given broader labor and other risks, however, before taking advantage of a new Internal Revenue Service program offering employers the opportunity to resolve potential payroll tax liabilities arising from the misclassification of workers, employers should consider and develop a risk management their overall worker misclassification liability exposures. See “New IRS Worker Classification Settlement Program and its Risks,” in the January, 2011 issue of the Dallas Bar Journal To read her article, see page 8 of the January, 2012 Dallas Bar Journal here.

For Help or More Information

If you need help with worker classification or other human resources or internal controls matters, please contact the author of this article, Cynthia Marcotte Stamer. Board Certified in Labor & employment Law by the Texas Board of Legal Specialization,management attorney, author and consultant Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping private and governmental organizations and their management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; schools and other governmental agencies and others design, administer and defend innovative compliance, risk management, workforce, compensation, employee benefit, privacy, procurement and other management policies and practices. Her experience includes extensive work helping employers carry out, audit, manage and defend worker classification,union-management relations, wage and hour, discrimination and other labor and employment laws, procurement, conflict of interest, discrimination management, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions.

Widely published on worker classification and other workforce risk management and compliance concerns, the immediate past-Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee and current Co-Chair of its Welfare Plan Committee, Vice Chair of the ABA TIPS Section Employee Benefits Committee, a Council Representative of the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, worker classification, re-engineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.

Comments Off on Cascom Inc. Owner Must Pay Nearly $1.5 M After Company Misclassified Employees As Independent Contractors | Corporate Compliance, Employers, Fair Labor Standards Act, Human Resources, Internal Controls, Internal Investigations, Wage & Hour | Tagged: department of labor, Employment, Health Care, Independent Contractor, Overtime, payroll tax, Wage & Hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Use New Government Health Care Reform Resources With Care

July 22, 2013

While large employers are getting an additional year to collect data and make other preparations to comply with the “pay-or-play” rules in the shared responsibility provisions of new Internal Revenue Code Section 4980H under the extension announced by the Administration in early July, all employers still have much to do stay on top of the developing rules and make the arrangements necessary to prepare to comply with the current and 2014 federal health plan mandates of the Patient Protection & Affordable Care Act (ACA) and other federal laws.

As the Departments of Health & Human Services, Labor and Treasury continue to refine and roll out guidance implementing these rules, the agencies recently released various updated resources discussing these evolving rules. Among others, Publication 5093, Healthcare Law Online Resources, lists ACA resources from the IRS, the Departments of Health & Human Services and Labor, and the Small Business Administration. Meanwhile, IRS.gov and HealthCare.gov also have new ACA webpages.

While these updated resources are intended by the agencies to help acquaint businesses with ACA’s requirements, businesses and the insurers and administrators that offer health benefit services need to keep in mind that these resources have risk and limitations. As the agencies are continuing to refine the rules, these resources often do not reflect the most current or emerging guidance or status of rules. Additionally, government provided explanations, model forms and resources often incorporate provisions or interpretations that are biased against the interests of the businesses, or contain other provisions that may not fully inform the business to all of its options. Furthermore, because of limitations in jurisdiction and other constraints, guidance issued by an agency or agency that reflects that certain approaches may satisfy the requirements of the rules specifically addressed by the guidance often do not disclose or adequately communicate potential concerns with certain types of actions under other applicable requirements.

For instance, model exchange notices published by the Department of Labor this Spring to assist employers to provide the notifications about federal exchange coverage options that ACA requires employers distribute by October 1 contain many provisions beyond the content actually required to meet the notice requirements. The Labor Department in announcing the model notices indicated that its model language includes discretionary provisions which the Department thought some employers might want to include to minimize questions from employees about employer provided benefits that employees interested in pursuing subsidized coverage could be expected to need to apply for subsidies. While as of now, exchanges and subsidies still are scheduled to come on line January 1, 2014, the Obama Administration extended the employer “pay-or-play” mandate of Code Section 4980 and its associated employer reporting requirements, as well as has established that it does not plan to verify eligibility for subsidies requested by individuals enrolling in exchanges in 2014. Given this, most employers will want to consider carefully the specific content that they wish to include in the exchange notice as they prepare the notice in anticipation of its distribution in October.Accordingly, all businesses dealing with these issues are encouraged to arrange for comprehensive advice from qualified legal counsel familiar with these requirements and other related human resources, health care, insurance and employee benefit issues.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized for her extensive work, publications and leadership on HIPAA and other privacy and data security concerns, Ms. Stamer has extensive experience representing, advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical and other privacy and data security, employment, employee benefits, and to handle other compliance and risk management policies and practices; to investigate and respond to OCR and other enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

A Fellow in the American College of Employee Benefit Counsel, State Bar of Texas and American Bar Association, Vice President of the North Texas Health Care Compliance Professionals Association, the Former Chair of the ABA RPTE Employee Benefit & Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice Chair of the ABA TIPS Employee Benefit Committee, an ABA Joint Committee on Employee Benefits Council Representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer serves as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR. Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights on HIPAA and other data privacy and security concerns appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the third year will serve in 2013 as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance often appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, SHRM, HIMMS, the American Bar Association, the Health Care Compliance Association, a multitude of health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others. You can get more information about her HIPAA and other experience here.

In addition to this extensive HIPAA specific experience, Ms. Stamer also is recognized for her experience and skill aiding clients with a diverse range of other employment, employee benefits, health and safety, public policy, and other compliance and risk management concerns.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a member of the Editorial Advisory Board and expert panels of HR.com, Employee Benefit News, InsuranceThoughtLeadership.com, and Solutions Law Press, Inc., management attorney and consultant Ms. Stamer has 25 years of experience helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. In addition to her continuous day-to-day involvement helping businesses to manage employment and employee benefit plan concerns, she also has extensive public policy and regulatory experience with these and other matters domestically and internationally. A former member of the Executive Committee of the Texas Association of Business and past Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, Ms. Stamer served as a primary advisor to the Government of Bolivia on its pension privatization law, and has been intimately involved in federal, state, and international workforce, health care, pension and social security, tax, education, immigration, education and other legislative and regulatory reform in the US and abroad. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

For help with these or other compliance concerns, to ask about compliance audit or training, or for legal representation on these or other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

“Pay Or Play” Reprieve Still Leaves Employers Facing Challenging 2014 Health Care Reform Deadlines

Comments Off on Use New Government Health Care Reform Resources With Care | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

OCR Warns Others Learn From WellPoint’s $1.7 M HIPAA Settlement

July 12, 2013

WellPoint $1.7 M HIPAA Settlement Expensive Lesson On HIPAA Risks Of Leaving PHI Too Accessible In Web-Based Applications

As health plans and health care organizations increasingly jump on the Web-based application bandwagon, managed care company WellPoint Inc. (WellPoint) is learning a $1.7 million lesson about the importance of ensuring Web-based applications and portals that allow access to members or other consumers protected health information (PHI) have the administrative, technical and other security safeguards required by the Health Insurance Portability & Accountability Act (HIPAA) Privacy and Security rules.

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced late yesterday (July 11, 2013) that WellPoint has agreed to pay $1.7 million to settle OCR charges that WellPoint violated the HIPAA Security Rule and left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet by failing to implement appropriate administrative and technical safeguards in its Web-based applications. See WellPoint HIPAA Settlement Press Release.

Web-based application use is increasingly popular among health plans and their wellness programs, as well as health care providers. Employers and health plans use them both in plan administration and offer them to members to use as member tools. Health care providers use them for health care operations, as well as patient engagement and communication tools. The WellPoint settlement illustrates that managed care and other health insurers, health plans and their employer or other sponsors, health care providers, health care clearinghouses (Covered Entities) and their business associates can’t let their enthusiasm for the ease of use of these products to compromise the security of PHI.

Rather, health plans and other Covered Entities, employer and other health plan sponsors, their business associates, and the Web and other technology developers, providers and consultants marketing products, services or other solutions should learn from WellPoint’s hard lesson by ensuring that current and future Web-based applications, portals and other information system components that are or could be used to provide access to PHI incorporate the Security Rule safeguards both when originally implemented and with each subsequent upgrade.

HIPAA Privacy, Security & Breach Notification Rules Require PHI Safeguards & Other Protections

The Breach Notification Rule added to HIPAA under the Health Information Technology for Economic and Clinical Health, or HITECH Act requires HIPAA-covered entities to notify OCR, affected individuals and the media promptly of a breach of “unsecured protected health information” (UPHI) impacting more than 500 individuals. For smaller breaches, the Breach Notification Rule still requires prompt notice to affected individuals, but allows Covered Entities to disclose the breach to OCR as part of an annual breach report and to forego notification to the media. UPHI generally includes any PHI, whether or not ePHI that is not either secured or destroyed in the way described by the Breach Notification Rules.

In addition to the Breach Notification Rule, most Covered Entities and their business associates also are subject to state laws or regulations that impose similar or additional breach notification and other standards and responsibilities on the protection of personal health or other data including required notification and other responses following a breach of the security of UPHI or other PHI.

WellPoint’s $1.7 HIPAA Security Mistake

WellPoint’s $1.7 million settlement lesson resulted from an OCR investigation started in response to a breach report WellPoint submitted to comply with the Breach Notification Rules.

According to OCR, the Breach Report indicated that security weaknesses in an online application database left the electronic protected health information (ePHI) of 612,402 individuals accessible to unauthorized individuals over the Internet.

OCR says its investigation indicated that WellPoint did not implement appropriate administrative and technical safeguards as required under the HIPAA Security Rule. According to OCR, WellPoint did not:

Adequately implement policies and procedures for authorizing access to the on-line application database;
Perform an appropriate technical evaluation in response to a software upgrade to its information systems; or
Have technical safeguards in place to verify the person or entity seeking access to electronic protected health information maintained in its application database.

As a result, OCR concluded that from October 23, 2009 until March 7, 2010, WellPoint impermissibly disclosed the ePHI of 612,402 individuals by allowing access to their ePHI maintained in the application database. This data included names, dates of birth, addresses, Social Security numbers, telephone numbers and health information.

Under the resulting WellPoint HIPAA Resolution Agreement, WellPoint must pay OCR a $1.7 million settlement payment as well as take a series of corrective actions to correct the deficiencies in its policies and practices that resulted in the reported breach to minimize future risks of breaches resulting from these deficient.

OCR Warns Learn From WellPoint’s Experience

All Covered Entities and their business associates and leaders should heed the lesson sent to them by OCR in announcing the WellPoint settlement and take appropriate steps other to ensure that appropriate policies and safeguards are adopted and applied in selecting and implementing future application or system upgrades, as well as review existing systems to ensure that the security of existing systems and applications have incorporated and apply the requisite safeguards.

OCR made clear that the WellPoint settlement is intended to send a message to Covered Entities and their business associates to ensure that these steps are appropriately taken. The settlement announcement states:

This case sends an important message to HIPAA-covered entities to take caution when implementing changes to their information systems, especially when those changes involve updates to Web-based applications or portals that are used to provide access to consumers’ health data using the Internet. Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet.

The settlement announcement also reminds business associates that OCR will begin holding them directly accountable along with their Covered Entity clients for complying with many HIPAA requirements beginning in September, stating:

Beginning Sept. 23, 2013, liability for many of HIPAA’s requirements will extend directly to business associates that receive or store protected health information, such as contractors and subcontractors.

Take Documented Steps To Show You Hear OCR’s Messages

Covered entities and their business associates and leaders, and vendors and consultants offering services or products to them should take care to conduct careful and well-documented reviews and implement corrective actions necessary to show their applications and systems, policies and practices reflect their strong commitment and action to appropriately protect PHI in accordance with the expectations shown by the WellPoint HIPAA Resolution Agreement and other OCR settlements, OCR’s updated HIPAA regulations, and other OCR and industry information.

In addition to the guidance set forth in OCR’s Resolution Agreements with WellPoint and other Covered Entities, revisions to OCR’s Privacy and Security Rules in OCR’s 2013 restatement of its regulations here cause all Covered Entities and their business associates conduct a well-documented reassessment of the adequacy of their existing policies, systems and practices and steps taken to redress any uncovered gaps.

Among other things, the 2013 Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the manner required by the 2013 Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Covered Entities were required to begin complying with most of these rule changes earlier this year. However, delayed compliance dates in the 2013 Regulations allowed Covered Entities and Business Associates to delay updates to pre-existing business associate agreements and the date that OCR would begin enforcing many of the HIPAA Rules directly against business associates to September 23, 2013.

Even without the necessity Settlements like that involving WellPoint, these 2013 Regulations make it imperative that Covered Entities to take the necessary steps to conduct an appropriate and well-documented review and update as needed their systems, policies and practices, business associate agreements, training and documentation.

With self-disclosures of breaches mandated by the Breach Notification Rules and OCR audits and enforcement rising, careful documentation of these activities and its analysis is necessary so that Covered Entities can be in a position to show OCR that the risk assessments required by the Security Rules was conducted as well as the efforts and commitment of the Covered Entity or business associate in the event of a breach investigation or audit. Yesterday’s WellPoint HIPAA announcement is just the latest in an ever-growing list of examples of the expensive consequences that can result if a Covered Entity or business associate cannot produce this documentation in response to an OCR audit or investigation. See, e.g. OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards. In contrast, the OCR website also provides a multitude of examples showing how the ability to produce documentation and other evidence showing diligent efforts to comply has helped other covered entities that fall under OCR investigation to avoid or mitigate serious sanctions.

Coupled with statements by OCR about its intolerance, the WellPoint and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions against WellPoint and others, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. Covered Entities and business associates should document this review in a manner that both reflects the scope and diligence of their activities including relevant considerations and decision-making about identified potential susceptibilities and reasoning about the adequacy of safeguards and other solutions.

Because this review is likely to uncover existing or past deficiencies or breaches, most covered entities and business associates will want to discuss with qualified legal counsel the planned assessment within the scope of attorney-client privilege to understand when and how to conduct the assessment to preserve options to claim attorney-client privilege to protect sensitive work product or discussions that may result in the course of the investigation within the attorney-client communication, work product or other evidentiary privileges, evaluation of the adequacy and appropriateness of the audit and resulting investigations and its documentation, and other assistance in strengthening the defensibility of compliance and risk management activities.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

About Solutions Law Press, Inc.™

“Pay Or Play” Reprieve Still Leaves Employers Facing Challenging 2014 Health Care Reform Deadlines

1 Comment | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce

June 14, 2013

Health plans, health care providers, health care clearinghouses (covered entities) and their business associates should confirm their existing policies, practices and training for communicating with the media and others comply with the Privacy Rule requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule in light of a Resolution Agreement with Shasta Regional Medical Center (SRMC) announced by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights today (June 14, 2013).

Under the Resolution Agreement, SRMC agrees to pay $275,000 and implement a comprehensive corrective action plan (CAP) to settle an investigation that resulted when SRMC used and disclosed protected health information (PHI) of a patient to members of the media and its workforce while trying to do damage control against fraud or other allegations of misconduct involving individual patient information or circumstances. The Resolution Agreement shows how efforts to respond to press or media reports, patient or other complaints, physician or employee disputes, high profile accidents, or other events that may involve communications not typically run by privacy officers can create big exposures. While the Resolution Agreement targets a health care provider, the lessons are equally applicable to health plans and health care clearinghouses, who increasingly face their own pressure to communicate with the media and others about enforcement actions, workforce claims and other matters.

Talking Out Of Turn To Media & Others Violated HIPAA

OCR investigated SRMC after a January 4, 2012 Los Angeles Times article reported two SRMC senior leaders had met with media to discuss medical services provided to a patient. OCR’s investigation indicated that SRMC failed to safeguard the patient’s protected health information (PHI) from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce. Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.

Among other things, the specific misconduct uncovered by HHS’s investigation indicated that from December 13 – 20, 2011, SRMC failed to safeguard the patient’s PHI from any impermissible intentional or unintentional disclosure on multiple occasions in connection with its response to media coverage arising from a Medicare fraud story including:

On December 13, 2011, for instance, OCR reports SRMC’s parent company sent a letter to California Watch, responding to a story about Medicare fraud. The letter described the patient’s medical treatment and provided specifics about her lab results even though SRMC did not have a written authorization from the patient to disclose this information to this news outlet.
On December 16, 2011, two of SRMC’s senior leaders also met with The Record Searchlight’s editor to discuss the patient’s medical record in detail even though SRMC did not have a written authorization from the patient to disclose this information to this newspaper.
On December 20, 2011, SRMC sent a letter to The Los Angeles Times, which contained detailed information about the treatment the patient received when, again, SRMC did not have a written authorization from the patient to disclose this information to this newspaper.

In addition, OCR found SRMC impermissibly used the affected party’s PHI when on December 20, 2011, SRMC sent an email to its entire workforce and medical staff, approximately 785-900 individuals, describing, in detail, the patient’s medical condition, diagnosis and treatment. SRMC did not have a written authorization from the patient to share this information with SRMC’s entire workforce and medical staff.

SRMC Must Correct & Pay $$275K Penalty

Under the Resolution Agreement, SRMC pays a $275,000 monetary settlement and agrees to comply with a CAP for the next year.

The CAP requires SRMC to update its policies and procedures on safeguarding PHI from impermissible uses and disclosures and to train its workforce members. The CAP also requires fifteen other hospitals or medical centers under the same ownership or operational control as SRMC to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media.

The Resolution Agreement specifically requires that Shasta Regional Medical Center, among other things:

To update policies to include specific policies about sharing PHI with the media, members of the workforce not involved in an individual patient’s care and others to comply with HIPAA;.
To provide updated policies to OCR for approval;
To provide training documented with certification of all workforce members before allowing them to get access to PHI;

SRMC is one of several Prime Healthcare Services facilities under common ownership and control. The Resolution Agreement also requires corrective action at these commonly owned facilities including California-based Alvarado Hospital Medical Center in San Diego, Centinela Hospital Medical Center in Inglewood, Chino Valley Medical Center in Chino, Desert Valley Hospital in Victorville, Garden Grove Hospital Medical Center in Garden Grove, La Palma Intercommunity Hospital in La Palma, Paradise Valley Hospital in National City, San Dimas Community Hospital in San Dimas, Shasta Regional Medical Center in Redding, and West Anaheim Medical Center in Anaheim; Saint Mary’s Regional Medical Center in Reno, Nevada; Pennsylvania based Lower Bucks Hospital in Bristol and Roxborough Memorial Hospital in Philadelphia;and Texas-based Dallas Medical Center in Dallas, Harlingen Medical Center in Harlingen, Pampa Regional Medical Center in Pampa. Among other things, the Resolution Agreement requires that for each of these related facilities:

The CEO and Privacy Officer of each facility must give OCR a signed affidavit stating that they understand that the Privacy Rule protects an individual’s PHI is protected by Privacy Rule even if such information is already in the public domain or even though it has been disclosed by the individual; and that disclosures of PHI in response to media inquiries are only permissible pursuant to a signed HIPAA authorization; and
Ensure all members of their respective workforce are informed of this policy.

The Resolution Agreement highlights the difficulty that health care providers and other covered entities often face in properly recognizing and handling PHI in the case of fraud or other disputes. While health care providers have an understandable wish to defend themselves in the media and elsewhere in response to charges of misconduct, today’s settlement shows that improperly sharing PHI of each patient in the process will make matters much worse. It’s important to keep in mind that just omitting to mention the name or other common identifying information may not overcome this concern because information about a patient can be considered individually identifiable and to enjoy protection under HIPAA where the facts and circumstances would allow another person to know or determine who the individual is, even if the specific name, address or more common identifying information is not shared.

Furthermore, the settlement also makes clear that merely because the patient or some other party has shared the same information with the media or others does not excuse the health care provider or other covered entity or business associate from the obligation to keep confidential the PHI unless it gets proper consent or otherwise can show that an exception to HIPAA applies.

Finally, the Resolution Agreement also makes clear that OCR expects covered entities to connect their HIPAA compliance with other policies and operations and will hold covered entities and associates accountable for properly integrating, training workforce and enforcing compliance with these policies. While this means that covered entities and business associates may find themselves in the uncomfortable situation of facing unsavory reports and rumors without the ability to respond, the significant civil and even criminal penalties that can arise from violation of HIPAA make it critical that covered entities exercise discipline in responding to avoid sharing PHI improperly.

The 2013 Regulations Overview

Adding a review and update of HIPAA and other policies for communicating with the media and internally on matters that may involve use or discussions of PHI in unusual contexts outside the purview of typically HIPAA policies is a good idea while health plans and other covered entities and business associates are updating their existing policies and practices for compliance with updated Omnibus HIPAA Rules (2013 Regulations) implementing HITECH Act amendments to the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Rulemaking announced January 17, 2013 may be viewed here.

Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates (“Covered Entities”) restrict and safeguard individually identifiable health care information (“PHI”) of individuals and afford other protections to individuals that are the subject of that information. The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that OCR found desirable based on its experience administering and enforcing the law over the past decade.

Since passage of the HITECH Act, OCR officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While OCR had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating OCR’s HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR’s interpretation and enforcement of HIPAA.

Among other things, the 2013 Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the way required by the 2013 Regulations;
Update OCR’s rules about the rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Liability & Enforcement Risks Heighten Need To Act To Review & Update Policies & Practices

The new Resolution Agreement and the growing list of others like it, as well as restated rules in the 2013 Regulations make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements.

OCR increasingly is imposing sanctions against a covered entity for data breaches to show the potential risks of HIPAA violations are significant and growing. OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

The SRMC Resolution Agreement again shows the growing risk of enforcement that health care providers, health plans, health care clearinghouses and their business associates face as OCR continues its audits and enforcement, new Omnibus HIPAA Regulations implementing the HITECH Act amendments to HIPAA and state and federal liability grows.. See e.g., $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

For more information about HIPAA compliance and risk management tips, see here.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

About Solutions Law Press, Inc.™

Comments Off on HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Employer, Employment, Health Care, Health Plans, HIPAA, Hospitals, OCR, Office of Civil Rights, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Consider OCR Technical Corrections When Updating Privacy Practices & Agreements For Omnibus Restatement of HIPAA Privacy, Security, Breach Notification & Enforcement Rules

June 6, 2013

The Department of Health & Human Services Office of Civil Rights (OCR) on June 6, 2013 released an advance copy of to Technical Corrections (Technical Corrections) to the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notifications Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule (Omnibus Rule) previously published on January 25, 2013. Health plans, health care clearinghouses, health care providers and their business associates will want to be sure to take into account the Technical Corrections as they rush to update business associate agreements, policies, practices, training and other HIPAA compliance to comply with the Omnibus Rule changes by the September 2013 deadline.

Technical Corrections To Omnibus Rule Released

OCR published the Omnibus Rule to implement changes to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules (“the HIPAA Rules”) enacted by the Health Information Technology for Economic and Clinical Health Act (“the HITECH Act”) and section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008, as well as to address public comment received on the interim final Breach Notification Rule and to other changes to the HIPAA Rules. The Technical Corrections are scheduled for publication in the Federal Register on June 7, 2013.

The Technical Corrections correct various typographical errors and other oversights in the Omnibus Regulations as originally published. While many of these corrections have limited material impact, certain corrections do have substantive implications. For instance, by correcting errors in references to other provisions of the Omnibus Regulations, the Technical Corrections clarify that the authority of OCR to grant an extension of time pursuant to § 160.508(c)(5) for violations before February 18, 2009 also applies to violations occurring on or after February 18, 2009, as there is for violations occurring prior to February 18, 2009.

Health plans, health care clearinghouses and their business associates will need to review and take into account the Technical Corrections as they work to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the Omnibus Rule.

Get Moving To Update HIPAA Compliance For New Omnibus Rule Requirements As Amended By Technical Corrections

Covered entities and their business associates have a lot to accomplish between now and September to update their business associates and comply with other changes made by the Omnibus Rule by its September 2013 deadline. Among other things, the Omnibus Regulations:

Revise OCR’s HIPAA regulations to reflect the HITECH Act’s amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA’s civil and criminal penalties for violating HIPAA’s Privacy, Security, and Breach Notification rules;
Update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose PHI is breached, HHS and in some cases, the media when a breach of unsecured information happens;
Update interim enforcement guidance OCR previously published to implement increased penalties and other changes to HIPAA’s civil and criminal sanctions enacted by the HITECH Act;
Implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose PHI for marketing and fundraising purposes and prohibit Covered Entities from selling an individual’s health information without getting the individual’s authorization in the way required by the Omnibus Regulations;
Update OCR’s rules about the individual rights that HIPAA requires that Covered Entities to afford to individuals who are the subject of PHI used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic PHI in electronic form;
Revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of PHI protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
Clarifies and revises other provisions to reflect other interpretations and information guidance that OCR has issued since HIPAA was passed and to make certain other changes that OCR found appropriate based on its experience administering and enforcing the rules.

Liability & Enforcement Risks Heighten Need To Act To Review & Update Policies & Practices

The restated rules in the Omnibus Rule make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. OCR even prior to the regulations has aggressively investigated and enforced the HIPAA requirements. See, e.g., OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website; Providence To Pay $100000 & Implement Other Safeguards.

Coupled with statements by OCR about its intolerance, the HONI and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

All Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses; and other developments to decide if additional steps are necessary or advisable. In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to decide if tightening their policies, practices, documentation or training is necessary or advisable.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

About Solutions Law Press, Inc.™

Comments Off on Consider OCR Technical Corrections When Updating Privacy Practices & Agreements For Omnibus Restatement of HIPAA Privacy, Security, Breach Notification & Enforcement Rules | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

IRS Witholding Calculator Can Help Avoid Over & Underwithholding

April 21, 2013

If you have employees that had too much or too little tax taken out of their paychecks, refer them to this new YouTube video about using the IRS withholding calculator at inbox:body:0000000001510000020000000800000000000000:Read#Third.

For Help With These Or Other Matters

If you need assistance in conducting a risk assessment of or responding to an IRS, Labor Department or other legal challenges to your organization’s labor and employment, employee benefit or compensation practices, please contact the author of this update, attorney Cynthia Marcotte Stamer.

Ms. Stamer has more than 24 years experience advising and representing employer, employee benefit and other clients before the Internal Revenue Service, the Department of Labor, Immigrations & Customs, and other agencies, private plaintiffs and others on worker classification and related human resources, employee benefit, internal controls and risk management matters.

A featured presenter in the recent “Worker Classification & Alternative Workforce: Employee Plans & Employment Tax Challenges” teleconference sponsored by the American Bar Association Joint Committee on Employee Benefits, Ms. Stamer also is a widely published author and highly regarded speaker on these and other employee benefit and human resources matters who is active in many other employee benefits, human resources and other management focused organizations.

A Fellow in the American College of Employee Benefits Council, the immediate past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, the Vice Chair of the ABA TIPS Employee Benefits Committee, the Gulf States Area TEGE Council Exempt Organizations Coordinator, past-Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, and the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications.

You can learn more about Ms. Stamer and her experience, find out about upcoming training or other events, review some of her past training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer at www.CynthiaStamer.com.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.

For important information concerning this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Comments Off on IRS Witholding Calculator Can Help Avoid Over & Underwithholding | 105(h), Cafeteria Plans, COBRA, Corporate Compliance, Disability, Disability Plans, Discrimination, Employee Benefits, Employers, Employment Tax, ERISA, Fair Labor Standards Act, family leave, FMLA, Government Contractors, Health Plans, HIPAA, Human Resources, I-9, Immigration, Income Tax, Insurance, Internal Controls, Internal Investigations, Labor Management Relations, Leave, medical leave, Military Leave, Nonresident aliens, OSHA, Payroll Tax, Restructuring, Retirement Plans, Tax, Tax Qualification, Unemployment Benefits, Unemployment Insurance, Union, VEVRRA, Wage & Hour | Tagged: contract labor, Determination Letters, Employee, Employee Benefits, Independent Contractor, leased employee, misclassificaton, payroll tax, plan qualification, Retirement Plans, staffing, Tax, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Administration Proposes To Let PBGC Board Set Premiums In Effort To Shore Up Finances

April 10, 2013

The Obama Administration again is proposing that the Board of the Pension Benefit Guaranty Corporation (PBGC) get the power to set premium rates based on the financial soundness of company sponsors to shore up the agency’s finances in hopes of heading off the need for a government bailout of the agency’s liabilities.

PBGC, which insures traditional pensions offered by non-governmental employers continues to struggle for funding to meet the costs of funding its program of insuring failed private defined benefit pension plans. Always challenging, maintaining financial solvency has become particularly problematic with company failures soaring and investment returns down in the ailing economy. On November 16, 2012, the agency said its deficit increased to $34 billion, the largest in PBGC’s 38-year history.

The PBGC currently relies exclusively on premiums set by Congress and assets recovered from failed plans to operate and fund its private pension guarantee obligations. It presently doesn’t receive taxpayer dollars. Premiums, set by Congress, have historically been too low to meet the agency’s needs.

The Government Accountability Office issued a report saying Congress should consider “revising PBGC’s premium structure to better reflect the agency’s risk from individual plans and sponsors

The proposal to give the PBGC authority to determine premiums is intended to shore up the agency’s funding. “Without premium increases PBGC will be faced with requesting a taxpayer bailout or shutting down,” said PBGC Director Josh Gotbaum. “The current system punishes responsible companies by making them pay for the mistakes of others and punishes plans by raising rates just when companies can least afford it. Tha’s why administrations of both parties, and recently GAO, have supported giving PBGC what the FDIC has long had — the ability to set its own rates and to set them in ways that are fair.”

The Administration originally introduced the idea of allowing the PBGC to set its own premiums in 2012. It now has reintroduced the effort that ties premiums to company risk in its 2014 budget. Under the current proposal, the PBGC Board, which consists of secretaries of Labor, Commerce, and Treasury, with the secretary of Labor as chair, wouldn’t get the authority to set rates until 2015. The budget requires the board to perform a one-year study with a public comment period. Additionally, premium increases would be gradually phased in to give company sponsors time to prepare for the new rates.

For Help With These Or Other Matters

If you need help dealing with pension or other employee benefit funding, design or administration challenges, dealing with the PBGC, IRS, Labor Department or other agency or legal challenge to your organization’s existing employee benefit or other practices, or other workforce re-engineering, labor and employment, employee benefit or compensation practices, please contact the author of this update, attorney Cynthia Marcotte Stamer.

Ms. Stamer has more than 26 years experience advising and representing employer, employee benefit and other clients on human resources, employee benefit, internal controls and risk management matters including extensive work on workforce re-engineering and other human resources and employee benefits challenges of distressed and other companies, and related matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience worker classification and other employment, employee benefits and workforce matters, Ms. Stamer works extensively with employers, employee benefit plan sponsors, insurers, administrators, and fiduciaries, payroll and staffing companies, technology and other service providers and others to develop and operate legally defensible programs, practices and policies that promote the client’s human resources, employee benefits or other management goals. Ms. Stamer also is a widely published author and highly regarded speaker on these and other employee benefit and human resources matters who is active in many other employee benefits, human resources and other management focused organizations.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com.

Comments Off on Administration Proposes To Let PBGC Board Set Premiums In Effort To Shore Up Finances | 105(h), Cafeteria Plans, COBRA, Corporate Compliance, Disability, Disability, Disability Plans, Discrimination, Employee Benefits, Employers, Employment Tax, ERISA, Fair Labor Standards Act, family leave, FMLA, Government Contractors, Health Plans, HIPAA, Human Resources, I-9, Immigration, Income Tax, Insurance, Internal Controls, Internal Investigations, Labor Management Relations, Leave, medical leave, Military Leave, Nonresident aliens, OSHA, Payroll Tax, Restructuring, Retirement Plans, Tax, Tax Qualification, Unemployment Benefits, Unemployment Insurance, Union, VEVRRA, Wage & Hour | Tagged: Bankruptcy, contract labor, defined benefit, Determination Letters, distressed, Employee, Employee Benefits, Independent Contractor, leased employee, misclassificaton, payroll tax, PBGC, Pension, Pension Funding, plan qualification, Reengineering, Retirement Plans, staffing, Tax, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Businesses Urged To Strengthen Their Worker Classification Defenses As IRS, Other Agencies Step Up Audits & Enforcement

March 10, 2013

Businesses using non-employee workers should heed the recently announced expansion of the Internal Revenue Service (IRS) Voluntary Classification VCS Program (VCS Program) as yet another warning to clean up their worker classification practices and defenses for all workers performing services for the business in any non-employee capacity.

Relying upon misclassifications of workers as nonemployed service providers presents many financial, legal and operational risks for businesses. When businesses treat workers as nonemployees who render services in such a way that makes the worker likely to qualify as a common law employee, the business runs the risk of overlooking or underestimating the costs and liabilities of employing those workers. The enforcement records of the U.S. Department of Labor Wage & Hour Division contains a lengthy and ever-lengthening record of businesses subjected to expensive backpay and penalty awards because the business failed to pay minimum wage or overtime to workers determined to qualify as common law employees entitled to minimum wage and overtime under the Fair Labor Standards Act. See, e.g., Employers Should Tighten Worker Classification Practices As Obama Administration Moves To Stamp Out Misclassification Abuses; $1 Million + FLSA Overtime Settlement Shows Employers Should Tighten On-Call, Other Wage & Hour Practices; Employer Charged With Misclassifying & Underpaying Workers To Pay $754,578 FLSA Back Pay Settlement.

Originally announced on September 22, 2011 in Announcement 2011-64, the VCS Program as modified by Announcement 2012-45 continues to offer businesses a carrot to reclassify as employees workers misclassified for payroll tax purposes as independent contractors, leased employees or other non-employee workers backed by the enforcement stick of the IRS’ promise to zealously impose penalties and interest against employers caught wrongfully misclassifying workers. While the IRS’s VCS Program and stepped up audits of worker classification provide a strong incentive for business to address their worker classification risks, the IRS is only one of many agencies on the alert for worker misclassification exposures. Worker misclassification also impacts wage and hour, safety, immigration, worker’s compensation, employee benefits, negligence and a host of other obligations.

All of these exposures carry potentially costly compensation, interest, and civil and in some cases even criminal penalty exposures for the businesses and their leaders. Consequently, businesses should act prudently and promptly to identify and address all of these risks and move forward holistically to manage their misclassification exposures.

Agencies charged with enforcement of these other laws as well as private plaintiffs also are on the alert for and pursing businesses for aggressive misclassification of workers in these other exposure areas. Since most businesses uniformly classify workers as either employees or non-employees for most purposes, business leaders must understand and manage the full scope of their businesses’ misclassification exposures when charting and implementing their strategy in response to the VCS Program or another voluntary compliance program, responding to an audit or other agency action, addressing a private plaintiff suit or conducting other risk management and compliance activities impacting or affected by worker classification concerns.

VCS Program Offers Limited Worker Misclassification Exposure Relief

Worker misclassification impacts a broad range of tax and non-tax legal obligations and risks well beyond income tax withholding, payroll and other employment tax liability and reporting and disclosure. A worker classification challenge or necessity determination in one area inherently prompts the need to address the worker reclassification and attendant risks in other areas.

Typically, in addition to treating a worker as a non-employee for tax purposes, a business also will treat the worker as a non-employee for immigration law eligibility to work, wage and hour, employment discrimination, employee benefits, fringe benefits, worker’s compensation, workplace safety, tort liability and insurance and other purposes.

Health Care Reform To Increase Worker Classification Risks

Businesses can look forward to these risks rising in 2014, when the “pay or play” employer shared responsibility, health plan non-discrimination, default enrollment and other new rules take effect under the Patient Protection & Affordable Care Act (ACA). Given these new ACA requirements and the government’s need to get as many workers covered as employees to make them work, as well as existing laws, IRS and other agencies are expanding staffing and stepping up enforcement against businesses that misclassify workers.

Whether and how ACA’s “pay-or-play” employer shared responsibility payment, default enrollment, insured health plan non-discrimination and other federal health plan rules apply to a business’ health plan requires a correct understanding of what workers considered employed by the business and how these workers are counted and classified for purposes of ACA and other federal health plan mandates.

ACA and other federal health plan rules decide what rules apply to which businesses or health plans based on the number of employees a business is considered to employ, their hours worked, their seasonal or other status, and other relevant classification as determined by the applicable rule. The ACA and other rules vary in the relevant number of employees that trigger applicability of the rule and how businesses must count workers to decide when a particular rule applies. Consequently, trying to predict the employer shared responsibility payment, if any under Internal Revenue Code (Code) Section 4980H or model the burden or cost of any other federal health benefit mandates requires each business know who counts and how to classify workers for each of these rules. Most of these rules start with a “common law” definition of employee then apply rules to add or ignore various workers. Because most federal health plan rules also take into account “commonly controlled” and “affiliated” businesses’ employees when determining rule coverage, businesses also may need to know that information for other related or commonly owned businesses.

For instance, when a business along with all commonly controlled or affiliated employers, if any, employ a combined workforce of 50 or more “full-time” and “full-time equivalent employees” (Large Employer) does not offer “affordable,” “minimum essential coverage” to every full-time employee and his dependents under a legally compliant health plan that provides “minimum essential value” within the meaning of ACA after 2013, the business generally should expect to pay a shared responsibility payment under Code Section 4980H for each month after 2013 that any “full-time” employee receives a tax subsidy or credit for enrolling in one of ACA’s health care exchanges. The amount of this required shared responsibility payment will be calculated under Code Section 4980H based on the plan design and coverage the employer health plan offers and the required employee contribution for employee only coverage.

If the business intends to continue to offer health coverage, it similarly will need to accurately understand which workers count as its employees for purposes of determining who gets coverage and the consequences to the business for those workers that qualify as full-time, common law employees not offered coverage.

In either case, ACA uses the common law employee test as the basis for classification of workers both to determine what businesses have sufficient full-time employees to become covered under these rules, the payment, if any, required under Code Section 4980H’s new employer shared responsibility payment requirements, as well as the workers entitled to benefit from these rules under employer sponsored health plans. Accordingly, These the already significant legal and financial consequences for employers that misclassify workers will rise significantly when ACA gets fully implemented beginning in 2014.

Consider VCP Program Relief In Context Of Other Worker Classification Risks

As part of a broader effort to get businesses properly to classify and fulfill tax and other responsibilities to workers, the IRS is offering certain qualifying businesses an opportunity to resolve payroll liabilities arising from past worker misclassifications under the VCS Program. The VCS Program settlement opportunity emerged in 2011 as worker misclassification amid rising scrutiny and enforcement by the IRS and other agencies against businesses for misclassification related violations of the Code, wage and hour, safety, discrimination, immigration and various other laws.

Touted by the IRS as providing “greater certainty for employers, workers and the government,” the VCS Program offers businesses that meet the eligibility criteria for the program the option to resolve past payroll tax liability for the misclassified workers by paying a settlement payment of just over one percent of the wages paid to the reclassified workers for the past year and by meeting other program criteria. When a business meets the VCS Program requirements, the IRS promises not to conduct a payroll tax audit or assess interest or penalties against the business for unpaid payroll taxes for the previously misclassified workers covered by the VCS Program. For more detail, see New IRS Voluntary IRS Settlement Program Offers New Option For Resolving Payroll Tax Risks Of Misclassification But Employers Also Must Manage Other Legal Risks; Medical Resident Stipend Ruling Shows Health Care, Other Employers Should Review Payroll Practices; Employment Tax Takes Center Stage as IRS Begins National Research Project , Executive Compensation Audits.

The IRS hoped the threat of much larger liability if the IRS catches their misclassification in an audit would induce businesses to settle their exposure and come into compliance by participating in the VCS Program.

Part of the low participation stemmed from restrictions incorporated into the VCS Program. Not all businesses with misclassified workers qualified to use the program. The original criteria to enter the VCS Program established in 2011 required that a business:

Be treating the workers as nonemployees;
Consistently have treated the workers in the past as nonemployees;
To have filed all required Forms 1099 for amounts paid to the workers;
Not currently be under IRS audit;
Not be under audit by the Department of Labor or a state agency on the classification of these workers or contesting the classification of the workers in court; and
To agree to extend the statute of limitations on their payroll tax liabilities from three to six years.

After only about 1000 employers used the VCS Program to voluntarily resolve their payroll tax liability for misclassified workers, the IRS modified the program in hopes of making participation more attractive to businesses in Announcement 2012-45. As modified by Announcement 2012-45, employers under IRS audit, other than an employment tax audit, now qualify for the VCS Program. Announcement 2012-45 also eliminates the requirement that employers agree to extend their statute of limitations on payroll tax liability from three to six years.

A business that meets these adjusted criteria for participation now follows the following steps to enter the VCS Program:

Files the Form 8952, Application for Voluntary Classification Settlement Program, at least 60 days before the business plans to begin treating the workers as employees;
Adjusts its worker classification practices prospectively with respect to the previously misclassified workers;
Pays the required settlement fee; and
Properly classifies workers going forward.

While these changes may make participation in the VCS Program more attractive to some employers, many employers may view use of the VCS Program as too risky because of uncertainties about the proper classification of certain workers in light of the highly fact specific nature of the determination, as well as concerns about the effect that use of the VCS Program might have on the businesses non-tax misclassification exposures for workers that would be reclassified under the VCS Program.

Uncertainties Complication Worker Classification Risk Management

One of the biggest challenges to getting businesses to change their worker classifications is getting the businesses to accept the notion that long-standing worker classification practices in fact might not be defensible.

Although existing precedent and regulatory guidance makes clear that certain long-standing worker classification practices of many businesses would not hold up if scrutinized, business leaders understandably often discount the risk because these classifications historically have continued with little or no challenge in the past.

Even when business leaders recognize that changing enforcement patterns merit reconsideration of historical worker classification practices, they may be reluctant to reclassify the workers.

The common law employment test applied to decide if a worker is an employee for payroll, income tax, employee benefit plan and other purposes under the Code often relies on a subjective, highly fact-specific analysis of the particular circumstances of the worker. Employment status typically is presumed under the common law test for purposes of the Code and most other laws. This means that the business, rather than the IRS or other agency, generally bears the burden of proving the correctness of its classification of a worker as a non-employee for purposes of these determinations.

Given the business typically bears the burden of proving a worker is not an employee, a business receiving services from workers performing services in a capacity other than as a employee should ensure that the position in structural form and operation will withstand scrutiny under the common law and other applicable tests and retain the necessary evidence to support this characterization in anticipation of a potential future audit or other challenge.

Since the business can expect to bear the burden of proving the appropriateness of a nonemployee characterization, businesses also should exercise special care to avoid relying upon overly optimistic assessment of the facts and circumstances when assessing the defensibility of their characterization of the position.

When the factual evidence creates significant questions about the defensibility of a worker’s classification as a non-employee, an employing business generally should consider reclassifying or restructuring the position to be more defensible pursuant to a process designed to mitigate or resolve risks of the prior classification. Often, it also may be desirable for the business to incorporate certain contractual, compensation and other safeguards into the worker relationship, both to support the nonemployee characterization and to minimize future reclassification challenges and exposures.

Consider Importance of Attorney-Client Privilege As Risk Management Tool

Because of the broad reaching and potentially significant liability exposures arising from misclassification, business leaders generally should work to ensure that their risk analysis and decision-making discussion is conducted in a way that positions these discussions for protection under attorney-client privilege and attorney work product privilege.

The availability of the attorney-client and other evidentiary privilege to help shield the investigation and associated decision-making is particularly important because of the potentially significant civil and even criminal liability exposures that often arise from worker misclassification under various relevant laws.

The interwoven nature of the tax and non-tax risks merits particular awareness by business leaders of the need to use care in deciding the outside advisors and consultants that will help in the evaluation of the risks and structuring of solutions. With the VCS Program and other tax exposures in the limelight, businesses can expect that their accounting and other consultant advisors will recommend and even offer to lead the review. While appropriately structured involvement by these non-legal consultants can be a valuable tool, the blended nature of the misclassification exposures means that the evidentiary privileges that accountants often assert to help shield their tax related discussions from discovery in certain federal tax prosecutions are likely to provide inadequate protection against discovery given the broad non-tax related exposures inherent in the misclassification problem. For this reason, business leaders are urged to require that any audits and other activities by these non-legal consultants to evaluate or mitigate these exposures be engaged and conducted whenever possible within attorney-client privilege to protect and promote the ability to assert evidentiary protections against disclosure and discovery of sensitive discussions. Accordingly, while businesses definitely should incorporate appropriate tax advisors into the evaluation process, most businesses before commencing meaningful discussions with or engaging assessments by their accounting firm or other non-attorney tax advisor will want to engage counsel and coordinate their accounting and other non-attorney tax advisors” involvement and activities through qualified legal counsel to protect and maximize the ability to conduct the analysis of their risks and options within the protection of attorney-client privilege.

For Help With These Or Other Matters

If you need assistance in conducting a risk assessment of or responding to an IRS, Labor, HHS, DOJ, ICE, private claim or other legal challenges to your organization’s existing workforce classification or other labor and employment, employee benefit, compensation practices, compliance, or other internal controls and management concerns, please contact the author of this update, attorney Cynthia Marcotte Stamer.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experience worker classification and other employment, employee benefits and workforce matters, Ms. Stamer has more than 25 years experience advising and representing employer, employee benefit and other clients before the Internal Revenue Service, the Department of Labor, Immigration & Customs, Justice, and Health & Human Services, the Securities and Exchange Commission, Federal Trade Commission, state labor, insurance, tax and attorneys’ general, and other agencies, private plaintiffs and others on worker classification and related human resources, employee benefit, tax, internal controls, risk management and other legal and operational management concerns.

Ms. Stamer works extensively with employers, employee benefit plan sponsors, insurers, administrators, and fiduciaries, payroll and staffing companies, technology and other service providers and others to develop and run legally defensible programs, practices and policies that promote the client’s human resources, employee benefits or other management goals.

A Fellow in the American College of Employee Benefits Council, the immediate past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, the Vice Chair of the ABA TIPS Employee Benefits Committee, the Gulf States Area TEGE Council Exempt Organizations Coordinator, past-Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, and the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, Ms. Stamer also is a widely published author and highly regarded speaker on these and other employee benefit and human resources matters who is active in many other employee benefits, human resources and other management focused organizations who is published and speaks extensively on worker classification and related matters. She is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at www.solutionslawpress.com including:

For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

1 Comment | 105(h), Cafeteria Plans, COBRA, Corporate Compliance, Disability, Disability, Disability Plans, Discrimination, Employee Benefits, Employers, Employment Tax, ERISA, Fair Labor Standards Act, family leave, FMLA, Government Contractors, Health Plans, HIPAA, Human Resources, I-9, Immigration, Income Tax, Insurance, Internal Controls, Internal Investigations, Labor Management Relations, Leave, medical leave, Military Leave, Nonresident aliens, OSHA, Payroll Tax, Restructuring, Retirement Plans, Tax, Tax Qualification, Unemployment Benefits, Unemployment Insurance, Union, VEVRRA, Wage & Hour | Tagged: contract labor, Determination Letters, Employee, Employee Benefits, Independent Contractor, leased employee, misclassificaton, payroll tax, plan qualification, Retirement Plans, staffing, Tax, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Sequester Will Cut ACA Small Businesses Health Care Tax Credits

March 5, 2013

Even as small and other businesses are struggling to cope with rising rates and impending new rules under the Patient Protection and Affordable Care Act (ACA), small businesses now must deal with being sideswiped by sequester.

Sequester will hurt certain small employers that were counting on the Small Business Health Care Tax Credit (SBHCTC) to afford health care coverage for their employees.

Under the sequester requirements of the Balanced Budget and Emergency Deficit Control Act of 1985, as amended, certain automatic budget cuts went into effect on March 1, 2013. These required cuts include an 8.7% reduction to the refundable part of the SBHCTC for otherwise qualifying small employers under Internal Revenue Code § 45R. As a result, employers qualifying for the SBHCTC should expect to see an 8.7% percent reduction in the amount of reimbursement received for health premiums under the SBHCTC. The sequestration reduction rate will apply until the end of the fiscal year on September 30, 2013 or intervening Congressional action, at which time the sequestration rate is subject to change.

Aside from the effects of sequester, small and other businesses health care costs and responsibilities continue to be shaped by a deluge of new rules rolling out under ACA, the Health Insurance Portability & Accountability Act (HIPAA), the Family & Medical Leave Act, and a host of other laws. Stay tuned here for more updates.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

If you need help with other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other human resources, employee benefit, or other compliance, risk management, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Nationally recognized as a knowledgable and innovative health benefit thought leader by business and government leaders for her extensive work, publications and leadership on health benefit and insurance and other related employee benefits, insurance, human resources and health care matters, Ms. Stamer has advised and defended employer and other health plan sponsors, administrators and fiduciaries, insurers, and others about benefit design, compliance, administration and defense for more than 25 years. Her work includes highly pragmatic, leading edge work helping clients to design, deploy, administer and defend catastrophic, mini-med, expatriate and medical tourism, occupational injury and 24-hour coverage, HRA, HSA HFSA and other defined contribution, Medicare Advantage, and other health plans, policies and practices to comply with the Affordable Care Act, HIPAA, ERISA, COBRA, Mental Health Parity, Internal Revenue Code, labor and employment, privacy, managed care and insurance and other federal and state laws and regulations.

In addition to her extensive legal resume, Ms. Stamer also is a highly regarded industry thought leader and author with extensive involvement in the leadership of a broad range of professional and civic organizations. For instance, Ms. Stamer is the founder and executive director of the Coalition for Responsible Health Care Policy and its PROJECT COPE; The Coalition on Patient Empowerment; a Fellow in the American College of Employee Benefits Counsel, the American Bar Association and the State Bar of Texas; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group; the Immediate Past Chair of the ABA RPTE Employee Benefit & Other Compensation Committee and the current ABA RPTE Employee Benefit & Other Compensation Committee Welfare Benefits Committee Co-Chair; a Council Member of the ABA Joint Committee on Employee Benefits; Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; Immediate Past Gulf States Area TEGE Council Exempt Organization Coordinator; a current or former Editorial Advisory Board Member of Insurance Thought Leadership, HR.com, Employee Benefit News, the BNA Employee Benefits CD-Rolm and various other BNA HR and Employee Benefits publications; a former national board member and Dallas Chapter President of WEB, Network of Benefits Professionals; a former Southwest Benefits Association Board Member; the past Dallas HR Government Relations Committee Chair; a former SHRM Region IV Board Member and National Consultants Forum Board Member,; past Dallas Bar Association Employee Benefits & Compensation Committee Chair, and a former Texas Association of Business State Board and Regional and Dallas Chapter Chair.

About Solutions Law Press, Inc.™

Comments Off on Sequester Will Cut ACA Small Businesses Health Care Tax Credits | Corporate Compliance, Employers, Excise Tax, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Payroll Tax, Privacy, Risk Management, Tax, Tax Credit | Tagged: ACA, Employer, Employers, Employment, Health Care Reform, Health Plans, Labor Department, PPACA, Small Business Health Care Tax Credit, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Premier Insurance Services Pays $120,000 In Back Wages, Damages, Penalties Because Commission-Only Comp Violated Minimum Wage, Overtime Laws

March 2, 2013

Insurance brokerage and other businesses paying commission-only compensation should review the defensibility of their payment practices in response to the agreement by Premier Insurance Services (Premier) to pay $119,570 in minimum wage and overtime back wages, liquidated damages and civil money penalties.

The settlement arises from an investigation by the U.S. Department of Labor’s Wage and Hour Division (DOL) that determined that the insurer willfully violated minimum wage, overtime and record-keeping provisions of the Fair Labor Standards Act (FLSA). According to DOL, its investigators found that the commission-only pay practice used by the Colton, California-based employer at all of its locations resulted in employees being paid below the federal minimum wage and failing to receive an overtime premium for hours worked beyond 40 per week. DOL also charges that Premier failed to maintain employee time records.

The FLSA requires that covered, nonexempt employees be paid at least the federal minimum wage of $7.25 per hour for all hours worked, plus time and one-half their regular rates, including commissions, bonuses and incentive pay, for hours worked beyond 40 per week. Employers also are required to maintain accurate time and payroll records.

The FLSA provides that employers who violate the law are, as a general rule, liable to employees for their back wages and an equal amount in liquidated damages. Liquidated damages are paid directly to the affected employees.

Under the settlement, Premier will pay $43,297 in minimum wage and overtime back wages due to 90 employees and an equal amount in liquidated damages. Because of the willful nature of the violations, the employer will also pay $32,976 in civil money penalties.

Premier also signed a settlement agreement with the Labor Department in which it committed to implement a timekeeping system to document employees’ hours worked, assure payment of at least the federal minimum wage of $7.25 per hour and accurately determine and pay overtime.

The Premier settlement follows DOL’s settlement of a related case last year after investigators discovered similar violations involving Upland, California-based Speedlane Insurance Services. This company was owned and operated by a close relative of Premier’s owner. That investigation resulted in $200,000 in back wages due to 96 employees.

The DOL’s announcement of the settlements alerts employers of the need to ensure that commission-based compensation meet FLSA requirements.

“Paying employees on a commission-only basis does not give employers a green light to dodge minimum wage and overtime pay requirements,” said Priscilla Garcia, director of DOL’s West Covina District Office when announcing the Premier settlement. “Premier Insurance Services knowingly violated the most basic labor laws to make a profit at the expense of their employees. This case should put other employers on notice that if they fail to pay their employees in compliance with federal law, our department will not hesitate to investigate. Employers may be found liable not only for back wages, but also for liquidated damages and other penalties.” (Emphasis added).

FLSA Violations Generally Costly; Enforcement Rising

The enforcement record of the Labor Department confirms these risks and reflects DOL’s targeting of U.S. employers that violate wage and hour laws.

Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Millh ion+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay. In an effort to further promote compliance and enforcement of these rules, the Labor Department is using smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers. As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the Labor Department and private litigation.

Employers Should Strengthen Practices For Defensibility

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review of existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiation of proper corrective action after consultation with qualified legal counsel;
Review of existing documentation and record keeping practices for hourly employees;
Exploration of available options and alternatives for calculating required wage payments to non-exempt employees; and
Re-engineering of work rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

Comments Off on Premier Insurance Services Pays $120,000 In Back Wages, Damages, Penalties Because Commission-Only Comp Violated Minimum Wage, Overtime Laws | Corporate Compliance, Employers, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

OSHA Citation Of Michigan VA Reminder To Manage Workplace Safety

March 1, 2013

The U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) citation of the Battle Creek Veterans Administration Medical Center, following a safety inspection conducted in July as part of OSHA’s Federal Agency Targeting Inspection Program for seven notices of unsafe or unhealthful working conditions reminds employers that OSHA expects employers to maintain safe workplaces.

Under the Occupational Safety and Health Act, federal agencies must comply with the same safety standards as private-sector employers. According to OSHA, its inspection uncovered several repeat safety violations, as well as certain other serious safety violations.

OSHA reports that three repeat safety violations involved failing to evaluate the workplace to identify if permit-required confined spaces were present and label such spaces with danger signs; failing to adequately guard automated laundry equipment to prevent employees from entering the work area, and failing to fully guard the belt and pulley of an air compressor. To issue notices for repeat violations, OSHA must have issued at least one other notice for the same violation at one of the agency’s establishments within the same standard industrial classification code, commonly known as the SIC code. OSHA previously has cited U.S. Department of Veterans Affairs facilities in Danville and North Chicago, Illinois, and Minneapolis, Minnesota for the same safety and health violations.

The serious safety violations found included three serious safety violations for unguarded floor openings in the general repair shop; failing to inspect powered industrial trucks prior to placing them in service, and failing to remove trucks from service in need of repair. Additionally, OSHA found a circuit breaker panel was not mounted correctly. OSHA issues a serious notice when it finds a substantial probability that death or serious physical harm could result from a hazard about which the employer knew or should have known.

Beyond the repeated and serious violations, OSHA reports it also found one other-than-serious violation for failing to close unused openings on electrical cabinets and junction boxes. An other-than-serious violation is one that has a direct relationship to job safety and health, but probably would not cause death or serious physical harm.

The medical center has 15 business days from receipt of the notices to comply, request an informal conference with OSHA’s area director or appeal the notices by submitting a summary of the agency’s position on the unresolved issues to OSHA’s regional administrator.

While the medical center and other federal agencies are required to comply with the same OSHA rules as private sector employers, the VA and other federal agencies don’t face the same liabilities when cited. OSHA cannot propose monetary penalties against another federal agency for failure to comply with OSHA standards.

The risks for private sector employers is illustrated by another recent OSHA. OSHA recently cited Riddell All-American Sports Co. with eight serious violations following an OSHA investigation, which found that the company exposed workers to multiple safety and health hazards at its San Antonio facility. The violations include failing to ensure electrical equipment was free from recognized hazards, provide adequate machine guarding while employees operate industrial sewing machines and provide a fall protection program to prevent falls from the basket of a powered industrial truck. The Elyria, Ohio-based company, which employs about 25 workers in San Antonio, paints helmets for various sports. Proposed penalties total $44,000. Read the News Release.

Since private sector employers that don’t enjoy the VA’s immunity liability run much greater risks for failing to maintain workplace safety, including significant civil and in the case of a workplace death, potentially even criminal penalties, private sector hospitals and other organizations should exercise special care to ensure appropriate safety in their workplaces. “The Battle Creek Veterans Administration Medical Center failed to properly ensure the facility was in compliance with established safety and health procedures,” said Robert Bonack, director of OSHA’s Lansing Area Office. “All employers, including federal employers, are responsible for knowing what hazards exist in their facilities and taking appropriate precautions by following OSHA standards so workers are not exposed to such hazards.”

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on OSHA Citation Of Michigan VA Reminder To Manage Workplace Safety | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, Health, Hospital, IT, Labor Department, Medical Center, Minimum Wage, OSHA, Safety, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Labor Department Targeting Businesses Violating Overtime, Other Wage & Hour Laws

February 25, 2013

The Labor Department’s strong commitment to the investigation and enforcement of federal wage and hour law violations is reflected in its announcement of yet another wave of successful enforcement actions against a wide range of employers during December including the following:

Car Wash Employees Receive Back Wages. Labor Department officials say Genter’s Detailing Inc. in Frisco, Texas, has paid 53 detail and car wash employees $22,345, following a W&HD investigation that found the employer violated the Fair Labor Standards Act (FLSA) by making illegal deductions from employees’ wages for damages to dealership vehicles, resulting in wages below the federal minimum of $7.25 per hour. The company provides car wash and detailing services to car dealerships in the Dallas-Fort Worth area, in Katy and in Austin. More Details Here.

Oklahoma Electrical Services Company Pays Back Wages. Labor Department officials report Lighthouse Electric Inc. in Tulsa, Okla., has paid $42,452 in overtime back wages to 18 current and former electricians following an investigation that found Lighthouse Electric improperly failed to pay employees for time spent traveling to and from their facility to a work site in violation of the FLSA. More Details Here.

Web-based Auto Company Violated FLSA. Labor Department Officials report Auto Cricket Corp., doing business as AutoCricket.com, has agreed to pay $76,589 in back wages to 414 employees following a W&HD investigation that found the company deducted short rest periods as non-work hours from employee totals of hours worked in violation of the FLSA. Additionally, the company paid overtime for hours worked beyond 80 during a biweekly pay period, instead of time and one-half for all hours worked over 40 in a seven-day workweek. More Details Here.

South Carolina Restaurants Pay $391,000 in Back Wages. Labor Department officials report that three San Jose Mexican restaurants, individually owned and operated by Eraclio Leon, Gregorio Leon Sr. and Antonio Leon, have agreed to pay $390,960 in back wages to 37 employees after the W&HD found the South Carolina businesses violated the FLSA by failing to properly compensate employees for all work hours. Investigators determined that tipped employees, such as servers, were paid direct wages below $2.13 per hour and kitchen staff were paid flat salaries each month. More Details Here.

San Francisco Grocer to Pay Back Wages to 25 Workers. The Labor Department announced a U.S. District Court has ordered Casa Guadalupe to pay $110,071 in overtime back wages and liquidated damages to 25 current and former employees at its three San Francisco stores. The Labor Department also assessed $11,687 in civil penalties against the employer because of the willful and repeat nature of the violations. The grocery store chain admitted not paying required overtime wages. Investigators found similar violations in 2010 that resulted in $6,496 in overtime back wages due to three workers. More Details Here.

Environment Services Company Pays Back Wages To Misclassified Environmental Scientists. The Labor Department also announced that Groundwater and Environmental Services Inc., doing business as GES, will pay $187,165 in back wages to 69 employees after the W&HD found FLSA violations resulting from the company’s misclassification of junior environmental scientists and junior baseline samplers as exempt from overtime pay. The company collects water samples from property owners in close proximity to oil and gas well drilling sites for baseline sampling surveys. The investigation was part of a Wage and Hour Division’s multiyear enforcement initiative focused on the oil and gas industry. More Details Here.

Oklahoma Manufacturer Pays $85,000 for Overtime. Labor Department officials announced Deerebuilt LLC in Ardmore, Okla., has paid $85,105 in overtime back wages to 112 current and former employees following a W&HD investigation that found that the employer paid “straight time” for all hours worked, failing to pay overtime at time and one-half employees’ regular rates of pay for hours worked beyond 40 in a workweek, as required by the FLSA. The employer paid employees for overtime hours worked on weekends with separate checks, at straight-time rates. More Details Here.

Oklahoma City Company Faulted for FLSA & Davis-Bacon Violations. The Labor Department announced that Mallett Plumbing and Utility Co. in Oklahoma City has paid $100,264 in back wages to 19 current and former plumbers after an investigation found violations of the FLSA and the Davis-Bacon Act. The W&HD says the company failed to pay workers for overtime and failed to pay prevailing wage rates and fringe benefits. A W&HD investigation found Mallett Plumbing and Utility paid straight time for all hours worked and failed to pay employees the required wages and fringe benefits applicable to the classifications of work they performed while working on building alterations and construction projects for the Health Resources and Services Administration and the Federal Aviation Administration. More Details Here.

The Christmas Light Co. Inc. According to the Labor Department, an investigation by its Dallas Wage and Hour Division office found that The Christmas Light Co. Inc. violated the FLSA by failing to pay 233 installers and removers the minimum and overtime wages and keep records required by law. The complaint filed in the Northern District of Texas seeks back wages and liquidated damages of nearly $500,000 and an injunction against future violations of the FLSA.

FLSA Violations Generally Costly; Enforcement Rising

The enforcement record of the Labor Department confirms that the Labor Department’s suit against the Christmas Light Co. Inc. lawsuit is reflective of a strong enforcement commitment targeting U.S. employers using aggressive worker classification or other pay practices to avoid paying minimum wage or overtime to workers. Under the Obama Administration, DOL officials have made it a priority to enforce overtime, record keeping, worker classification and other wage and hour law requirements. See e.g., Boston Furs Sued For $1M For Violations Of Fair Labor Standards Act; Record $2.3 Millh ion+ Backpay Order; Minimum Wage, Overtime Risks Highlighted By Labor Department Strike Force Targeting Residential Care & Group Homes; Review & Strengthen Defensibility of Existing Worker Classification Practices In Light of Rising Congressional & Regulatory Scrutiny; 250 New Investigators, Renewed DOL Enforcement Emphasis Signal Rising Wage & Hour Risks For Employers; Quest Diagnostics, Inc. To Pay $688,000 In Overtime Backpay. In an effort to further promote compliance and enforcement of these rules, the Labor Department is using smart phone applications, social media and a host of other new tools to educate and recruit workers in its effort to find and prosecute violators. See, e.g. New Employee Smart Phone App New Tool In Labor Department’s Aggressive Wage & Hour Law Enforcement Campaign Against Restaurant & Other Employers. As a result of these effort, employers violating the FLSA now face heightened risk of enforcement from both the Labor Department and private litigation.

Employers Should Strengthen Practices For Defensibility

Audit of each position current classified as exempt to assess its continued sustainability and to develop documentation justifying that characterization;
Audit characterization of workers obtained from staffing, employee leasing, independent contractor and other arrangements and implement contractual and other oversight arrangements to minimize risks that these relationships could create if workers are recharacterized as employed by the employer receiving these services;
Review the characterization of on-call and other time demands placed on employees to confirm that all compensable time is properly identified, tracked, documented, compensated and reported;
Review existing practices for tracking compensable hours and paying non-exempt employees for compliance with applicable regulations and to identify opportunities to minimize costs and liabilities arising out of the regulatory mandates;
If the audit raises questions about the appropriateness of the classification of an employee as exempt, self-initiate proper corrective action after consultation with qualified legal counsel;
Review existing documentation and record keeping practices for hourly employees;
Explore available options and alternatives for calculating required wage payments to non-exempt employees;
Consider advisability of tracking hours and activities of employees considered exempt;
Evaluate and manage risks of outsourced labor such as leased, contract or other similar “off-payroll” workers;
Re-engineerwork rules and other practices to minimize costs and liabilities as appropriate in light of the regulations and enforcement exposures; and
Consider and properly coordinate worker classification for health and other employee benefit plan eligibility and other purposes to mitigate risks from unanticipated employee benefit liabilities resulting from misclassification.

For Help With Investigations, Policy Updates Or Other Needs

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer often has worked, extensively on these and other workforce and performance related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press, Inc.™

New OCR HIPAA De-Identification Guidance Among Developments Covered In 12/12 HIPAA Update

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information about this communication click here.

Comments Off on Labor Department Targeting Businesses Violating Overtime, Other Wage & Hour Laws | Corporate Compliance, Employers, Human Resources, Internal Controls, Internal Investigations, Risk Management, Wage & Hour | Permalink
Posted by Cynthia Marcotte Stamer

HHS Releases Final Rule on Health Insurance Market, Rate Review, Pre-Existing Conditions & Other ACA Market Reform Rules

February 25, 2013

The U.S. Department of Health and Human Services (HHS) on February 22, 2013 released its Final Rule implementing many of the key market reform provisions of the Patient Protection and Affordable Care Act, as amended by the Health Care and Education Reconciliation Act of 2010 (the “Affordable Care Act”) applicable to non-grandfathered health plans and health insurance issuers.

The 145 page regulations and associated guidance package scheduled for official publication in the Federal Register on February 27, 2013 clarifies and implements the Affordable Care Act’s provisions relating to Guaranteed Availability and Renewability; Health Insurance Premiums; Single Risk Pool; Catastrophic Plans, Utilization Data Collection and Reporting under the Federal Rate Review Program and certain other matters.

Among other thing, the Final Regulations:

Clarify the approach HHS will use to enforce the applicable requirements of the Affordable Care Act with respect to health insurance issuers and group health plans that are nonfederal governmental plans
Amend the standards for health insurance issuers and states on reporting, utilization, and collection of data under the federal rate review program
Revise the timeline for states to propose state-specific thresholds for review and approval by the Centers for Medicare & Medicaid Services (CMS)
Allow health insurance issuers to vary the premium rate for health insurance coverage in the individual and small group markets only based on family size, geography, and age and tobacco use within limits
Direct health insurance issuers to offer coverage to and accept every employer or individual who applies for coverage in the group and individual market, subject to certain exceptions including how these requirements inter-relate with the Affordable Care Act’s restrictions on pre-existing condition limitations and exclusions
Direct health insurance issuers to renew or continue in force coverage in the group and individual market, subject to certain exceptions
Codify the requirement that issuers maintain a single risk pool for the individual market and a single risk pool for the small group market (unless a state decides to merge the markets into a single risk pool)
Outline standards for enrollment in catastrophic plans for young adults and people who cannot otherwise afford health insurance
Amend the standards under the rate review program in 45 CFR part 154 by among other things, changing the timeline for states to propose state-specific thresholds for review and approval by CMS, requiring health insurance issuers to submit data relating to proposed rate increases in a standardized format specified by the Secretary of HHS and modifying criteria and factors for states to have an effective rate review program

Along with responding to these regulations, health insurers, group health plans and their insurers and others need to stay tuned. These regulations are just one of a deluge of regulations and other interpretations that HHS and other agencies are rolling out in the rush to meet the impending deadlines for the implementaton of the Affordable Care Act. For instance, along with this guidance, HHS along with the Internal Revenue Service and Employee Benefit Security Administration also last week issued FAQ XII, which discusses the co-pay, deductible and certain other aspects of the cost sharing limits of the Affordable Care Act. In previous weeks, the agencies also have issued or proposed regulations about waiting period, employer shared responsibility, essential health benefits, and various other elements of the rules. Additional guidance is impending.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

About Solutions Law Press, Inc.™

Comments Off on HHS Releases Final Rule on Health Insurance Market, Rate Review, Pre-Existing Conditions & Other ACA Market Reform Rules | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

FTC, HIPAA Rules Require Health Plans & Employers Strengthen Data Security on Mobile Devices and Applications

February 23, 2013

Thinking about or using mobile devices and applications in your heath care, health plan, workforce or related operations or struggling to meet the demands of employees, plan members or others to allow use of these tools? Be sure that you’ve taken appropriate steps to design, implement and manage legal responsibilities and risks associated with the development and use of these tools.

While the popularity, accessibility and cost-effectiveness of mobile devices and applications provides a strong incentive for health and other employee benefit plans, employers, their business associates, workforce members and customers to use mobile devices and applications, the use of these technologies and applications to collect, access, or use personal health care, financial, or other sensitive information presents special challenges and risks. Unfortunately, as the use of these tools proliferates, federal officials are increasingly concerned that the data security protections afforded by many of the devices and applications in use on these highly popular smart phone, tablet and other mobile devices and applications is highly lacking. See FTC Settlement With Mobile Device & App Developer Shows Developers & Businesses Need To Manage Mobile App & Data Security.

As federal regulators and law enforcement responds to growing concerns about cyber security and other risks, heath care, health plan and other businesses, their employees, customers, and other business partners jumping on the mobile device and application bandwagon, health, application bandwagon, and the device and application developers developing and offering these tools must take appropriate steps to manage the personal health, financial, and other sensitive information and data that these tools use, create, access or disclose.

Of course, most health plan sponsors, fiduciaries, administrators and service providers already recognize the need to use care when dealing with health plan data. The Health Insurance Portability & Accountability Act (HIPAA) generally requires that health care providers, health plans, health care clearinghouses and their businesses associates safeguard personal health care information or “PHI” and restrict its use, access and disclosure in accordance with the extensive and highly detailed requirements of the Privacy, Security and Breach Notification Regulations of the Department of Health & Human Services Office of Civil Rights (OCR).

OCR’s collection of several multi-million dollar settlements as well as its statements in its recent restated HIPAA regulations and other OCR guidance make clear that OCR views HIPAA as imposing significant responsibilities upon covered entities and their business associates to safeguard and restrict access to PHI on mobile devices and applications. OCR’s Long-Anticipated Omnibus HIPAA Privacy, Security, Breach Notification & Enforcement Rule Tightens Privacy Requirements, Require Action; Breaches resulting from the loss or theft of unencrypted ePHI on mobile or other computer devices or systems has been a common basis of investigation and sanctions since that time, particularly since the Breach Notification rules took effect. OCR Pops Idaho Hospice In 1st HIPAA Breach Settlement Affecting < 500 Patients; Providence To Pay $100000 & Implement Other Safeguards; OCR Hits Alaska Medicaid For $1.7M+ For HIPAA Security Breach; OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. These actions and statements of OCR provide a clear warning to HIPAA-covered entities and their business associates to expect significant consequences for failing to properly encrypt and safeguard ePHI used, accessed or disclosed on mobile devices and applications.

Of course, HIPAA isn’t the only law and health plans should not be the only area of concern when employers or their health or other employee benefit plan fiduciaries and service providers are considering mobile device and application use. In addition to HIPAA’s health plan requirements concerning PHI, mobile devices and applications used in connection with employment, benefit plan, and related operations also can trigger a host of privacy, data security and other rules requiring data security and other safeguards. Federal laws like the Internal Revenue Code, the Fair Credit Reporting Act, Graham-Leech-Biliey, the Fair & Accurate Credit Transactions Act (FACTA) or other Federal Trade Commission (FTC) Rules, state data security, data breach, identity theft or other privacy rules or both are just a few of the many and constantly expanding regulatory requirements that can apply. Depending on the nature of the data and the circumstances of the unanticipated use or disclosure, invasion of privacy or other common or statutory laws also may come into play.

With the use of these applications by consumers and business proliferates, Congress, OCR, the FTC, state regulators and others are upping the responsibilities and the liability of businesses that fail to appropriately consider and implement security in their mobile devices and applications. Following on OCR’s restatement of its HIPAA regulations, the Obama Administration’s announcement of new cyber security initiatives, and a plethora of other federal and state regulatory and enforcement actions against businesses for data security missteps, the FTC recently launched a campaign to ensure that companies secure the software and devices mobile device and application providers provide consumers.

Earlier this month, the FTC introduced Mobile App Developers: Start with Security, a new business guide that encourages app developers to aim for reasonable data security.

On June 4, 2013, the FTC also plans to host a public forum on malware and other mobile security threats in order to examine the security of existing and developing mobile technologies and the roles that various members of the mobile ecosystem can play in protecting consumers.

Along side this educational outreach, the FTC also is moving to punish businesses that fail to act responsibly to protect sensitive data. This trend is illustrated by the FTC’s announcement this week of its first settlement with a mobile device manufacturer.

FTC Charges Against HTC America

This week, the FTC announced that mobile device giant HTC American, Inc. will to settle FTC charges that the company failed to take reasonable steps to secure the software it developed for its smart phones and tablet computers and introduced security flaws that placed sensitive information about millions of consumers at risk.

A leading mobile device manufacturer in the United States, HTC America develops and manufactures mobile devices based on the Android, Windows Mobile, and Windows Phone operating systems. HTC America has customized the software on these devices in order to differentiate itself from competitors and to comply with the requirements of mobile network operators.

In its first-ever complaint against a mobile device or application developer, the FTC charged HTC America failed to incorporate and administer appropriate safeguards for personal financial and other sensitive data accessed and used in these applications when designing or customizing the software on its mobile devices. Among other things, the complaint alleged that HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties.

To illustrate the consequences of these alleged failures, the FTC’s complaint details several vulnerabilities found on HTC America’s devices, including the insecure implementation of two logging applications – Carrier IQ and HTC Loggers – as well as programming flaws that would allow third-party applications to bypass Android’s permission-based security model.

Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent. The FTC alleged that malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries about doctor’s appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the user’s geolocation information and the contents of the user’s text messages.

Moreover, the FTC complaint alleged that the user manuals for HTC Android-based devices contained deceptive representations, and that the user interface for the company’s Tell HTC application was also deceptive. In both cases, the security vulnerabilities in HTC Android-based devices undermined consent mechanisms that would have otherwise prevented unauthorized access or transmission of sensitive information.

HTC America Settlement

The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices. Under the settlement agreement, HTC American must:

Fix vulnerabilities found in millions of HTC devices;
Establish a comprehensive security program designed to address security risks during the development of HTC devices; and
Undergo independent security assessments every other year for the next 20 years.

HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers’ devices. Many consumers have already received the required security updates. The FTC is encouraging consumers using HTC America applications to apply the updates as soon as possible.

The FTC Commission vote to accept the consent agreement package containing the proposed consent order for public comment was 3-0-2, with Chairman Jon Leibowitz not participating and Commissioner Maureen Ohlhausen recused. The FTC will publish a description of the consent agreement package in the Federal Register shortly.

In accordance with FTC procedures, the settlement agreement will be subject to public comment through March 22, after which the Commission will decide whether to make the proposed consent order final. Interested parties can submit comments electronically or in paper form using instructions in the “Invitation To Comment” part of the “Supplementary Information” section. Comments in paper form should be mailed or delivered to: Federal Trade Commission, Office of the Secretary, Room H-113 (Annex D), 600 Pennsylvania Avenue, N.W., Washington, DC 20580. The FTC is requesting that any comment filed in paper form near the end of the public comment period be sent by courier or overnight service, if possible, because U.S. postal mail in the Washington area and at the Commission is subject to delay due to heightened security precautions.

Act To Manage Mobile Application Device & Security

Given the expanding awareness, expectations and enforcement of OCR, FTC and others, health care, health plan and other industry participants deciding whether and when to use, or allow others to use mobile devices or applications to access data or carry out other activities and the mobile device or other technology developers and providers offering products or services to these organizations must get serious about security.

These and other related activities send a clear message that health care, health insurance mobile device and application users and developers must incorporate and administer appropriate processes and safeguards to protect PHI, personal financial and other sensitive data. In response to these developments, industry mobile device and application developers and the health care, health insurance and other businesses must consider carefully before deploying or allowing others to deploy or use these tools in relation to data within their operations or systems. Before and when using or permitting customers, business partners, employees or others to use tools, these organizations must ensure the adequacy of the design and security safeguards for their devices, software and applications, as well as their disclaimers and associated consumer disclosures and consents. Because of the special legal and operational expectations for these organizations, health care, health insurance and other industry provides must resist pressure to allow the use of these tools unless and until they can verify that these legal and operational requisites are fulfilled.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

About Solutions Law Press, Inc.™

Comments Off on FTC, HIPAA Rules Require Health Plans & Employers Strengthen Data Security on Mobile Devices and Applications | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

3/13 JCEB Teleconference Explores Foreign Transferees: Outbound, Inbound, Equity And Treaty Issues

February 19, 2013

Cynthia Marcotte Stamer will share her insights on health and welfare benefit challenges for multinational employers as one of the featured panelists on the “Foreign Transferees: Outbound, Inbound, Equity And Treaty Issues” Teleconference hosted by the American Bar Association Joint Committee on Employee Benefits on March 13, 2013 from 10:00-11:30 a.m. Central Time.

Intended to help broad-based U.S. and European community benefits attorneys and others seeking to understand common and unique issues associated with employee transferees, granting of equity compensation and associated treaty issues, including:
Basic issues associated with transfers including granting of past service credits, vesting and distribution issues
Case studies involving employee transfers between the U.S. and the UK.
Use of international deferred compensation programs.
Unique health and welfare issues associated with international transfers.
Interesting/Global equity issues to avoid.

Moderated by Elizabeth Drigotas, PriceWaterhouseCoopers, Washington, DC, the program will feature a diverse and highly experienced group of distinguished government and private speakers including:

M. Grace Fleeman, Senior Technical Reviewer, Branch 1, (Associate Chief Counsel International)), Internal Revenue Service, U.S. Department of the Treasury, Washington, DC (invited)
Andrew C. Liazos, McDermott Will & Emery, Boston, MA
Matthew Preston, Clifford Chance, London, UK
Cynthia Marcotte Stamer, Cynthia Marcotte Stamer, PC, Addison, TX.

To register or for additional information, see here.

About Ms. Stamer

Sought out nationally and internationally as an industry thought leader and problem solver, attorney, Cynthia Marcotte Stamer has more than 25 years experience helping domestic and foreign private and public businesses, employer and union plan sponsors, health and other employee benefit plans, associations, their fiduciaries, administrators, and vendors, group health, Medicare and Medicaid Advantage, and other insurers, governmental and community leaders and others develop, implement, administer and defend creative, legally compliant and operationally effective health and other employee benefit, employment, insurance, pension and retirement, health care, workers’ compensation and workforce plans, practices, and policies.

Recognized in International Who’s Who, the founder and Executive Director of Project COPE: The Coalition on Patient Empowerment and its affiliate, the Coalition on Responsible Health Policy; a Fellow in the American College of Employee Benefits Counsel, American Bar Association, and State Bar of Texas; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Immediate Past Chair of the ABA RPTE Employee Benefit & Other Compensation Committee, current ABA RPTE Employee Benefit & Other Compensation Committee Welfare Benefits Committee Co-Chair and Substantive Groups Committee Member, and a Council Member of the ABA Joint Committee on Employee Benefits, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, and Immediate Past Gulf States Area TEGE Council Exempt Organization Chair, Ms. Stamer helps these and other clients. to design, document, administer and defend managed care and insurance programs, processes, and products; to monitor and manage evolving regulatory, contractual and fiduciary obligations and risks; to draft, negotiate, interpret and enforce managed care and other contracts, plan documents, insurance policies, administrative services agreements, and other agreements, policies, procedures and controls; to credential, monitor and manage fiduciaries, service providers, consultants and others providing services relating to programs; to conduct and defend litigation, audits, and other enforcement actions; to deal with legislators, regulators, auditors and others; and to fulfill legal obligations, mitigate legal risks and improve operational effectiveness.

As a core focus of her practice, Ms. Stamer continuously counsels, represents and defends self-insured and insured managed care and health, disability and welfare, pension, deferred compensation and other employee benefit plans; employer, association, insurer, and other employee benefit and insurance program sponsors; plan fiduciaries, administrators, brokers, consultants and other service providers; Medicare and Medicaid Advantage and other group, individual, stop-loss and other reinsurance, fiduciary liability and other insurers; health and insurance technology and other outsourcing companies; human resources, insurance and employee benefit consulting organizations; and other insurance, employee benefit and human resources industry clients, domestic and foreign governments and others about a diverse range of employee benefit, insurance, employment, tax, regulatory, risk management, public policy and related matters.

Ms. Stamer’s health benefit experience includes extensive and highly-innovative dealings with insured and self-insured managed care, defined contribution, indemnity and other health benefit, disability, life, occupational injury, Medicare and Medicaid Advantage, and other welfare benefit and insurance plans and policies; and a wide range of other employee benefits, compensation, insurance, equity and other related arrangements. Her work includes leading edge development and use of 24-hour coverage and other occupational injury, ex-pat and other medical tourism products, HRA, HSA, HRA and other defined contribution, hi-deductible, deductible reimbursement, min-med and other limited benefit plans, 24-hour and occupational benefit, fraternal benefit and association, and other medical programs as well as a broad range of claims, appeals, audit, and other administrative processes and tools designed to promote defensibility and mitigate risks.

Along side this domestic work, Ms. Stamer also has extensive international experience. A primary drafter of the Bolivian Social Security privatization law with extensive domestic and international regulatory and public policy experience, Ms. Stamer also has worked extensively domestically and internationally on design, administration, operations, compliance, public policy and regulatory, and other challenges arising in the administration of multinational workforces and populations. Throughout her career, Ms. Stamer has advised both U.S. based businesses and foreign owned or operated businesses about design and administration of employment, employee benefit, worker’s compensation, employment tax, occupational safety, discipline and promotion, collective bargaining, recruiting, compliance, risk management and other personnel practices for multinational workforces. She has worked extensively on the design and administration of pension, severance, health and other benefit and compensation programs for their multinational workforce. She assists businesses with cross-border and domestic employment, consulting, independent contractor, subcontractor, employee leasing and other staffing and vendor agreements; multinational Foreign Corrupt Practices Act, Federal Sentencing Guidelines, and other compliance programs and practices; design, drafting, interpretation, implementation, and coordination pension, health care, severance, education, insurance, employment, tax, unemployment, disability, and other programs and requirements; represents and advises businesses, associations and government agencies before U.S. and foreign governments in connection with tax, employment, and other compliance matters, trade relationships and missions, public policy advocacy.

A widely published author and highly sought out speaker whose HR & Benefits Update has been recognized as among the “Top 50” HR Blogs To Watch, Ms. Stamer also regularly authors materials and conducts workshops and professional, management and other training on employee benefits, human resources, health care and other compliance and management topics for the ABA, Aspen Publishers, the Bureau of National Affairs (BNA), SHRM, World At Work, Insurance Thought Leadership, Government Institutes, Inc., Solutions Law Press, Inc., the Society of Professional Benefits Administrators, HealthLeaders, Managed Care Executive, CEO Magazine, Business Insurance and many other industry, professional and business publications. An Editorial Advisory Board Member of the Institute of Human Resources (IHR/HR.com), Employee Benefit News, and other publications, Ms. Stamer also regularly serves on the faculty and planning committees of a multitude of symposium and other educational programs. For more details about Ms. Stamer’s services, experience, presentations, publications, and other credentials or to inquire about arranging counseling, training or presentations or other services by Ms. Stamer, see www.CynthiaStamer.com. Ms. Stamer also is widely recognized for her regulatory and public policy advocacy, publications, and public speaking on privacy and other compliance, risk management concerns. For the past two years, Ms. Stamer has serve as the appointed scribe for the ABA Joint Committee on Employee Benefits annual agency meeting with OCR and has lead numerous programs for the ABA and others on this topic. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

About Solutions Law Press, Inc.™

Comments Off on 3/13 JCEB Teleconference Explores Foreign Transferees: Outbound, Inbound, Equity And Treaty Issues | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

SLP Readers Get $400 Discount To Learn Key Health Care Reform Coping Strategies At 2/21-22 Employer Health & Human Capital Strategy Congress In Lake Mary, FL

February 5, 2013

Solutions Law Press, Inc. (SLP) readers qualify for up to a $400 discount on their registration to learn key insights from on strategies for charting the path forward to drive employee wellness, strengthen the workforce and impact global business competitiveness in the face of the impending health care reforms of the Patient Protection & Affordable Care Act from SLP Editor/Author Cynthia Marcotte Stamer and other leading employer health care decision makers at the 8^th Annual Employer Health & Human Capital Strategy Congress that the World Health Congress is hosting on February 21-22, 2013 at The Westin Lake Mary, Orlando North Conference Center in Lake Mary, Florida.

About the Program

Nationally recognized industry thought leader and attorney SLP Editor attorney Cynthia Marcotte Stamer will help kick off the program when she joins a panel of prominent HR leaders discussing “Assessing Alternatives and Opportunities: Defined Contribution and Exchanges-What are the Long-Term Implications on Your Human Capital Strategy” beginning at 9:30 a.m. on February 21, 2013.

Following this keynote panel, attendees also will learn other key ideas and strategies to help their organizations cope with Health Care Reform as they participate in a host of other insightful and timely presentations by dynamic team of prominent HR and other industry experts and network with other management and human resources leaders .including:

John Rother, National Coalition on Health care
Shawn Leavitt, Carlson Companies
Rebecca Mariet Lynn-Crockford, Suntrust Banks, Inc
Jo-Ann Gastin, Lockton Companies, LLC
Paul Grundy, M.D., Patient-Centered Primary Care Collaborative
Roger C. Merring, M.D., Perdue Farm Inc.
Sam Nussbaum, Wellpoint, Inc.
Benjamin H. Hoffman, M.D., GE Energy
Bruce Sherman, MD, Employers Health Coalition

For a full agenda and other details on the program, see here.

SLP Reader Registration Discount

SLP is delighted to announce that the World Health Congress is offering SLP readers the opportunity to claim a $400 discount off the otherwise applicable registration fee when registering for the program. To register and claim this discount, enter registration code “GHH925” at the designated location when registering for the program here.

About Ms. Stamer

Sought out nationally and internationally as an industry thought leader and problem solver, SLP Editor and author attorney, Cynthia Marcotte Stamer has spent more than 25 years helping private and public employers, employer and union plan sponsors, health and other employee benefit plans, associations, their fiduciaries, administrators, and vendors, group health, Medicare and Medicaid Advantage, and other insurers, governmental and community leaders and others develop, implement, administer and defend creative, legally compliant and operationally effective health and other employee benefit, employment, insurance, health care and workforce plans, policies, practices, operations and policies.

A primary drafter of the Bolivian Social Security privatization law with extensive domestic and international regulatory and public policy experience, Ms. Stamer also has worked extensively domestically and internationally on public policy and regulatory advocacy on health and other employee benefits, human resources, insurance, tax, compliance and other matters and representing clients in dealings with the US Congress, Departments of Labor, Treasury, Health & Human Services, Federal Trade Commission, HUD and Justice, as well as a state legislatures attorneys general, insurance, labor, worker’s compensation, and other agencies and regulators. Her Patient Empowerment Toolkit™, Play4Life Community Program™, and other patient empowerment, health care quality, and other industry thought leadership, advocacy and solutions have drawn the attention of business, government and community leaders for their insightfulness and practicality.

A widely published author and highly sought out speaker whose HR & Benefits Update has been recognized as among the “Top 50” HR Blogs To Watch, Ms. Stamer also regularly authors materials and conducts workshops and professional, management and other training on employee benefits, human resources, health care and other compliance and management topics for the ABA, Aspen Publishers, the Bureau of National Affairs (BNA), SHRM, World At Work, Insurance Thought Leadership, Government Institutes, Inc., Solutions Law Press, Inc., the Society of Professional Benefits Administrators, HealthLeaders, Managed Care Executive, CEO Magazine, Business Insurance and many other industry, professional and business publications. An Editorial Advisory Board Member of the Institute of Human Resources (IHR/HR.com), Employee Benefit News, and other publications, Ms. Stamer also regularly serves on the faculty and planning committees of a multitude of symposium and other educational programs. For more details about Ms. Stamer’s services, experience, presentations, publications, and other credentials or to inquire about arranging counseling, training or presentations or other services by Ms. Stamer, see www.CynthiaStamer.com or contact Ms. Stamer directly via email here or (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on SLP Readers Get $400 Discount To Learn Key Health Care Reform Coping Strategies At 2/21-22 Employer Health & Human Capital Strategy Congress In Lake Mary, FL | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Talks on “What the Wind Blew In: Coping with Health Care Reform: 2013 and Beyond” May 2 At 24th Annual RPTE Spring Symposia In Washington, D.C.

January 28, 2013

Cynthia Marcotte Stamer will a featured panelists discussing “What the Wind Blew In: Coping with Health Care Reform: 2013 and Beyond” on Thursday, May 2, 2013 at 24th Annual RPTE Spring Symposia at the Capital Hilton in Washington, DC. The Symposia scheduled to take place on May 2–3, 2013 will cover a broad range of timely topics on real estate, trusts and estates and other related concerns. To register, review the full agenda or get additional information about the Symposium, see here.

About Ms. Stamer

A noted Texas-based employee benefits and employment lawyer with extensive involvement in the leadership of the ABA and other professional organizations involved in employee benefits, health care and workforce matters, is nationally and internationally known for her innovative leadership and work as an attorney, consultant, policy advocate, speaker and author helping businesses, governments, and communities on health and other insurance and employee benefits, patient education and empowerment, wellness and disease management, and other programs, policies, and processes. For more than 24 years, Ms. Stamer’s legal practice has focused on advising and representing employers, insurers, health care providers, community leaders and governments about health care and employee benefits policy and process improvement, quality, performance management, education, compliance, communications, risk management, reimbursement and finance, and other related matters. In addition to her legal practice, Stamer also extensively consults and provides leadership to a broad range of clients, professional and civic organizations, and others on strategies for improving the health care system and the ability of health care providers, payers, employers, community organizations, government agencies to promote the ability of patients and their families to access cost-effective, quality, affordable health care and other resource needs. She also has worked extensively with a broad range of business and government clients on health care, pension, social security, workforce, insurance and many other related policy matters.

In addition to her service with the ABA, Ms. Stamer also is active in the leadership of a broad range of other professional and civil organizations. For instance, Ms. Stamer presently serves as Executive Director of Project COPE, the Coalition on Patient Empowerment and the Coalition for Responsible Healthcare Policy; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the American Bar Association RPTE Employee Benefits & Other Compensation Committee and its representative to the ABA Joint Committee on Employee Benefits and Vice Chair of its Welfare Benefits Committee; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; and as the Gulf Coast TEGE Council TE Committee Coordinator. She previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early retirement intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association; on numerous seminar faculties and in many other professional and civic leadership and volunteer roles.

Author of the hundreds of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. Nationally known for her work on health care reform and related matters, Ms. Stamer also regularly conducts training and speaks on these and other management, compliance and public policy concerns. For additional information about Ms. Stamer, upcoming training, publications or other materials or events, see here or contact Ms. Stamer directly via email here or (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Stamer Talks on “What the Wind Blew In: Coping with Health Care Reform: 2013 and Beyond” May 2 At 24th Annual RPTE Spring Symposia In Washington, D.C. | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

IRS Will Begin Accepting Returns Claiming Education Credits By Mid-February

January 28, 2013

As preparations continue for the Jan. 30 opening of the 2013 filing season for most taxpayers, the Internal Revenue Service has announced that it beginprocessing of tax returns claiming education credits n by the middle of February.

Taxpayers using Form 8863, Education Credits, can begin filing their tax returns after the IRS updates its processing systems. Form 8863 is used to claim two higher education credits — the American Opportunity Tax Credit and the Lifetime Learning Credit.

The IRS emphasized that the delayed start will have no impact on taxpayers claiming other education-related tax benefits, such as the tuition and fees deduction and the student loan interest deduction. People otherwise able to file and claiming these benefits can start filing Jan. 30, 2013

As it does every year, the IRS reviews and tests its systems in advance of the opening of the tax season to protect taxpayers from processing errors and refund delays. The IRS discovered during testing that programming modifications are needed to accurately process Forms 8863. Filers who are otherwise able to file but use the Form 8863 will be able to file by mid-February. No action needs to be taken by the taxpayer or their tax professional. Typically through the mid-February period, about 3 million tax returns include Form 8863, less than a quarter of those filed during the year.

The IRS remains on track to open the tax season on January 30 for most taxpayers. The January 30 opening includes people claiming the student loan interest deduction on the Form 1040 series or the higher education tuition or fees on Form 8917, Tuition and Fees Deduction. Forms that will be able to be filed later are listed on IRS.gov.

For Help With Compliance, Risk Management, Investigations, Policy Updates Or Other Needs

About Solutions Law Press, Inc.™

Comments Off on IRS Will Begin Accepting Returns Claiming Education Credits By Mid-February | Corporate Compliance, Employers, GINA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Internal Investigations, Privacy, Risk Management, Whistleblower | Tagged: Backpay, Employer, Employment, employment law, Fair Labor Standards Act, FSLA, IT, Labor Department, Minimum Wage, Technology, Wage & Hour, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Email Subscription

Pages

Recent Posts

Archives

Share this blog

Solutions Law Press HR & Benefits Update