Professional Liability |

IRS Shares Voluntary Correction Program Updates & Tips

October 2, 2023

The Internal Revenue Service (“IRS”) issued a series of updates and tips on the use of the Voluntary Correction Program (“VCP”) to correct eligible defects in qualified employee benefit plans.

Check the Status of your VCP Submission

VCP applicants frequently wonder about the status of their VCP Submission. Applicants may not check if their VCP submission has been assigned to a specialist by comparing the date of the submitter’s confirmation email to the date of the most recent VCP submissions that have been assigned to a specialist at at IRS.gov/VCPstatus.

Revised VCP Model Compliance Statement and Schedules

The IRS updated several fill-in VCP forms to revise outdated information, provide clarity, and make it easier to present some late amender failures that impact 401(a) and 403(b) retirement plans.

Plan sponsors can use the model compliance statement and schedules to make an IRS Voluntary Correction Program (VCP) submission. The model schedules (Forms 14568- A to 14568-I) contain standardized methods plan sponsors can use to correct common mistakes using VCP.

The IRS recently changed the following fill-in forms:

Form 14568, Model VCP Compliance Statement to update enforcement section language;
Form 14568-A, Model VCP Compliance Statement – Schedule 1: Plan Document Failures for 403(b) Plans for late amender failures only to provide a framework to present late amender failures that involve IRC 403 plans and standardized descriptions for some very common 403(b) plan document failures;
Form 14568-B, Model VCP Compliance Statement – Schedule 2: Nonamender Failures for 401(a) Plans for use only for late amendment failures to group failures pre-approved plans vs individually designed plans and failure descriptions for pre-approved plans to include the latest failures; to provide a framework to present failures involving individually designed plans not timely to comply with the Required Amendments List, or the Cumulative List (prior to 2017) and to allow for legit late interim amendment failures affecting a pre-approved plan to be presented as an “Other” failure in Section I C;
Form 14568-C, Model VCP Compliance Statement – Schedule 3: SEPs and SARSEPs is updated to include a direct link to the DOL VFCP calculator and increased to $250 the standardized narrative involving small excess amounts;
Form 14568-D, Model VCP Compliance Statement – Schedule 4: SIMPLE IRAs includes an pdated direct link to the DOL’s VFCP calculator and increased to $250 the standardized narrative involving small excess amounts.

No changes have been made to the other forms in the Form 14568 series (Form 14568-E through Form 14568-I).

Interim Guidance on EPCRS: Notice 2023-43

The IRS released guidance in the form of Q&A’s on changes made by the SECURE 2.0 Act to the Employee Plans Compliance Resolution System of voluntary correction programs for retirement plans. Notice 2023-43 provides interim guidance for taxpayers in advance of an update to EPCRS as outlined in Revenue Procedure 2021-30.

For more information on the correction programs available to correct mistakes in your retirement plan, go to IRS.gov/FixMyPlan.

We hope this update is helpful. Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy Group.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

©2023 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on IRS Shares Voluntary Correction Program Updates & Tips | Claims, Claims Administration, compliance, Corporate Compliance, Disability, employee, Employee Benefits, Employer, Employers, ERISA, Fiduciary Responsibility, health plan, Health Plans, HIPAA, Human Resources, Internal Investigations, Professional Liability, Reporting & Disclosure | Tagged: good health, Insurability, underwriting | Permalink
Posted by Cynthia Marcotte Stamer

Labor Department Mutual of Omaha Group Companies Warns Insurers, Plans To Timely Decide Insurability In ERISA-Covered Life, Disability & Other Plans

October 2, 2023

Employer and other plan sponsors, administrators, fiduciaries, and insurers of employment-based life and disability insurance programs requiring evidence of good health or other insurability should ensure their administrator or insurer timely makes and notifies participants of any insurability-based limitations or denials on eligibility or coverage in light of a new Department of Labor settlement with United of Omaha Life Insurance Co. (“United”) and United’s parent company — Mutual of Omaha Insurance Co. — and United’s subsidiary, Companion Life Insurance Co. (the “United Companies”) announced September 29, 2023. The settlement sends a strong message to insurers, fiduciaries, administrators and sponsors of life, disability of insurance plans and policies covered by the Employee Retirement Income Security Act of 1974 (“ERISA”) requiring evidence of insurability to ensure their own programs also timely decide and notify participants whether their plans’ insurability requirements are met after receiving enrollment applications.

While the Health Insurance Portability & Accountability Act (“HIPAA”) and Patient Protection & Affordable Care Act (“ACA”) generally prohibit insurability or other evidence of good health requirements in health plans, many ERISA-covered life, disability and other insurance programs continue to condition coverage on evidence of good health or other insurability requirements.

The United settlement requires the United Companies to revise their processes for administering requirements that participants in employer-sponsored life insurance plans provide proof of good health — referred to as evidence of insurability — before obtaining coverage in certain instances.

The settlement resolves a lawsuit filed by the Labor Department after an Employee Benefits Security Administration (“EBSA”) investigation into how United administered proof of good health eligibility requirements in ERISA-covered life insurance plans. The investigation found that United denied numerous claims based on a participant’s failure to provide evidence of insurability after accepting premiums for years without determining if insurability requirements were satisfied. The delayed determinations caused participants and their beneficiaries to believe they had coverage until after the participant died, United denied claims for benefits on the grounds United never received the participant’s evidence of insurability, leaving beneficiaries without life insurance benefits for which their loved one had paid.

United has advised the department that it has voluntarily reprocessed claims dating back to February 2018 to provide benefits for claims denied based solely on a participant’s failure to provide evidence of insurability. The settlement reached by the Labor Department’s Office of the Solicitor also requires the United Companies to decide insurability within 90 days after it receives a participant’s first premium payment. After the 90-day period expires, the United Companies cannot deny a claim for life insurance benefits for reasons related to evidence of insurability.

The Labor Department’s announcement of the settlement warns the Department stands ready to take similar enforcement action against other group plans that fail to decide insurability promptly and notify applicants promptly following enrollment. For instance, the announcement quotes Assistant Secretary for EBSA Lisa M. Gomez as saying, “The Employee Benefits Security Administration will take appropriate action against insurance companies that collect regular premium payments from plan participants without ensuring up front that participants have satisfied eligibility requirements like insurability, and later cite those requirements to deny benefits after the participant passes away.”

In light of this, and a prior similar enforcement action against another insurer in 2022, all sponsors, fiduciaries, administrators, and insurers of ERISA-covered group life, disability, or other insurance programs requiring insurability should verify the timeliness of insurability determinations made by their programs currently, and within the applicable statute of limitation period for claims.

About Solutions Law Press, Inc.™

Comments Off on Labor Department Mutual of Omaha Group Companies Warns Insurers, Plans To Timely Decide Insurability In ERISA-Covered Life, Disability & Other Plans | Claims, Claims Administration, compliance, Corporate Compliance, Disability, employee, Employee Benefits, Employer, Employers, ERISA, Fiduciary Responsibility, health plan, Health Plans, HIPAA, Human Resources, Internal Investigations, Professional Liability, Reporting & Disclosure | Tagged: good health, Insurability, underwriting | Permalink
Posted by Cynthia Marcotte Stamer

$80,000 Penalty Confirms Health Plans Exposure For Violating HIPAA Access Rights

September 15, 2023

An $80,000 penalty paid by UnitedHealthcare Insurance Company (“UHIC”) warns other insurers and other health plans, their fiduciaries and plan sponsors that failing to timely deliver requested protected health information triggers substantial Health Insurance Portability and Accountability Act (HIPAA) fines in addition to Employee Retirement Income Security Act (“ERISA”) Section 502(c) penalties and other related exposures and costs.

HIPAA Right Of Access Rule

The Department of Health & Human Services Office of Civil Rights (“OCR”) recently announced health insurance giant UHIC agreed in a resolution agreement to pay $80,000 to resolve a potential violation HIPAA’s access provision that requires health plans, health care providers and health care clearinghouses (“covered entities”) to provide patients access certain protected health information in a within 30 days of a request. In addition to the $80,000 payment, UHIC agreed to implement a corrective action plan and submit to OCR monitoring for a year.

The HIPAA Privacy Rule generally requires health plans and other covered entities to provide individuals, upon request, with access to the protected health information (PHI) about them in one or more “designated record sets” maintained by or for the covered entity after verifying the identity of the person requesting access. This right of access generally applies to all PHI other than:

PHI that is not part of a designated record set because the information is not used to make decisions about individuals;
Psychotherapy notes, which are the personal notes of a mental health care provider documenting or analyzing the contents of a counseling session, that are maintained separate from the rest of the patient’s medical record;; and
Certain information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.

Even for categories of excluded PHI, however, the right of access rule requires access to the underlying PHI from the individual’s medical or payment records or other records used to generate the excluded records or information remains part of the designated record set and subject to access by the individual.

Where applicable, the right of access requirement includes the right to inspect or obtain a copy, or both, of the PHI, as well as to direct the covered entity to transmit a copy to a designated person or entity of the individual’s choice. Individuals have a right to access this PHI for as long as the information is maintained by a covered entity, or by a business associate on behalf of a covered entity, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether the covered entity, another provider, the patient, etc.).

The Privacy Rules encourage health plans and other covered entities to offer individuals multiple options for requesting access. Covered entities may offer individuals the option of using electronic means (e.g., e-mail, secure web portal) to request access. Section 164.524(b)(1) of the Privacy Rule also generally allows a health plan or other covered entity subject to the right of access rule to require individuals to request access in writing, and if use of the covered entity’s form does not create a barrier to or unreasonably delay an individual’s access to his PHI, even to require individuals to use the entity’s own supplied form to make the request. However, the Privacy Rule prohibits health plans and covered entities from imposes unreasonable measures on an individual requesting access that serve as barriers to or unreasonably delay the individual from obtaining access.

While the Privacy Rule permits a covered entity to impose a reasonable, cost-based fee if the individual requests a copy of the PHI (or agrees to receive a summary or explanation of the information), Privacy Rule Section 164.524(c)(4) limits how much health plans and other covered entities can charge for copies. The fee may include only the cost of: (1) labor for copying the PHI requested by the individual, whether in paper or electronic form; (2) supplies for creating the paper copy or electronic media (e.g., CD or USB drive) if the individual requests that the electronic copy be provided on portable media; (3) postage, when the individual requests that the copy, or the summary or explanation, be mailed; and (4) preparation of an explanation or summary of the PHI, if agreed to by the individual. Section 164.524(c)(4) prohibits a covered entity from including costs associated with verification; documentation; searching for and retrieving the PHI; maintaining systems; recouping capital for data access, storage, or infrastructure; or other costs not beyond this specifically allowed in the Rule even if such costs are authorized by State law or other federal or state rules.

UHIC & Other OCR Right Of Access Resolution Agreements

Since OCR began enforcing HIPAA, OCR enforcement data has reflected widespread noncompliance by covered entities with the HIPAA right of access rule. In response to this compliance data, OCR since 2019 has prioritized investigation and enforcement of the right of access under its “Right of Access Initiative.” The UHIC resolution agreement announced August 24, 2023 is the forty-fifth Right of Access voluntary settlement and the first Right of Access case enforcement action involving a health plan covered entity announced by OCR under its Right of Access Initiative. All previously announced Right of Access Initiative resolution agreements involved complaints against health care provider covered entities.

The UHIC resolution agreement resolves charges arising from an OCR investigation into a March 2021 complaint that UHIC failed to provide required records in response to an individual’s request for a copy of their protected health information in the plan records. The individual first requested a copy of their records on January 7, 2021, but did not receive the records until July 2021, after OCR initiated its investigation. This was the third complaint OCR received from the complainant against UHIC alleging failures to respond to his right of access. OCR’s investigation determined that UHIC’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision.

Based on these findings, OCR found UHIC violated the right of access rule. To resolve exposure to potentially more substantial civil monetary sanctions authorized by HIPAA, UHIC agreed in the resolution agreement to pay an $80,000 monetary settlement and implement a corrective action plan that includes one year of monitoring by OCR. UHIC also incurred and is expected to incur substantial legal and other expenses in responding to the investigation, negotiating the resolution agreement, and to fulfill its obligations under the corrective action plan.

When announcing the results of the UHIC investigation and resolution agreement, OCR Director warned other health plans to ensure their right of access compliance. “Timely access to health information is one of the cornerstones of HIPAA. OCR will continue to ensure that covered entities with a record of delaying or denying access requests will be subject to enforcement,” said OCR Director, Melanie Fontes Rainer. “Health insurers are not exempt from the right of access and must ensure that they are taking steps to train their workforce to ensure that they are doing all they can to help members’ access to health information.”

ERISA Section 502(c) Penalty For Failing To Timely Respond To Member Information Request

Apart for the HIPAA right of access rule, failing to timely respond to member requests for plan information and records also can trigger substantial liability for ERISA-covered health plans and their plan administrators under ERISA.

In addition to the HIPAA Right of Access disclosure obligations ERISA-covered health plans and insurer also generally are required to disclose certain plan information when notifying plan members of adverse benefit determinations and within 30 days of a member’s request. ERISA’s claims and adverse benefit determination rules expressly obligate plan administrators to disclose certain information to plan participants and beneficiaries when providing notification of adverse claims determinations. Additionally, Section 104(b)(4) of ERISA requires plan administrators to provide participants with a copy of certain documents if the participant requests them in writing.

Evidence that an ERISA-covered health plan administrator or insurer violated these requirements when administering claims or other obligations frequently prevent or undermine the defensibility of health plan claim denials against ERISA investigations and participant or beneficiary claims related lawsuits. Beyond these litigation effects, ERISA Section 502(c) authorizes the Employee Benefit Security Administration (“EBSA”) to impose administrative penalties of $110 per day. Concurrently, ERISA Section 502(c) also empowers federal courts in the court’s discretion to hold a plan administrator that fails to provide the participant with information within the scope of the ERISA disclosure provision after 30 days from the request”, the plan administrator “may be personally liable to that participant or beneficiary for up to $110 a day from the date of such failure or refusal and “the court may in its discretion order “such other relief as it deems proper.” Both the adverse effects of noncompliance with claims and other disclosure requirements on the defensibility of claims denials and the potential significance of triggering Section 502(c) penalties is illustrated by the federal court’s ruling M.S. v. Premera Blue Cross, 553 F. Supp. 3d 1000 (D. Utah 2021). In addition to the undeniable role disclosure deficiencies played in the court’s decision to overturn the plan administrator’s denial of benefits, the District Court also imposed a statutory penalty of under Section 502(c) of $123,100 ($100 per day from the date of the participant’s first written request through the date of the court’s order finding Premera Blue Cross prejudiced the plan participants by failing to make required disclosures) pending its determination of the damages, attorney’s fees and costs, and equitable relief to award to the participants. The court imposed the Section 502(c) penalty against Premera Blue Cross in its capacity as a third-party administrator contracted with the plan sponsor that the plan documents named as the plan administrator based on the functional exercise by Premera of fiduciary duties in handling the claims and disclosures. It bears noting, however, that employers and others serving in named plan administrator or other fiduciary capacities frequently are held liable for acts or omissions of their contract administrators either by direct orders under ERISA or indirectly pursuant to contractual duties to defend and hold harmless the contract administrator plan vendors providing these services commonly include in administrative services contracts.

Plans Must Assure Timely Access & Disclosure

Health plans and health insurers must provide protected health information as required by HIPAA; plan disclosures required by ERISA. Plan sponsors, fiduciaries and administrators wishing to avoid liabilities for violation of either of these requirements should make the necessary contractual, policy and oversight arrangements to provide for timely delivery. Where administration if these duties is outsourced to an insurer or other service provider, the plan sponsor should serk contractual agreements that the vendor will pay costs and liabilities for untimely delivery and refuse to accept contractual language that might obligate the plan sponsor, plan fiduciaries l, or the plan to pay or reimburse those penalties.

If despite efforts to comply an impermissible delay in delivery happens, the responsible party should contact qualified legal counsel about pursuing prompt correction and other steps to mitigate or resolve exposures.

For More Information

About Solutions Law Press, Inc.™

Comments Off on $80,000 Penalty Confirms Health Plans Exposure For Violating HIPAA Access Rights | Claims, Claims Administration, compliance, Corporate Compliance, employee, Employee Benefits, Employer, Employers, ERISA, Fiduciary Responsibility, health plan, Health Plans, HIPAA, Human Resources, Internal Investigations, Professional Liability, Reporting & Disclosure | Permalink
Posted by Cynthia Marcotte Stamer

$1.25 Million Cybersecurity Breach Settlement & Other Heightening Enforcement Warn Health Plans & Others To Fix Cybersecurity

February 4, 2023

Phoenix-based nonprofit health system Banner Health and its affiliates (“Banner Health”) paid $1.25 million and agreed to take corrective actions to resolve its exposure to potentially much greater Health Insurance Portability and Accountability Act (HIPAA) Security Rule civil monetary penalty exposure for a 2016 cyber hacking breach that compromised the person health information of 2.81 million consumers. OCR used its February 2 announcement of the Banner Health settlement to warn health plans, health care providers, health care clearing houses (“covered entities”) and business associates covered by HIPAA to guard their own system containing protected health information against breach by cyber hacking even as the Department of Labor and other agencies are stepping up their cybersecurity rules, oversight and enforcement.

Banner Health Settlement

Banner Health is one of the largest non-profit health systems in the country, with over 50,000 employees and operating in six states. Banner Health is the largest employer in Arizona, and one of the largest in northern Colorado.

In November 2016, OCR initiated an investigation of Banner Health following the receipt of a breach report stating that a threat actor had gained unauthorized access to electronic protected health information, potentially affecting millions. The hacker accessed protected health information that included patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medications, diagnoses and conditions, and health insurance information.

OCR’s investigation found evidence of long term, pervasive noncompliance with the HIPAA Security Rule across Banner Health’s organization, a serious concern given the size of this covered entity. Organizations must be proactive in their efforts to regularly monitor system activity for hacking incidents and have measures in place to sufficiently safeguard patient information from risk across their entire network.

The potential violations specifically include: the lack of an analysis to determine risks and vulnerabilities to electronic protected health information across the organization, insufficient monitoring of its health information systems’ activity to protect against a cyber-attack, failure to implement an authentication process to safeguard its electronic protected health information, and failure to have security measures in place to protect electronic protected health information from unauthorized access when it was being transmitted electronically.

Under the Resolution Agreement and Corrective Action Plan negotiated to resolve these potential violations, Banner Health paid $1,250,000 to OCR. Banner Health also agreed to implement a corrective action plan, which identifies steps Banner Health will take to resolve these potential violations of the HIPAA Security Rule and protect the security of electronic patient health information that will be monitored for two years by OCR to ensure compliance with the HIPAA Security Rule. Under the corrective action plan, Banner has agreed to take the following steps:

Conduct an accurate and thorough risk analysis to determine risks and vulnerabilities to electronic patient/system data across the organization
Develop and implement a risk management plan to address identified risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI
Develop, implement, and distribute policies and procedures for a risk analysis and risk management plan, the regular review of activity within their information systems, an authentication process to provide safeguards to data and records, and security measures to protect electronic protected health information from unauthorized access when it is being transmitted electronically, and
Report to HHS within thirty (30) days when workforce members fail to comply with the HIPAA Security Rule.

OCR Warns Other HIPAA-Covered Entities

In the health care sector, hacking is now the greatest threat to the privacy and security of protected health information. OCR’sannouncement of the serrlement reports 74 percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents.

The announcement also notes OCR offers an array of resources to help health care organizations bolster their cybersecurity posture and comply with the HIPAA Rules,

The settlement and OCR’s announcement warn other covered entities and business associates to use these and other necessary resources to protect their systems with protected health information from cyber hacking and other breaches.

In conjunction with reminding other covered entities of these resources, the settlement announcement quotes OCR Director Melanie Fontes Rainer as warning, ‘Hackers continue to threaten the privacy and security of patient information held by health care organizations, including our nation’s hospitals, … It is imperative that hospitals and other covered entities and business associates be vigilant in taking robust steps to protect their systems, data, and records, and this begins with understanding their risks, and taking action to prevent, respond to and combat such cyber-attacks. … Cyber security is on all of us, and we must take steps to protect our health care systems from these attacks.”

OCR’s enforcement record confirms these are not idyl threats. Breaches of the Security or Breach Notification Rules often result in significant civil monetary penalty assessments or negotiated settlements to mitigate civil liability exposures arising out of such breaches. See e.g., Clinical Laboratory Pays $25,000 To Settle Potential HIPAA Security Rule Violations (May 25, 2021); Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People (January 15, 2021); Aetna Pays $1,000,000 to Settle Three HIPAA Breaches(October 28, 2020); Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People (September 25, 2020); HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual – (September 23, 2020); Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach (July 27, 2020); Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements (July 23, 2020).

Alerts issued by OCR regarding heightened security risks in recent months and a growing tide of highly publicized breaches send a strong warning to other covered entities and their business associates to reconfirm the adequacy of their own HIPAA privacy, security, breach notification and other procedures and protections by among other things:

Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected
violations or other indicia of potential security concerns.
Tracking and reviewing on a systemized, well-documented basis actual and near miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
Establishing and providing well-documented monitoring of compliance that includes board level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
Establishing and providing well-documented timely investigation and redress of reported
violations or other compliance concerns.
Establishing contingency plans for responding in the event of a breach.
Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.

Because susceptibilities in systems, software and other vendors of business associates, covered entities and their business associates should use care to assess and manage business associate and other vendor associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.

Beyond these HIPAA exposures, breaches and other HIPAA noncompliance carries other liability risks. Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders. For instance, the Department of Health & Human Services has warned health care providers participating in Medicare or other federal programs and Medicare Advantage health plans that HIPAA compliance is a program term of participation.

Health care providers and health insurers can face liability under state data privacy and breach, negligence or other statutory or common laws. In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards.

Health plans also face a myriad of other exposures from failing to use appropriate cyber safeguards. Plan fiduciaries of employment based health plans covered by the Employee Retirement Income Security Act (“ERISA”} risk liability under ERISA’s fiduciary responsibility rules. The Department of Labor Employee Benefit Security Administration (“EBSA”) now audits the adequacy of the cybersecurity and other HIPAA compliance of health plans and their third party administrators and other business associates as part of EBSA’s oversight and enforcement of ERISA. Department of Labor Assistant Secretary for EBSA Lisa Gomez confirmed audit and enforcement of cybersecurity obligations is a key priority in EBSA’s current work plan in her February 4, 2023 comments to the American bar Association.

Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other public companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations.

Furthermore, appropriate cyber security practices also may be advisable elements for organizations to include in their Federal Sentencing Guideline Compliance Programs to mitigate potential organization liability risks under federal electronic crime and related laws.

In the face of these risks and warnings, all covered entities and their business associates should reassess and confirm the adequacy of their and their business associates’ cyber security defenses and breach response preparations.

More Information

We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health, health plan and managed care industry legal, public policy and operational concerns.

Ms. Stamer’s work throughout her 35 year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As an ongoing component of this work, she regularly advises, represents and defends HIPAA covered entities, business associates and other organizations on HIPAA and other cyber, privacy and data security concerns and has published and spoken extensively on these concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Comments Off on $1.25 Million Cybersecurity Breach Settlement & Other Heightening Enforcement Warn Health Plans & Others To Fix Cybersecurity | Association Health Plan, Civil Monetary Penalties, Corporate Compliance, Cybercrime, Cybersecurity, Data Breach, Data Security, Electronic Medical Record, Emploeyrs, employee, Employee Benefits, Employer, Employers, Federal Sentencing Guidelines, FTC, Government Contractors, government employer, group health plan, health benefit, Health Benefits, health Care, Health Care Fraud, Health IT, health plan, Health Plans, HIPAA, HR, Human Resources, insurers, Internal Controls, Internal Investigations, Managed Care, Mental Health, pbm, Personal Health Records, Personal Health Recordss, pharmacy, Physician, Plan Admistrator, PPO, Professional Liability, Protected Health Information, Provider, provider contracting, Retaliation | Permalink
Posted by Cynthia Marcotte Stamer

2019 OCR Enforcement Shows Getting Defensibly HIPAA Compliant Necessary In 2020!

January 1, 2020

The $65,000 payment and corrective action plan commitments West Georgia Ambulance, Inc. (“West Georgia”) is making to settle Department of Health & Human Services Office for Civil Rights (“OCR”) charges it recurrently violated the Health Insurance Portability and Accountability Act (“HIPAA”) Security Rule and other 2019 HIPAA enforcement sends a clear warning to other HIPAA-covered health plans, health care providers, health care clearighouses and their business associates (“covered entities”) to maintain and be prepared to defend their own HIPAA compliance.

The Western Georgia Resolution Agreement and Corrective Action Plan (“Resolution Agreement”) OCR announced on December 30, 2019 resolves charges resulting from an OCR investigation initiated in response to a HIPAA breach report the Georgia based ambulance company filed in 2013 in which the company, which provides emergency and non-emergency ambulance services in Carroll County, Georgia, disclosed the loss of an unencrypted laptop containing the protected health information (PHI) of 500 individuals. The breach occurred when an unencrypted laptop fell off the back bumper of an ambulance. The laptop was not recovered. West Georgia reported that exactly 500 individuals were affected by the breach.

In the course of its investigation of the breach report, OCR’s investigation uncovered long-standing noncompliance with the HIPAA Rules, including failures to conduct a risk analysis, provide a security awareness and training program, and implement HIPAA Security Rule policies and procedures. Specifically, the Resolution Agreement states that West Georgia:

Did not conduct an accurate and thorough risk analysis of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI. See 45 C.F.R. § 164.308(a)(1)(ii)(A);
Failed to have a HIPAA security training program, and failed to provide security training to its employees. See 45 C.F.R. § 164.308(a)(5);
Failed to implement Security Rule policies or procedures. See 45 C.F.R. § 164.316; and
Despite OCR’s investigation and technical assistance, “did not take meaningful steps to address their systemic failures.”

To resolve its exposure to the substantially higher civil monetary penalties that OCR could impose for violations of this nature, West Georgia agreed to pay a $65,000 resolution payment to OCR and implement and comply with a corrective action plan that in addition to requiring West Georgia to correct the compliance deficiencies, also subjects West Georgia to two years of OCR monitoring and oversight.

The Resolution Agreement and corrective action plan carry a number of important messages for other health care providers and other Covered Entities. First, the OCR enforcement action against West Georgia coming at the end of yet another heavy HIPAA enforcement year by OCR reminds Covered Entities that OCR is serious about HIPAA enforcement on the heels of its 2018 HIPAA record setting collection of $28.7 million in civil monetary penalties and resolution payments including the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc. See OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement. While not topping this record, OCR during 2019 now has collected civil monetary penalties and resolution payments totaling more than $15 million from HIPAA Covered Entities and their business associates including:

Second, the Resolution Agreement and various other smaller settlements during the year show HIPAA compliance and enforcement is a concern for smaller provideres and other covered entities, not juswt the huge ones. While the $65,000 settlement payment required by the Resolution Agreement is substantially smaller than the amounts of the civil monetary penalties and many of resolution payments OCR collected in its other 2019 enforcement actions, the West Georgia and other 2019 enforcement actions demonstrate the teeth behind the warning in the OCR Press Release announcing the West Georgia Resolution Agreement from OCR Director Roger Severino that“All providers, large and small, need to take their HIPAA obligations seriously.” With OCR promises to keep up its vigorous investigation and enforcement of the HIPAA requirements, every Covered Entity and business associate should take the necessary steps to verify and maintain their HIPAA compliance and to be prepared to defend their compliance under the Privacy, Security, Breach Notification and HIPAA access and other individual rights mandates of HIPAA.

Third, OCR’s statement in the Resolution Agreement about the failure by West Georgia to meaningfully act to correct compliance deficiencies and cooperate in other corrective action during the period following the breach report highlights the importance for covered entities involved in a breach or other dealings with OCR on a potential compliance concern to behave appropriately to express and exhibit the necessary concern OCR expects regarding the compliance issue to position themselves to request and receive the clemency OCR is empowered under HIPAA to extend when deciding the sanctions for any noncompliance.

Of course meeting the requirements of HIPAA is not the only concern that covered entities should consider as they review and tightened their HIPAA and other privacy and data security procedures. Health care providers and other covered entities also should keep in mind their other obligations to protect patient and other confidential information under other federal laws, the requirements of which also are ever-evolving. For instance, on January 1, 2020 Texas providers like other Texas businesses will become subject to a shortened deadline for providing notice of data breaches under a new law enacted by the Texas Legislature in its last session. Arrangements should be designed to fulfill all of these requirements as well as any ethical or contractual.

Covered entities also should keep in mind that violations of HIPAA can have implications well beyond HIPAA.ramifications beyond HIPAA itself. For instance, heath care providers can face disqualification from federal program participation, licensing and ethics discipline and other professional consequences. Health plans and their fiduciaries also may face Department of Labor and other fiduciary claims, while insurers can face licensing and other regulatory consequences. The Labor Department followed up on previous warnings that health plan fiduciaries duties include a fiduciary duty to protect health plan data by adding HIPAA compliance to certain health plan audits. Insurers, third of art administrators and others also can face duties and liabilities under state insurance and data privacy laws from regulator or private litigant actions.

For More Information

We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.

About the Author

Scribe for the ABA JCEB Annual Agency Meeting with the Department of Health & Human Services Office of Civil Rights, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer has extensive legal, operational, and public policy experience advising and representing health care, health care and other entities about HIPAA and other privacy, data security, confidentiality and other matters.

Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services, public and private primary, secondary, and other educational institutions, and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has recurrently worked extensively with public school districts and public and private primary and secondary schools, colleges and universities, academic medical, and other educational institutions, insured and self-insured health plans; domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, employers; and federal and state legislative, regulatory, investigatory and enforcement bodies and agencies on health care, education, and other data privacy, security, use, protection and disclosure; disability and other educational rights; workforce, and a host of other risk management and compliance concerns.

Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.

Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

©2019 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on 2019 OCR Enforcement Shows Getting Defensibly HIPAA Compliant Necessary In 2020! | Claims Administration, Corporate Compliance, Disease Management, employee, Employee Benefits, Employer, Employers, Employment, EMR, ERISA, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, Health IT, health plan, Health Plans, HIPAA, Identity Theft, insurance fraud, insurers, Internal Controls, Internal Investigations, Internet, Managed Care, Mental Health Parity, Physician, Plan Admistrator, PPO, prescription drugs, Privacy, Professional Liability, Protected Health Information, Provider, provider contracting, Risk Management, Security, Technology, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Flurry of Reform Activity Sign Employers, Health Plans Should Prepare To Respond To Last Minute Health Reforms This Fall

July 14, 2018

A flurry of activity in the House Ways & Means Committee and other Congressional committees over the past few weeks signals the advisability of keeping a close eye on health care and health benefit reform proposals this Summer in anticipation of both the Fall health benefit enrollment and renewal season and the mid-term November Congressional elections.

Coupled with the Trump Administration’s recent rollout of its long promised association health plan, short-term coverage and other regulatory reforms and promises of more changes to come, the ongoing attention paid by the Administration and Congress to health insurance and health care reform raises a strong possibility that employer, association, and other health plan sponsors, fiduciaries and their vendors that they and their plan members should be on watch for late-breaking developments that may require or warrant last minute changes to health benefit plan designs, communications, contracts or other key decisions.

With President Trump continuing to push for a wide range of health care reforms and health care and health benefit issues recognized as key voter concerns for the upcoming mid-term elections in November, the continued emphasis of the Republican-led Congress and federal regulators talking about their health care reform legislative agenda is not surprising. What may be more surprising to many is the intensity of the ongoing efforts in Congress to try to pass reform over the summer when many members of the House and Senate face tightly contested races in November.

Certainly continued Congressional commitment to pursue reform is evident from the House Ways & Means Committee’s health care heavy agenda of hearings and votes that this week alone resulted in its voting in favor of 11 health care reform bills promising new flexibility for employers about how to design their health plans and American families more health care choices and choice about how to pay for it and what coverage to buy popular with many providers, patients and employer and other health plan sponsors. While it remains to be seen if the House and Senate can agree on any or all of these proposal, the bi-partisan sponsorship of many of these proposals and the intensity of the focus of the Committee and others in Congress reflects a strong interest in health care reform by both parties leading up to November that could impact health benefit and other health care choices for providers, employers and American families in the Fall annual enrollment season.

The legislation passed by the Ways & Means Committee this weeks include bills that would:

Provide relief for employers relief from the Obamacare’s employer mandate and delay for an additional year the effective date of the widely disliked “Cadillac Tax;”
Overrule the “Use it Or Lose It” requirement in current Internal Revenue Regulations for healthcare flexible spending arrangement plans (HFSAs) that currently forces employers sponsoring HFSAs to draft their plans to require employees to forfeit unused salary reduction contributions in their HFSA accounts at the end of the year;
Offer individuals and families eligible for Obamacare created health premium subsidies more choice about where to obtain that coverage using their subsidies; and
Expand expand the availability and usability of HSAs in a multitude of ways.

Furthermore, a review of the Committee’s schedule makes clear that it isn’t finished with health care reform. After holding hearings on health savings account reforms and passing a flurry of health care reform bills intended to give employers relief from two key Obamacare mandates, to allow Obamacare subsidy-eligible Americans the choice to use the subsidies to purchase health care coverage not offered by the Obamacare exchanges, and a host of bills that would expand availability and usability of health savings account (HSA) and health care flexible spending account (HFSA) programs this week, the House Ways and Means Committee will turn its attention to health care fraud oversight and reform next week by holding hearings Tuesday on those health concerns. Health care providers, employer and other health plan sponsors, individual Americans and their families, and others interested in health benefit and health care reform will want to keep a close eye on these and other developments as Congress continues to debate health care reform in the runup to the upcoming 2018 health benefit plan renewal and annual enrollment season and November’s mid-term elections.

Committee Approved 11 Health Care Reform Bills This Week

As a part of its health reform efforts this week, the Committee voted to advance 11 health care reform bills offering new flexibility for employers about how to design their health plans and American families more health care choices and choice about how to pay for it and what coverage to buy popular with many providers, patients and employer and other health plan sponsors.

Among the approved legislation is a bill that would provide key relief for employers from certain key Obamacare mandates that have been widely unpopular with employers. H.R. 4616, the “Employer Relief Act of 2018,” sponsored by Rep. Devin Nunes (R-CA) and Rep. Mike Kelly (R-PA), which would give employers sponsoring health plans for their employees retroactive relief from Obamacare’s onerous employer mandate and delay for an additional year the effective date of another Obamacare requirement that when effective, will forces employers to pay the 40 percent tax on amounts paid for employer sponsored health care coverage that exceeds cost limits specified in the Obamacare legislation commonly known as the “Cadillac Tax.” Relief from the Cadillac Tax is widely perceived as benefiting bother employers and their employees, as its provisions penalize employers for spending more for employee health coverage than limits specified in the Obamacare law. These provisions also are particularly viewed by many as unfair because rising health plan costs since Obamacare’s passage make it likely that many employers will incur the tax penalty simply by sponsoring relatively basic health plans meeting the Obamacare mandates.

In addition to H.R. 4616, the Committee also voted to approve H.R. 6313, the “Responsible Additions and Increases to Sustain Employee Health Benefits Act of 2018,” sponsored by Rep. Steve Stivers (R-OH), which would overrule the “Use it Or Lose It” requirement in current Internal Revenue Regulations for HFSAs. Currently, this rule forces employers sponsoring HFSAs to draft their plans to require employees to forfeit unused salary reduction contributions in their HFSA accounts at the end of the year. The bill would allow employers to eliminate this forfeiture requirement so that employees could carry over any remaining unused balances in their HFSAs at the end of the year to use in a later year.

The Committee also voted to advance legislation to offer individuals and families eligible for Obamacare created health premium subsidies more choice about where to obtain that coverage. H.R. 6311, the “Increasing Access to Lower Premium Plans Act of 2018,” sponsored by Chairman Peter Roskam (R-IL) and Rep. Michael C. Burgess, M.D. (R-TX), would provide individuals receiving subsidies to help purchase health care coverage through the Obamacare-created health insurance exchange the option to use their premium tax credit to purchase health care coverage from qualified plans offered outside of the exchanges. Currently, subsidies may only be used to purchase coverage from health plans offered through the exchange, which often are much more costly and offer substantially fewer coverage options and less provider choice. In addition, the bill would expand access to the lowest-premium plans available for all individuals purchasing coverage in the individual market and allows the premium tax credit to be used to offset the cost of such plans.

Along with these reforms, the Committee also voted to pass a host of bills that would expand the availability and usability of HSAs including:

H.R. 6301, the “Promoting High-Value Health Care Through Flexibility for High Deductible Health Plans Act of 2018,” co-sponsored by Health Subcommittee Chairman Peter Roskam (R-IL) and Rep. Mike Thompson (D-CA), which seeks to expand access and enhance the utility of Health Savings Accounts (HSAs) by offering patients greater flexibility in designing their plan design while still being able to maintain their eligibility for HSA contributions.
H.R. 6305, the “Bipartisan HSA Improvement Act of 2018,” sponsored by Rep. Mike Kelly (R-PA) and Rep. Earl Blumenauer (D-OR), which also would expand HSA access and utility by allowing spouses to also make contributions to HSAs is their spouse has an FSA and lets employers offer certain services to employees through on-site or retail clinics.
H.R. 6317, the “Primary Care Enhancement Act of 2018,” co-sponsored by Rep. Erik Paulsen (R-MN) and Rep. Earl Blumenauer (D-OR), which seeks to protect HSA-eligible individuals who participate in a direct primary care (DPC) arrangement from losing their HSA-eligibility merely because of their participation in a DPC. In addition, it allows DPC provider fees to be covered with HSAs.
H.R. 6312, the “Personal Health Investment Today (PHIT) Act,” sponsored by Rep. Jason Smith (R-MO) and Rep. Ron Kind (D-WI), which seeks to fight obesity and promote wellness by allowing taxpayers to use tax-preferred accounts to pay costs of gym membership or exercise classes, children’s school sports programs and certain other wellness programs and activities.
H.R. 6309, the “Allowing Working Seniors to Keep Their Health Savings Accounts Act of 2018,” sponsored by Rep. Erik Paulsen (R-MN), which would expand HSA eligibility to include Medicare eligible seniors who are still in the workforce.
H.R.6199, the “Restoring Access to Medication Act of 2018,” sponsored by Rep. Lynn Jenkins (R-KS) and Rep. Grace Meng (D-NY), which would reverse Obamacare’s prohibition on using tax-favored health accounts to purchase over-the-counter medical products and would add feminine products to the list of qualified medical expenses for the purposes of these tax-favored health accounts.
H.R. 6306, the “Improve the Rules with Respect to Health Savings Accounts,” sponsored by Rep. Erik Paulsen (R-MN), which would increase the contribution limits for HSAs and further enhances flexibility in plans by allowing both spouses to contribute to make catch-up contributions to the same account and creating a new grace period for medical expenses incurred before the HSA was established.
H.R. 6314, the “Health Savings Act of 2018,” sponsored by Rep. Burgess (R-TX) and Rep. Roskam (R-IL), would expand eligibility and access to HSAs by allowing plans categorized as “catastrophic” and “bronze” in the exchanges to qualify for HSA contributions.

Committee Considers Health Care Fraud Next Week

The Committee next week will turn its attention to health care fraud by holding two hearings on Tuesday.

Tuesday morning, the Ways and Means Committee Oversight Subcommittee plans to hold a Hearing on Combating Fraud in Medicare: A Strategy for Success beginning at 10:00 AM Eastern Time; and
Tuesday afternoon, the Ways and Means Committee Subcommittee plans to hold a Hearing on Modernizing Stark Law to Ensure the Successful Transition from Volume to Value in the Medicare Program beginning at 2:00 PM.

Both hearings are scheduled to take place in Room 1100 Longworth and their proceedings will be live streamed on YouTube.

The Committee’s health care reform focus this week and next are reflective of the continued emphasis of members of Congress in both parties on health care reform legislation as they prepare for the impending mid-term elections in November. As a part of these efforts, the House and Senate already over the past several months have held a wide range of hearings in various committees and key votes on a multitude of reform proposals. Numerous other hearings and votes are planned over the next several months as Congressional leaders from both parties work to advance their health care agendas in anticipation of the upcoming elections.

Key health care and health benefit reform proposals that the Republican Majority has designated for priority consideration include:

Prescription drug costs by checking perceived negative effects of health industry and health plan consolidations involving large health insurers, pharmacy benefit management companies (PBMs), pharmacy companies and other health industry and health insurance organizations on health care costs and patient, plan sponsor and plan sponsor choice and health care quality;
Oversight and reform of existing STARK, anti-kickback and other federal health care rules and exemptions relied upon by PBMs and other health industry organizations;
Efforts to understand and address health care treatment, health care and coverage costs and related social concerns associated with mental health and opioid and other substance abuse conditions and their treatment;
Efforts promote health benefit and health care choice, affordability and coverage; improve patient and employer choice; promote broader health care access and quality; reduce counterproductive regulation; and other health insurance and care improvements through expanded availability of health savings accounts, direct primary care and other consumer directed health care options, association health plan and other program options, streamlining quality reporting and regulation, billing and coding, physician and other health care provider electronic billing and recordkeeping, and other provider, payer, employer, individual and other health insurance mandates and other federal health care and health plan rules; and
More.

Evolving Legislative & Regulatory Warrant Vigilance & Change Readiness

While the recurrent stalling of past reform efforts over the past few years calls into question whether any or all of these proposals can make it through the highly politicized and divided Congress, bi-partisian sponsorship of most of the bills reported out this week at least raises the possibility that some of these proposals enjoy sufficient bi-partisan support to potentially pass before the elections. With both parties viewing health care reform as a key issue in the upcoming elections, voter feedback on these proposals could play a big role in determining the prospects for passage this Summer.

Along with the ongoing Congressional reform efforts, the Trump Administration also continues to move forward on a series of regulatory reforms that also could impact health care and health benefit decisions and responsibilities later this year. Beyond the Administration’s implementation of its long promised and recently finalized and released association health plan, short term coverage and other health benefit rules, the Administration’s continued consideration of changes to essential health benefits and other Obamacare regulations, ongoing mental health, substance abuse, and prescription drug reform projects, and other proposed regulatory and enforcement changes are likely to require health plans, their sponsors, insurers, administrators, members and even providers to adapt to changes in federal health plan rules between now and year end.

Amid this shifting legal landscape, employer and other health plan sponsors, their insurers, vendors, providers and participants will want to remain vigilant and work to preserve the flexibility to respond to new rules or guidance likely to rollout over the next several months.

Staying on top of proposed reforms as the Summer progresses is important:

To provide timely input to Congress on proposed reforms of particular benefit or concern;
To help plan for and deal with rules changes that could impact their options and choices during the upcoming health plan renewal and enrollment season this Fall and going forward; and
To be prepared to make informed choices when voting in the upcoming mid-term Congressional elections in November.

Keeping informed about potential changes is only part of the challenge, however. Employer and other health plan sponsors, fiduciaries and service providers also generally should seek to negotiate vendor contracts that allow them the greatest possible flexibility to respond to changing rules, opportunities and requirements with minimum penalties and disruption when designing, negotiating and implementing vendor contracts, plan designs and plan enrollment and other processes and communications.

About the Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry, health and other benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; managed care organizations, insurers, self-insured health plans and other payers and their management; public and private, domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, health care accreditation, peer review and quality committees and organizations; managed care organizations, insurers, third party administrative services organizations and other payer organizations; billing, utilization management, management services organizations; group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; claims, billing and other health care and insurance technology and data service organizations; other health, employee benefit, insurance and financial services product and solutions consultants, developers and vendors; and other health, employee benefit, insurance, technology, government and other management clients.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompassess advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.

Beyond her public policy and regulatory affairs involvement, Ms. Stamer also has extensive experience helping these and other clients to design, implement, document, administer and defend workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; comply with requirements, investigate and respond to government; accreditation and quality organizations; private litigation and other federal and state health care industry investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, and change management; workforce and operations management, and other opportunities and challenges arising in the course of their operations.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.

Ms. Stamer has extensive health care reimbursement and insurance experience advising and defending plan sponsors, administrators, insurance and managed care organizations, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and employer and association group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions. Scribe for the ABA JCEB annual agency meeting with HHS OCR, she also has worked extensively on health and health benefit coding, billing and claims, meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical, workforce, consumer financial and other data confidentiality and privacy, federal and state data security, data breach and mitigation, and other information privacy and data security concerns.

Author of leading works on a multitude of health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative and CLE and Marketing Committee Chair, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer’s health industry clients include public health organizations; public and private hospitals, healthcare systems, clinics and other health care facilities; physicians, physician practices, medical staff, and other provider organizations; skilled nursing, long term care, assisted living, home health, ambulatory surgery, dialysis, telemedicine, DME, Pharma, clinics, and other health care providers; billing, management and other administrative services organizations; insured, self-insured, association and other health plans; PPOs, HMOs and other managed care organizations, insurance, claims administration, utilization management, and other health care payers; public and private peer review, quality assurance, accreditation and licensing; technology and other outsourcing; healthcare clearinghouse and other data; research; public and private social and community organizations; real estate, technology, clinical pathways, and other developers; investors, banks and financial institutions; audit, accounting, law firm; consulting; document management and recordkeeping, business associates, vendors, and service providers and other professional and other health industry organizations; academic medicine; trade associations; legislative and other law making bodies and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

©2018 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Flurry of Reform Activity Sign Employers, Health Plans Should Prepare To Respond To Last Minute Health Reforms This Fall | 105(h), 4980D, 4980H, 6039D, ACA, Affordable Care Act, Appeals, Association Health Plan, board of directors, Brokers, Cafeteria Plans, Claims, Claims Administration, COBRA, compensation, compliance, Contraception, Corporate Compliance, Electronic Medical Record, employee, Employee Benefits, Employer, Employers, Employment, Employment Tax, EMR, ERISA, Excise Tax, Excise Taxes, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, HR, Human Resources, Insurance, insurers, Internal Controls, Internal Revenue Code, Mental Health, Mental Health Parity, MEWA, Obamacare, Patient Empowerment, Patient Protection & Affordable Care Act, Pay, Payroll Tax, Plan Admistrator, Prescription Drugs, preventive care, Professional Liability, Risk Management, Technology, Uncategorized, Union, Wellness, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Confirm Your Benefit Plans Ready For New Disability Determination Rules on 1/1/18

December 14, 2017

Employer and other sponsors, fiduciaries, administrators and insurers of the Employee Retirement Income Security Act (ERISA)-covered employee benefit plans making disability-based benefit determinations should confirm that their plan documents, summary plan descriptions, procedures and claims and appeals notices are updated and ready to meet tightened new federal rules on disability-based benefit determinations applicable to all post December 31, 2017 claims under the restated Final Rule on Claims Procedure for Plans Providing Disability Benefits (“Disability Claims Rule”). Given the nature and scope of these new requirements, most covered plans will require specific action be taken before the new rules take effect to update plan documents, summary plan descriptions, notices, contracts, processes and procedures to meet the January 1, 2018 deadline.

The Disability Claims Rule published by the Department of Labor Employee Benefit Security Administration (“EBSA”) on December 19, 2016 generally require all ERISA-covered employee benefit plans making any disability benefit or other determination conditioned upon a finding of disability to comply with the new Disability Claims Rule for any claim received after December 31, 2017.

The new Final Disability Claims Rule will apply to all disability determinations made under any ERISA-covered plan after December 31, 2017, regardless of how the plan characterizes the benefit or whether the plan is a health or other welfare, pension, 401(k) plan or other savings plan.

Significant affirmative action is likely required to prepare covered plans to meet these requirements since most plans historically have not followed the detailed claims and appeals notification, independent and impartial decision-making, rescission, deemed exhaustion, “culturally and linguistically appropriate” and other procedural protections and safeguards based on EBSA’s previously adopted Patient Protection and Affordable Care Act (“ACA”) group health plan claims and appeals rules, which the Disability Claims Rules extend and make applicable to all ERISA-covered plans making benefit determinations based on disability. Covered plans making disability-based benefit or other covered determinations are likely to require updates to plan documents, insurance or administrative services contracts, summary plan descriptions and other plan communications, claims and appeals notices, and other related processes, procedures and documentation to meet these new requirements. Since certain requirements of the Disability Claims Rules like the summary plan description advance disclosure requirements are required to be provided before the claim is received, plans and their sponsors risk being accused of violating these requirements by waiting to update plans, their processes and materials until after claim involving a disability based determination arises.

Ensuring that impacted plans are updated before the January 1, 2018 deadline is important because the Disability Claims Rule, like the group health plan claims and appeals rules upon which it is based, also states that noncompliance with any of its requirements empowers a participant to immediately sue the plan for enforcement if his rights without further complying the the plan’s administrative procedures. Moreover, failing to comply with summary plan disclosure or claims or appeal adverse benefit determination notification requirements also may subject the plan administrator to administrative penalties under ERISA section 514(c). Consequently, employers and other plan sponsors, fiduciaries, administrators and insurers will want to act quickly to ensure that their plans, their summary plan descriptions and other communications, notices, processes, contracts and procedures are updated appropriately before January 1, 2018.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediatepast RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, BenefitsMagazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com such as the following:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ For information about republication, please contact the author directly. All other rights reserved.

Comments Off on Confirm Your Benefit Plans Ready For New Disability Determination Rules on 1/1/18 | 401(k), ACA, ADA, Affordable Care Act, Appeals, board of directors, Brokers, Cafeteria Plans, Claims, Claims Administration, compensation, compliance, Construction, Corporate Compliance, defined benefit plan, Defined Benefit Plans, defined contribution plan, Defined Contribution Plans, directors, Disability, Disability, Disability Plans, Drug & Alcohol, EBSA, employee, Employee Benefits, Employee Handbook, Employer, Employers, Employment, Employment Policies, ERISA, Executive Compensation, family leave, Fiduciary Responsibility, health benefit, Health Benefits, health insurance, Leave, Management, medical leave, Mental Health, Mental Health Parity, Obamacare, Patient Protection & Affordable Care Act, Pay, pension plan, Plan Admistrator, Professional Liability, third party administrators, Uncategorized, Union, Worker | Tagged: Appeals, Claims, defined benefit plan, Disability, Disability Insurance, Disability Plan, EBSA, Employee Retirement Income Security act, ERISA, Fiduciary Responsibility, pension plan | Permalink
Posted by Cynthia Marcotte Stamer

Consider Internal Investigation & Defense Costs When Administering Compliance Programs

December 5, 2017

The Justice Department’s report Tuesday that the Justice Department spent $3.2 million on Special counsel Robert Mueller’s Russia probe its first four-and-a-half months highlights the importance for leaders accountable for their organizations’s Federal Sentencing Guideline, sexual harassment and other corporate compliance programs to appropriately plan and budget for potential investigation and defense costs as part of their compliance and risk management planning.

Conducting an internal investigation or defending a government or other allegation of wrongdoing often proves surprisingly expensive. While how much an internal investigation costs can vary widely depending on the issue, its potential civil and criminal liability and public relations implications on the organization and its management, it’s timing, the adequacy of the pre-event compliance management and record keeping relating to the issue, and a host of other concerns, investigation and defense costs often become largely irrelevant when an organization is required to investigate or defend against charges of legal or other business misconduct that expose the organization or its leadership to potentially devastating legal or business consequences. When these events happen, organizations and their leaders often see little option to spend whatever is necessary to defend their organization and its reputation.

Compared to the reported internal investigation and defense expenditures of private sector organizations that have faced these these make or break investigations, the Justice Department’s reported expenditures to date on the Russian probe look small.

For instance, Twenty-First Century Fox in March, 2017 Securities and Exchange Commission (SEC) filings disclosed spending $45 million tied to litigation related to harassment allegations in the 9 first three quarters of 2017 and $10 million “related to settlements of pending and potential litigations” during its fiscal third quarter as well as having received investigative inquiries and stockholder demands to inspect the books and records of the company which could lead to future litigation in the aftermath of sexual harassment allegations at Fox News.

In contrast, Avon Products spent nearly $500 million conducting its internal investigation before paying a $135m fine to the US government to settle charges it violated the Foreign Corrupt Practices Act by giving Chinese authorities $8 million in gifts and cash while it sought to obtain the first “direct sell” license in China.

These and other publicly disclosed expenditures make clear that corporate officers and directors need to reassess their investment in compliance both to strengthen the effectiveness of their efforts and to plan to deal with the financial, legal, operational and other costs of investigating and defending potential charges.

Aboaut The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com such as the following:

DOL Announces $40M in Hurricane Unemployment Help

Employers Should Manage Potential Unfair Labor Practice Risks From Recording, Acceptable Use, Fighting, Integrity & Other Employment Policies.

Comments Off on Consider Internal Investigation & Defense Costs When Administering Compliance Programs | ADA, Affirmative Action, board of directors, Brokers, Child Labor, Civil Monetary Penalties, Civil Rights, Claims Administration, compliance, conflict of interest, Corporate Compliance, corporate governance, Data Breach, Data Security, directors, E-Verify, EEOC, Employers, Employment, Employment Discrimination, Employment Policies, Employment Tax, English As A Second Language, ERISA, Executive Compensation, Fair Credit Reporting Act, Fair Labor Standards Act, FICA, fiduciary duty, Fiduciary Responsibility, Financial Security, FINRA, FLSA, GINA, Government Contractors, h-2A Visa, health benefit, health plan, HIPAA, Human Resources, I-9, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Labor Management Relations, Leadership, LEP, LGBT, Management, Managment, Military Leave, Non-Compete, Nonresident aliens, occupational safety, OFCCP, officers, OSHA, Overtime, Pay, Plan Admistrator, Privacy, Professional Liability, Rehabilitation Act, Retaliation, Safety, Uncategorized, USERRA, VEVRRA, visas, Wage & Hour, Whistleblower, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Dealing With HR, Benefits & Other Headaches From Equifax and Other Data Breach

October 6, 2017

As businesses continue to struggle to comply with the growing plethora of federal and state laws mandating data security, the identity theft and cyber security epidemic keeps growing.

As human resources and other business leaders work to guard their own data and respond to employee demands for assistance in responding to breaches of their personal financial and other data, this weeks’ announcement that embattled credit monitoring giant Equifax has been awarded the exclusive contract to provide taxpayer identification and fraud prevention services to the Internal Revenue Service has many questioning whether these investments are futile.

The IRS’ announcement comes despite the September 7, 2017 announcement by Equifax of a data breach of its records impacting sensitive personal information of millions of consumers including:

The names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers of an estimated 143 million U.S. consumers;
Credit card numbers for approximately 209,000 U.S. consumers,
Certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers,and
Personal information for certain U.K. and Canadian consumers.

The huge breach already was creating many headaches for many businesses and their human resources departments before the IRS announced the award of the contract to Equifax. Due to the massive size of the breach, mist companies have been required to respond to concerns of workers impacted directly by the breach as well as requests of employees and identity theft protection companies that the business consider offering cybersecurity protection for employees or customers.

Beyond helping their workforce understand and cope with the news, many businesses and employee benefit plans also face the added headache of needing to investigate and respond to concerns about their own potential responsibilities to provide breach notification or take other actions. This added headache arises due to their or their plans’ use of Equifax or vendors utilizing Equifax to run employee or vendor background checks or carry out internal employee or employee benefit plan, customer or other business activities. These involvements often give rise to duties to conduct investigations and potentially provide notification or other responses to employees, applicants, benefit plan members, contractors or customers whose data may have been impacted under the Fair and Accurate Credit Transactions Act (FACTA), the Health Insurance Portability and Accountability Act (HIPAA), the Employee Retirement Income Security Act (ERISA) Fiduciary Responsibility rules or various other federal and state laws and regulations, vendor contracts or their own data privacy or security policies.

When notification is recommended or required, human resources and other business leaders also have to consider if modifications should be considered to standard protocols recommended to data breach victims. Notification and registration as an identity theft victim with Equifax long has been a standard part of the federal and state government recommended protocol for recommended to consumers impacted by identity theft or other data breaches. See,e.g., IRS Taxpayer Guide To Identity Theft. Although government agencies as of yet have not changed this recommendation to remove Equifax reporting, many consumers and others view reporting to Equifax as akin to the fox watching the hen house. Consequently, employers and other parties helping consumers respond to the breach often receive push back or questions from consumers about the appropriateness and security reporting to Equifax in light of its breach.

Beyond evaluating and handling their own legal responsibilities to investigate and deal with any breach impacting their data, employers and other business leaders also likely are or should consider what claims against Equifax, other vendors and business partners involved with Equifax and their own liability insurers are available and warranted to help cover the costs and potential liabilities for the business arising from the breach and it’s fall out.

As employers and other businesses work through these issues, They should keep in mind that the fallout is likely to continue for years and be further complicated by past and subsequent breaches impacting other governmental and private organizations. Human resources, employee benefits and other businesses and their leaders can expect to experience challenges dealing with fraudulent uses of misappropriated information as well as demands that they tighten up their background check, data security and usage and other practices and documentation to mitigate risks from the compromised data.

Human resources, employee benefits and other business leaders need to secure the assistance of counsel experienced in guiding their organizations through these and other challenges.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.

Well-known for her extensive work with health, insurance, financial services, technology, energy, manufacturing, retail, hospitality, governmental and other highly regulated employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes. Author of numerous works on privacy and data security, Ms. Stamer‘s experience includes involvement in cyber security and other data privacy and security matters for more than 20 years.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com such as the following:

▪RAISE Act Immigration Reforms Touted As “Giving Americans A Raise”

▪Health Clinic At Houston Convention Center, Other HHS Help For Hurricane Harvey Victims

▪IRS Updates Amounts Used To Calculate 2017 Obamacare Individual Individual Shares Responsibility Tax Penalties

▪DB Plan Sponsors Check Out New Bifurcated Distribution Model Amendmentsy

▪U.S. News Names 2017-2018 “Best” Hospitals; Patient Usefulness Starts With Metholodogy Understanding

▪Use Lessons Of Past Mistakes or Injustice To Build Better Future

▪Prepare For Turnover, Other Challenges From Rising Workforce Competition

▪Employers, Health Plans Should Brace For Tightened Federal Mental Health Coverage Mandate Disclosure And Enforcement

▪Withholding Calculator Tool Helps Workers Figure Withholding

▪Better Preparing U.S. Workers To Fill Your Jobs

▪SCOTUS Ruling Bars Many State Arbitration Agreement Restrictions

▪$2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others

Comments Off on Dealing With HR, Benefits & Other Headaches From Equifax and Other Data Breach | Banking, board of directors, Brokers, Civil Monetary Penalties, Claims, Claims Administration, compliance, conflict of interest, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, defined benefit plan, Defined Benefit Plans, defined contribution plan, Defined Contribution Plans, directors, E-Verify, EBSA, Educational Privacy, employee, Employee Benefits, Employer, Employers, Employment, Employment Policies, Employment Tax, ERISA, ESOP, Excise Tax, FACTA, Fair Credit Reporting Act, FICA, fiduciary duty, Fiduciary Responsibility, Financial Security, Form 5500, GINA, Government Contractors, health benefit, Health Benefits, health Care, health insurance, health plan, Health Plans, HIPAA, Hiring, HR, Human Resources, I-9, Identity Theft, Income Tax, Insurance, insurers, Internal Controls, Internal Investigations, Internal Revenue Code, Internet, IRC, Labor Management Relations, Leadership, Management, Managment, Patient Empowerment, Payroll Tax, pension plan, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Reporting & Disclosure, retirement plan, Retirement Plans, Retirements, Risk Management, Security, Tax, Tax Credit, Tax Qualification, Technology, third party administrators, visas, Workforce | Tagged: ADA, Corporate Compliance, Data Breach, Employee Benefits, Employer, Employers, employment law, Equifax, ERISA, Health Care, Health Insurance, HIPAA, Human Resources, Insurance, Insurer, Labor Department, Privacy, Retirement Plans, Risk Management, Tax, Technology, wage and hour, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Learn About Rising Group Health Plan Mental Health Mandate Risks From 6/27 “2017 Federal Group Health Plan Mental Health Rules Update”

June 22, 2017

Register Now To Participate In

“2017 Federal Group Health Plan Mental Health Rules Update”

Solutions Law Press, Inc™ Health Plan Update WebEx Briefing

Tuesday, June 27, 2017

10:30 A.M.-11:30 P.M. Eastern | 11:30 A.M.-12:30 P.M. Central

EXPANDING REGULATORY REQUIREMENTS & ENFORCEMENT SPELL TROUBLE FOR HEALTH PLANS AND THEIR SPONSORING EMPLOYERS.

Solutions Law Press, Inc.™ invites employer and other group health plan sponsors, fiduciaries, insurers, administrative service providers, plan brokers and consultants are invited learn critical information about their expanding risks and responsibilities arising from existing and proposed changes to rules and enforcement of federal group health plan mental health and substance abuse (MH/SUB) coverage and privacy rules under the Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA), as supplemented by the Patient Protection and Affordable Care Act (ACA) and the 21st Century Cures Act (Cures Act) and the Privacy Rules of the Health Insurance Portability & Accountability Act (HIPAA) conducted by attorney Cynthia Marcotte Stamer, a Fellow in the American College of Employee Benefits recognized as among the “Best Lawyers” in employee benefits for her health and other benefit knowledge, experience, policy advocacy and thought leadership. Register here now!

Tightening Health Plan Mental Health & Substance Abuse Rules & Enforcement Make Group Health Plan Compliance Critical

New and proposed guidance jointly published June 16, 2017 by the Departments of Labor (DOL), Health & Human Services (HHS) and Treasury is the latest in a series of regulatory and enforcement developments over the past year alerting group health plans and their employer and other group health plan sponsors, fiduciaries, insurers, administrative services providers, plan brokers and consultants involved in health plan design, funding, or administration to get serious about their group health plans’ compliance with the MHPAEA federal group health plan mental health and substance abuse coverage and benefit requirements, as supplemented by the ACA and the Cures Act without running afoul of the Privacy Rules of HIPAA.

Building upon federal group health plan mental health parity mandates originally implemented under the Mental Health Parity Act, the MHPAEA generally requires that any financial requirements or treatment limitations group health plans impose on mental health and substance use disorder (MH/SUD) benefits not be restrictive than the predominant financial requirements and treatment limitations that apply to substantially all medical and surgical benefits. MHPAEA also imposes several disclosure requirements on group health plans and health insurance issuers. Not satisfied with the MHPAEA coverage and disclosure protections, however, Congress subsequently broadened federal MH/SUD benefit rights under group health plans through the enactment of the ACA and the Cures Act. Congress also has imposed special requirements and protections for mental health treatment records adds additional responsibilities for group health plans and their service providers when dealing with information and records in connection with the administration of MH/SUD benefits.

After a long period of lax oversight and enforcement of these federal group health plan mental health rules, the Departments of Labor (DOL), Health and Human Services (HHS), and the Treasury (collectively, the Departments) since October, 2016 have begun both tightening the rules and acting to increase oversight and enforcement. The Departments have issued a series of joint guidance clarifying and broadening their interpretations of these MH/SUD benefit and disclosure mandates while simultaneously taking steps to increase awareness and enforcement of these rights. As part of these ongoing efforts, Departments’ on June 16, 2017 expanded this guidance with their publication of new Mental Health Parity Implementation FAQs Part 38 discussing their joint interpretation of the broadening effect of the enactment of the ACA and the Cure Act on these plan requirements. Concurrently, the Departments signaled their intention to add additional responsibilities for group health plans and insurers by publishing along with FAQ Part 38 a Draft MHPAEA Disclosure Template and request for comments. This latest guidance package reaffirms that the Departments are continuing efforts to increase oversight of and enforcement of MH/SUD compliance against group health plans, their sponsors, fiduciaries, insurers, and their administrative and other service providers. In the face of these developments and the reported initiation of enforcement actions by the Departments, the group health plans, their employer and other sponsors, fiduciaries, insurers, and their administrative and other service providers should move quickly to understand and update their plans and practices to comply with these recent developments while bracing for the likely need to deal with further expanded disclosure and other additional responsibilities under the MHPAEA jointly proposed by the Departments on June 16, 2017.

Beyond fulfilling these expanding MHPAEA responsibilities, health plan fiduciaries, administrators, insurers and sponsors also must ensure their health plan and its business associates comply with special rules concerning the protection, use and disclosure of mental health treatment records and information that may impact certain mental health treatment and other records received, used, retained or disclosed in the course of administering mental health, substance abuse or other provisions of their group health plans under the HIPAA Privacy Rules. Keeping in mind that HHS audit and enforcement of compliance by health plans and other HIPAA covered entities with HIPAA’s medical privacy and data security rules, health plan sponsors, fiduciaries, insurers and administrative and other service providers also should take the opportunity to verify that their plans and practices comply with special HIPAA rules impacting authorizations and other dealings with certain mental health and substance abuse health information and records and other HIPAA medical privacy and security requirements.

Given these developments, group health plans, their sponsors, fiduciaries, insurers and administrator must take steps to verify and maintain compliance with these federal MH/SUD requirements. Ensuring proper compliance with these federal rules is particularly important to avoid triggering the substantial liability that health plans, their employer and other sponsors, insurers, and administrators can incur if their health plan violates these mandates. Obviously, plans and their sponsors, insurers and fiduciaries can expect to pay additional plan expenses necessary to pay wrongfully denied benefits and other expenditures these plan or its fiduciaries expend to investigate, defend and resolve claims or compliance audits, investigations, litigation or actions brought by the Departments, state insurance regulators with respect to state governments or insurers, or private litigation by participants or beneficiaries. Many employer or other plan sponsors may be unaware that these violations also generally expose employers and other health plan sponsors to liability to self identify, self-report on Internal Revenue Service Form 8928 and self-pay and excise tax of up to $100 per participant per day per uncorrected violation by the due date for filing of their annual corporate tax return.

With oversight and enforcement already rising and the Departments proposing to expand further both disclosure duties and enforcement, group health plans, their employer and other sponsors, insurers, fiduciaries and administrators clearly need to take prompt action to verify their existing health plan provisions and administrative practices are up-to-date and administered to withstand challenge from the Departments, participants, beneficiaries, health care providers and others. Consequently, employer and other group health plan sponsors, fiduciaries, insurers, administrative services providers, plan brokers and consultants involved in health plan design, funding, or administration should act quickly to verify their plan terms and practices are updated to comply with existing rules and share their input in response to the Departments June 16, 2017 requests for comments.

ABOUT CYNTHIA MARCOTTE STAMER

Recognized as “Legal Leader™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” and an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble, singled out as among the “Best Lawyers In Dallas” in employee benefits by D Magazine; Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her nearly 30 years’ of work and pragmatic thought leadership, publications and training on health coverage and health care, health plan and employee benefits, workforce and related regulatory and other compliance, performance management, risk management, product and process development, public policy, operations and other concerns.

Throughout her legal and consulting career, Ms. Stamer has drawn recognition for combining extensive knowledge and experience with her talents as an insightful innovator and problem solver when advising, representing and defending employer and other plan sponsors, insurers, fiduciaries, insurers, electronic and other technology, plan administrators and other service providers, governments and others about health coverage, benefit program design, funding, documentation, administration, data security and use, contracting, plan, public and regulatory reforms and enforcement, and other risk management and operations matters as well as for her work and thought leadership on a broad range of other health, employee benefits, human resources and other workforce, insurance, tax, compliance and other matters. Her experience encompasses leading and supporting the development and defense of innovative new programs, practices and solutions; advising and representing clients on routine plan establishment, plan documentation and contract drafting and review, administration, change and other compliance and operations crisis prevention and response, compliance and risk management audits and investigations, enforcement actions and other dealings with the US Congress, Departments of Labor, Treasury, Health & Human Services, Federal Trade Commission, Justice, state legislatures, attorneys general, insurance, labor, worker’s compensation, and other agencies and regulators, She also provides strategic and other supports clients in defending litigation as lead strategy counsel, special counsel and as an expert witness.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, Past Group Chair, current Defined Contribution Plan Committee Co-Chair, former Welfare Committee Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, the Society of Professional Benefits Administrators, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients, serves on the faculty and planning committee of many workshops, seminars, and symposia, and on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.

About Solutions Law Press

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.SolutionsLawPress.com.

If you or someone else you know would like to receive future updates and notices about other upcoming Solutions Law Press™ events, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. For important information concerning this communication, see here.

NOTICE: Any party accessing or using any content obtained from or through Solutions Law Press, Inc.™ acknowledges and agrees that any and all programs, publications, statements and materials presented or published by Solutions Law Press, Inc.™ and any statements or other contents made or contained therein are for general informational and educational purposes only. They are generic in nature and not tailored or intended to be relied upon by any person, business, entity or other party for purposes for determining the legal, financial or other appropriateness, defensibility, suitability, outcome or consequences of any strategy, action, course of action, or any other facts, circumstances, event or conduct. Users of these resources are responsible at all times for independently evluating the suitability of any content, materials, tools or other materials or information accessed from or through Solutions Law Press, Inc. directly or indirectly.

Solutions Law Press, Inc.™ and its authors and contributors do not represent or warrant in any form or manner, and expressly disclaim and deny the appropriateness of the use or reliance of any person or entity on any content, tools or resources accessed or obtained from or through Solutions Law Press, Inc.™ for any general or particular use or purpose by any party under any circumstances.

Likewise, they do not establish an attorney-client relationship or other fiduciary, contractual or other relationship between Solutions Law Press, Inc. and/or any of its authors or contributors and any other party. They are not, and do not serve as a substitute for legal, accounting, tax or other advice. They don’t create or otherwise give rise to any duty, obligation, responsibility on behalf of Solutions Law Press, Inc™ or any provider or offeree of content, tools or services to any party.

Parties accessing or using any of Solutions Law Press, Inc.™ competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The publisher and the author expressly disclaim all liability for this content and any responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Comments Off on Learn About Rising Group Health Plan Mental Health Mandate Risks From 6/27 “2017 Federal Group Health Plan Mental Health Rules Update” | 4980D, 6039D, ACA, Affordable Care Act, Appeals, Attorney-Client Privilege, board of directors, Brokers, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims, Claims Administration, compensation, compliance, conflict of interest, Corporate Compliance, corporate governance, Data Breach, Data Security, EBSA, employee, Employee Benefits, Employer, Employers, Employment, Employment Tax, ERISA, Excepted Benefits, exchange, Excise Tax, Excise Taxes, Exempt, fiduciary duty, Fiduciary Responsibility, H.R. 4872, health reform, HIPAA, HR, Human Resources, Identity Theft, Income Tax, Insurance, insurers, Internal Revenue Code, IRC, Labor Management Relations, Management, Mental Health, Mental Health Parity, MEWA, Obamacare, Patient Protection & Affordable Care Act, Pay, Physician, Plan Admistrator, preventive care, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, SBC, Tax Credit, Uncategorized, Union | Tagged: ACA, Brokers, CCIIO, Corporate Compliance, EBSA, Employers, enforcement, Essential health benefits, Fiduciary, Fiduciary Duties, Health Benefits, health coverage, Health Plans, health reform, HHS, Mental Health, Mental Health Parity, mental health records, substance abuse, Third party Administrators | Permalink
Posted by Cynthia Marcotte Stamer

Stamer To Moderate, Talk Medical CyberSecurity At 5/19 ISSA-LA IT Security Meedical Privacy Forum

May 12, 2017

Solutions Law Press, Inc. editor and attorney Cynthia Marcotte Stamer will speak and moderate two key panel programs on health care privacy and data security scheduled at the Healthcare Privacy & Security Form hosted on May 19, 2017 by the Information Security Systems Association of Los Angeles County (ISSA-LA) as a component of its 9th Annual ISSA-LA Information Security Summit. The presentations of Ms. Stamer and others at the conference are particularly timely coming on the heels of the May 12 Cyber alerts to U.S. health industry and other businesses about the urgent need to defend against the spread of an epidemic international malware threat targeting U.S. healthcare and other businesses. See Urgent WannaCry Ransomware Cyber Warning Issued; Alert: Guard Health E-Mail, Other IT Against WannaCry Malware Attack.

The Medical Privacy & Security Summit is part of the 9th Annual ISSA-LA Information Security Summit scheduled for May 18-19, 2017 at the Universal City Hilton in Los Angeles. Recognized as a premier information security education and networking event, the Summit is expected to bring together 1000 or more health industry and other IT and InfoSec executives, leaders, analysts, and practitioners to learn from the experts, exchange ideas with their peers, and enjoy conversations with the community.

The Healthcare Privacy & Security Forum offered for the 5^th year as a component of the annual Summit on May 19 specifically focuses on leading challenges, issues and opportunities confronted by health industry privacy and security professionals and their organizations. Ms. Stamer has served on the steering committee, moderator and popular faculty member for the 2017 Forum for the 5^th consecutive year. During the 2017 Forum, she will moderate and speak on two panels:

“Finding & Negotiating The Mine Fields: CISO, CIO & Privacy Officer’s Playbook for Promoting Compliance & Security Without Getting Fired,” a luncheon interactive panel discussion with the audience exploring the challenging mission CISOs, CIOs and Privacy Officers face to ensure their healthcare, financial and other critical information, data and systems continue to support the patient care and operating functions of their organizations, while at the same time defending these systems, operations and their sensitive, but mission critical data against malicious or innocent misappropriation, use, access or destruction; and
The closing panel on “What Initiatives Are on the Horizon in Healthcare, and How Can We Secure Them?”, which will explore likely future emerging privacy and security threats and technologies, regulatory challenges and enforcement, and other trends that Privacy and Security professionals are likely to face and tips and strategies for preparing to leverage these likely new opportunities and manage new challenges.

Register or get the full schedule of programs and other events scheduled at the Healthcare Privacy & Security Forum specifically along with the overall Information Security Summit here.

About Ms. Stamer

Cynthia Marcotte Stamer is a Martindale-Hubble “AV-Preeminent (Top 1%) rated practicing attorney and management consultant, health industry public policy advocate, widely published author and lecturer, recognized for her nearly 30 years’ of work on health industry and other privacy and data security and other health care, health benefit, health policy and regulatory affairs and other health industry legal and operational as a LexisNexis® Martindale-Hubbell® “LEGAL LEADER™ and “Top Rated Lawyer,” in Health Care Law and Labor and Employment Law; a D Magazine “Best Lawyers In Dallas” in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law,” a Fellow in the American Bar Foundation, the Texas Bar Foundation and the American College of Employee Benefit Counsel.

Scribe for ABA JCEB annual agency meeting with OCR for many years, Ms. Stamer is well-known for her extensive work and leadership throughout her career on HIPAA, FACTA, PCI, IRC and other tax, Social Security, GLB, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns. Ms. Stamer has worked extensively throughout her career with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks, insurers and other financial institutions, and others on trade secret confidentiality, privacy, data security and other risk management and compliance including design, establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, drafting and negotiation of business associate, chain of custody, confidentiality, and other contracting; risk assessments, audits and other risk prevention and mitigation; investigation, reporting, mitigation and resolution of known or suspected breaches, violations or other incidents; and defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others; reporting known or suspected violations; commenting or obtaining other clarification of guidance and other regulatory affairs, training and enforcement, and a host of other related concerns.

Her clients include public and private health care providers, health insurers, health plans, employers, payroll, staffing, recruitment, insurance and financial services, health and other technology and other vendors, and others.

Author of a multitude of highly-regarded works and training programs on HIPAA and other data security, privacy and use published by BNA, the ABA and other premier legal industry publishers In addition to representing and advising these organizations, she also speaks extensively and conducts training on health care and other privacy and data security and many other matters Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. Through these and other involvements, she helps develop and build solutions, build consensus, garner funding and other resources, manage compliance and other operations, and take other actions to identify promote tangible improvements in health care and other policy and operational areas.

For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by e-mail here or by telephone at (469) 767-8872. ©2017 Cynthia Marcotte Stamer. Limited, non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Comments Off on Stamer To Moderate, Talk Medical CyberSecurity At 5/19 ISSA-LA IT Security Meedical Privacy Forum | ADA, ARRA, board of directors, Brokers, Child Safety, Civil Monetary Penalties, compliance, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, EBSA, Educational Privacy, Electronic Medical Record, employee, Employee Benefits, Employer, Employers, EMR, ERISA, FACTA, Fair Credit Reporting Act, FICA, fiduciary duty, FINRA, Government Contractors, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, HIPAA, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Internet, Management, Mental Health, officers, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Public Policy, Security, Technology, third party administrators, Uncategorized | Tagged: Cyber Security, Cybercrime, Data Security, Information Security, IT, medical data, Medical Privacy, medical security, Protected Health Information, speech | Permalink
Posted by Cynthia Marcotte Stamer

$2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others

May 10, 2017

Healthcare providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) can’t disclose the name or other protected health care information about a patient in press releases or other announcements without prior authorization from the patient. That’s the clear lesson Covered Entities should learn from the $2.4 million payment to the U.S. Department of Health and Human Services (HHS) that the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS) is paying to settle charges it violated the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by issuing a press release with the name and other protected health information (PHI) about a patient without the patient’s prior HIPAA-compliant authorization under a Resolution Agreement and Corrective Action Plan (Resolution Agreement) announced May 10, 2017 by HHS Office of Civil Rights (OCR).

The Resolution Agreement resolves OCR charges the operator of 13 hospitals, eight Cancer Centers, three Heart & Vascular Institutes, and 27 sports medicine and rehabilitation centers violated the Privacy Rule that resulted from an OCR compliance review of MHHS triggered by multiple media reports suggesting that MHHS improperly disclosed the name and other details about a patient arrested and charged with presenting an allegedly fraudulent identification card to office staff at an MHHS’s clinic after MHHS clinic staff alerted law enforcement of suspicions the patient was presenting false identification to the clinic. According to OCR, after law enforcement investigated and arrested the patient, MHHS published a press release concerning the incident in which MHHS senior management approved the impermissible disclosure of the patient’s PHI by adding the patient’s name in the title of the press release without securing prior authorization of the patient.

While OCR concluded the report to law enforcement allowable under the Privacy Rule, OCR found MHHS violated the Privacy Rule by issuing the press release disclosing the patient’s name and other PHI without authorization from the patient and also by failing to timely document the sanctioning of its workforce members for impermissibly disclosing the patient’s information.

To resolve and avoid the potential Civil Monetary Penalties that HIPAA could authorize OCR to impose for the alleged Privacy Rule violation, MHHS agrees in the Resolution Agreement to pay OCR a $2.4 million monetary settlement and implement a corrective action plan that obligates MHHS to update and train its workforce on its policies and procedures on safeguarding PHI from impermissible uses and disclosures including specific instructions and procedures to:

Address (a) Uses and disclosures for which an authorization is required, including to the media, to public officials, and on the internet; (b) Disclosures for law enforcement purposes; and (c) Uses and disclosures for health oversight activities;
Identify MHHS personnel or representatives whom workforce members, agents, or business associates may contact in the event of any inquiry or concern regarding compliance with HIPAA in relation to these activities;
Internal reporting procedures requiring all workforce members to report to the designated person or office at the earliest possible time any potential violations of the Privacy, Security or Breach Notification Rules or of MHHS’ privacy and security policies and procedures and MHHS promptly to investigate and address all received reports in a timely manner; and
Application and documentation of appropriate sanctions (which may include retraining or other instructive corrective action, depending on the circumstances) against members of MHHS’ workforce, including senior level management, who fail to comply with the Privacy, Security or Breach Notification Rules or MHHS’ privacy and security policies and procedures, including a description of the sanctions; a timeframe in which MHHS will apply and document sanctions for violations of the HIPAA Rules or of MHHS’ privacy, security or breach policies or procedures; the manner in which MHHS will document the sanctions; and where MHHS will store or retain such documentation (e.g., personnel file).

The corrective action plan in the Resolution Agreement also requires all MHHS facilities to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media and others.

Covered entities should keep in mind the MHHS Resolution Agreement is the latest in a series of OCR enforcement actions and resolution agreements highlighting the need for Covered Entities to adopt and use appropriate policies and procedures to prevent wrongful disclosures of PHI to the media or public. For instance, in June, 2013, OCR required Shasta Regional Medical Center (SRMC) to pay a $275,000 settlement payment and implement a comprehensive corrective action plan to resolve OCR charges stemming from SRMC’s disclosure of PHI about a patient to members of the media and its workforce in an effort to respond to accusations the patient made that SRMC engaged in fraud and other misconduct. See HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce. In contrast, the $2.2 million resolution agreement that OCR required New York Presbyterian Hospital for improperly allowing a film crew to film hospital patients in violation of HIPAA was almost 10 times greater than the SRMC penalty and was accompanied by OCR’s publication OCR of specific additional guidance warning Covered Entities against improper disclosures to the media. See $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use.

Following on the heels of this previous guidance and prior enforcement actions warning Covered Entities against wrongful disclosure to the media, the MHHS Resolution Agreement sends a strong message to Covered Entities that they should expect little sympathy if their organizations improperly share PHI with the media. OCR’s announcement of the MHHS Resolution Agreement, for instance quotes OCR Director Roger Severino with stating that “Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response.” The announcement goes on to quote Director Severino further as stating, “This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when making statements to the public and elsewhere.”

Conduct Entity-Wide Risk Assessment & Review & Tighten Media Relations Policies, Processes & Training ASAP

Covered entities should heed the warning by conducting a risk assessment of their organization’s susceptibility to potential improper disclosures to media or others and reviewing and implementing necessary written policies, procedures and training to prevent the improper disclosure of patient PHI to media or others unless the Covered Entity either secures prior HIPAA-compliant authorization from the patient or can prove the disclosure falls squarely under an exception to the Privacy Rule’s prohibition against disclosure of PHI without authorization except as allowed by the Privacy Rule.

Taking these and other needed steps to evaluate, and strengthen and enforce as needed, risk assessments, policies, procedures, and training to prevent wrongful use, access or disclosure of PHI to the media or others is particularly critical in light of the ongoing tightening of expectations, and rising enforcement and sanctions for HIPAA violations since Congress amended HIPAA in 2009. See OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

Based on experiences reported in the MHHS and other similar resolution agreements, Covered Entities also generally will want to ensure that their policies, procedures and training extend to all potential sources of communications that could involve patient information and make clear that the Privacy Rule restrictions must be followed even if the circumstances involve allegations of misconduct, special performance by healthcare providers or others that it would benefit the organization or certain individuals to have known to the public, or other circumstances likely to be of interest to the media or other parties.

As part of this process, covered entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate training and clarification is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations. Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

In conducting this analysis and risk assessment, it will be important that Covered Entities include, but also look beyond the four corners of their Privacy Policies to ensure that their review and risk assessment identifies and assesses and addresses compliance risks on an entity wide basis. This entity-wide assessment should include both communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer. For this reason, Covered Entities also generally will not only to adopt and implement specific policies, processes and training in these other departments to prohibit and prevent inappropriate disclosures of PHI in the course of those departments operations. It also may be advisable to pre-established processes for reviewing media or other communications for potential PHI content and require prior review of any proposed public relations and other internal or external communications containing patient PHI or other information by the privacy officer, legal counsel or another suitably qualified party.

Because of the high risk that the preparation or review of media or other public communications reports will involve the use and disclosure of PHI, Covered Entities also generally should verify that all outside media or public relations, legal, or other outside service providers participating in the investigation, response or preparation or review of communications to the media or others both are covered by signed business associate agreements that fulfill the Privacy Rule and other requirements of HIPAA as well as possess detailed knowledge and understanding of the Privacy and Security Rules suitable to participate in and help safeguard the Covered Entity against violations of these and other Privacy Rules. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to manage and defend compliance, public policy, regulatory, staffing and other operations and risk management concerns. A core focus of this work includes work to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; dealings with JCHO and other accreditation and quality organizations; investigation and defense of private litigation and other federal and state health care industry investigations and enforcement; insurance or other liability management and allocation; process and product development; managed care, physician and other staffing, business associate and other contracting; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws. Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on trade secret, HIPAA and other medical, consumer, insurance, tax, and other privacy and data security, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked closely with a diverse range of physicians, hospitals and healthcare systems, DME, Pharma, clinics, health care providers, managed care, insurance and other health care payers, quality assurance, credentialing, technical, research, public and private social and community organizations, and other health industry organizations and their management deal with governance; credentialing, patient relations and care; staffing, peer review, human resources and workforce performance management; outsourcing; internal controls and regulatory compliance; billing and reimbursement; physician, employment, vendor, managed care, government and other contracting; business transactions; grants; tax-exemption and not-for-profit; licensure and accreditation; vendor selection and management; privacy and data security; training; risk and change management; regulatory affairs and public policy and other concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health plans, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved. For information about republication or other use, please contact Ms. Stamer here.

Comments Off on $2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others | ADA, board of directors, Brokers, Cafeteria Plans, Civil Monetary Penalties, Civil Rights, compliance, conflict of interest, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, Disability Discrimination, Electronic Medical Record, employee, Employee Benefits, Employer, Employers, Employment, EMR, ERISA, Fair Credit Reporting Act, fiduciary duty, GINA, HIPAA, HIPAA, Hiring, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Internal Revenue Code, IRC, Leadership, LGBT, Management, Medicare Part D, Mental Health, Mental Health Parity, MEWA, Physician, Prescription Drugs, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Technology, third party administrators, Uncategorized | Tagged: Health Care Provider, Health Plans, HIPAA, Medical Privacy, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Latest $2.5M HIPAA Settlement Warning To Health Plans, Providers: Get HIPAA Compliant

April 26, 2017

A new Department of Health and Human Services Office of Civil Rights (OCR) CardioNet Resolution Agreement and Corrective Action Plan (Resolution Agreement) settling OCR charges of violations of the Privacy and Security Rules of the Health Insurance Portability & Accountability Act against remote cardiac monitoring provider CardioNet provides important lessons for all health plans, health insurers, telemedicine and other healthcare providers, healthcare clearinghouses (Covered Entities) and their business associates about steps to take to reduce their risk of getting hit with big OCR penalty like the $2.5 million settlement payment CardioNet must pay under the Resolution Agreement.

OCR announced the first OCR HIPAA settlement involving a wireless health services provider Monday, April 24. Under the Resolution Agreement, CardioNet agrees to pay OCR $2.5 million and to implement a corrective action plan to settle potential OCR charges it violated the HIPAA Privacy and Security Rules based on the impermissible disclosure of unsecured electronic protected health information (ePHI).

CardioNet Charges & Settlement

As has become increasingly common in recent years, the CardioNet settlement arose from concerns initially brought to OCR’s attention in connection with a HIPAA breach notification report. On January 10, 2012, OCR received notification from the provider of remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias that a workforce member’s laptop with the ePHI of 1,391 individuals was stolen from a parked vehicle outside of the employee’s home. CardioNet subsequently notified OCR of a second breach of ePHI 2,219 individuals, respectively.

Likewise, the HIPAA breaches uncovered by OCR in the course of investigating these CardioNet breaches occur in the operations of many other covered entities. According to the OCR’s investigation in response to these breach reports revealed a series of continuing compliance concerns, including:

CardioNet failed to conduct an accurate and thorough risk analysis to assess the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI and failed to plan for and implement security measures sufficient to reduce those risks and vulnerabilities;
CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented;
CardioNet was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices;
CardioNet failed to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of its facilities, the encryption of such media, and the movement of these items within its facilities until March 2015; and
CardioNet failed to safeguard against the impermissible disclosure of protected health information by its employees, thereby permitting access to that information by an unauthorized individual, and failed to take sufficient steps to immediately correct the disclosure.

To resolve these OCR charges, CardioNet agrees in the Resolution Agreement to pay $2.5 million to OCR and implement a corrective action plan. Among other things, the corrective action plan requires CardioNet to complete the following actions to the satisfaction of OCR:

Prepare a current, comprehensive and thorough Risk Analysis of security risks and vulnerabilities that incorporates its current facility or facilities and the electronic equipment, data systems, and applications controlled, currently administered or owned by CardioNet, that contain, store, transmit, or receive electronic protected health information (“ePHI”) and update that Risk Analysis annually or more frequently, if appropriate in response to environmental or operational changes affecting the security of ePHI.
Assess whether its existing security measures are sufficient to protect its ePHI and revise its Risk Management Plan, Policies and Procedures, and training materials and implement additional security measures, as needed.
Develop and implement an organization-wide Risk Management Plan to address and mitigate any security risks and vulnerabilities found in the Risk Analysis as required by the Risk Management Plan.
Review and, to the extent necessary, revise, its current Security Rule Policies and Procedures (“Policies and Procedures”) based on the findings of the Risk Analysis and the implementation of the Risk Management Plan to comply with the HIPAA Security Rule.
Provide certification to OCR that all laptops, flashdrives, SD cards, and other portable media devices are encrypted, together with a description of the encryption methods used (“Certification”).
Review, revise its HIPAA Security training to include a focus on security, encryption, and handling of mobile devices and out-of-office transmissions and other policies and practices require to address the issues identified in the Risk Assessment and otherwise comply with the Risk Management Plan and HIPAA train its workforce on these policies and practices.
Investigate all potential violations of its HIPAA policies and procedures and notify OCR in writing within 30 days of any violation.
Submit annual reports to OCR, which must be signed by an owner or officer of CardioNet attesting that he or she has reviewed the annual report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful.
Maintain for inspection and copying, and provide to OCR, upon request, all documents and records relating to compliance with the corrective action plan for six years.

Implications For Covered Entities & Business Associates

The latest in a rapidly-growing list of high dollar HIPAA enforcement actions by OCR, the CardioNet Resolution Agreement contains numerous lessons for other Covered entities and their business associates about the importance of appropriate HIPAA privacy and security compliance, including but not limited to the following:

Like many previous resolution agreements announced by OCR, the Resolution Agreement reiterates the responsibility of covered entities and business associates to properly secure their ePHI and that as part of this process, OCR expects all laptop computers and other mobile devices containing or with access to ePHI be properly encrypted and secured.
It also reminds covered entities and their business associates to be prepared for, and expect an audit from OCR when OCR receives a report that their organization experienced a large breach of unsecured ePHI.
The Resolution Agreement’s highlighting of the draft status of CardioNet’s privacy and security policies also reflects OCR expects covered entities to actually final policies, procedures and training in place for maintaining compliance with HIPAA.
The discussion and requirements in the Corrective Action Plan relating to requirements to conduct comprehensive risk assessments at least annually and in response to other events, and to update policies and procedures in response to findings of these risk assessments also drives home the importance of conducting timely, documented risk analyses of the security of their ePHI, taking prompt action to address known risks and periodically updating the risk assessment and the associated privacy and security policies and procedures in response to the findings of the risk assessment and other changing events.
The requirement in the Resolution Agreement of leadership attestation and certification on the required annual report reflects OCR’s expectation that leadership within covered entities and business associates will make HIPAA compliance a priority and will take appropriate action to oversee compliance.
Finally, the $2.5 million settlement payment required by the Resolution Agreement and its implementation against CardioNet makes clear that OCR remains serious about HIPAA enforcement.

Clearly, covered entities, business associates and their management should take steps to promptly review the adequacy of their organizations’ HIPAA compliance policies, practices and documentation in light of the deficiencies listed in the CardioNet and other HIPAA OCR settlements and civil monetary penalty assessments. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements; $400K HIPAA Penalty Teaches Risk Assessment Importance; $3.2 Children’s HIPAA CMP Teaches Key Lessons.

Of course, covered entities and business associates need to keep in mind that acts, omissions and events that create HIPAA liability risks also carry many other potential legal and business risks. For instance, since PHI records and data involved in such breaches usually incorporates Social Security Numbers, credit card or other debt or payment records or other personal consumer information, and other legally sensitive data, covered entities and business associates generally also may face investigation, notification and other responsibilities and liabilities under confidentiality, privacy or data security rules of the Fair and Accurate Credit Transaction Act (FACTA), the Internal Revenue Code, the Social Security Act, state identity theft, data security, medical confidentiality, privacy and ethics, insurance, consumer privacy, common law or other state privacy claims and a host of other federal or state laws. Depending on the nature of the covered entity or its business associates, the breach or other privacy event also may trigger fiduciary liability exposures for health plan fiduciaries in the case of a health plan, professional ethics or licensing investigations or actions against health care providers, insurance companies, administrative service providers or brokers, shareholder or other investor actions, employment or vendor termination or disputes and a host of other indirect legal consequences.

Beyond, and regardless of if, a covered entity or business ultimately succeeds in defending its actions against a charge of violating any of these or other standards, however, covered entities, business associates and their leaders should keep in mind that the most material and often most intractable consequences of a HIPAA or other data or other privacy breach report or public accusation, investigation, admission also typically are the most inevitable:

The intangible, but critical loss of trust and reputation covered entities and business associates inevitably incur among their patients, participants, business partners, investors and the community; and
The substantial financial expenses and administrative and operational disruptions of investigating, defending the actions of the organization and implementation of post-event corrective actions following a data or other privacy breach, audit, investigation, or charge.

In light of these risks, covered entities business associates and their management should use the experiences of CardioNet and other covered entities or business associates caught violating HIPAA or other privacy and security standards to reduce their HIPAA and other privacy and data security exposures. Management of covered entities and their business associates should take steps to ensure that their organizations policies, practices and procedures currently are up-to-date, appropriately administered and monitored, and properly documented. Management should ensure that their organizations carefully evaluate and strengthen as necessary their current HIPAA risk assessments, policies, practices, record keeping and retention and training in light of these and other reports as they are announced in a well-documented manner. The focus of these activities should be both to maintain compliance and position their organizations efficiently and effectively to respond to and defend their actions against a data breach, investigation, audit or accusation of a HIPAA or other privacy or security rule violation with a minimum of liability, cost and reputational and operational damages.

As the conduct of these activities generally will involve the collection and analysis of legally sensitive matters, most covered entities and business associates will want to involve legal counsel experienced with these matters and utilize appropriate procedures to be able to use and assert attorney-client privilege and other evidentiary privileges to mitigate risks associated with these processes. To help plan for and mitigate foreseeable expenses of investigating, responding to or mitigating a known, suspected or asserted breech or other privacy event, most covered entities and business associates also will want to consider the advisability of tightening privacy and data security standards, notification, cooperation and indemnification protections in contracts between covered entities and business associates, acquiring or expanding data breach or other liability coverage, or other options for mitigating the financial costs of responding to a breach notification, investigation or enforcement action.

About The Author

In the course of this work, Ms. Stamer has accumulated extensive experience helping health industry clients manage workforce, medical staff, vendors and suppliers, medical billing, reimbursement, claims and other provider-payer relations, business partners, and their recruitment, performance, discipline, compliance, safety, compensation, benefits, and training, board, medical staff and other governance; compliance and internal controls; strategic planning, process and quality improvement; change management; assess, deter, investigate and address staffing, quality, compliance and other performance; meaningful use, EMR, HIPAA and other data security and breach and other health IT and data; crisis preparedness and response; internal, government and third-party reporting, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.

Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws. Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

Comments Off on Latest $2.5M HIPAA Settlement Warning To Health Plans, Providers: Get HIPAA Compliant | ARRA, Attorney-Client Privilege, board of directors, Brokers, Civil Monetary Penalties, Civil Rights, compliance, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, Electronic Medical Record, Employee Benefits, Employer, fiduciary duty, Fiduciary Responsibility, FINRA, GINA, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Technology, Telecommuting, Uncategorized | Tagged: Breach, Breach Notification, Business Associate, Covered Entity, Health Insurance, Health Plan, HIPAA, HIPAA Privacy, HIPAA Security, Medical Privacy, OCR, Office of Civil Rights, REmote Care, Technology, Telemedicine | Permalink
Posted by Cynthia Marcotte Stamer

Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements

April 24, 2017

Health plans, their fiduciaries and sponsors, health insurers, health care providers, health care clearinghouses (“covered entities”) and their business associates must get and keep your business associate (BA) agreements (BAAs) in place, up-to-date, and readily available for inspection in accordance with the Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule, 45 C.F.R. Part 160 and Subparts A and E of Part 164 (Privacy Rule). That’s the clear message to covered entities and their business associates in the April 17, 2017 HIPAA Resolution Agreement just announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) with the Center for Children’s Digestive Health (CCDH).

While the Resolution Agreement relates to breaches of the BAA requirements of a small pediatric practice, all health plans, health care providers and other covered entities and business associates should focus on the adequacy of their BAAs and their BAA record keeping. HIPAA compliance surveys reflect deficiencies with the BAA rules are common throughout the industry. These findings and the involvement of BAs in data breaches or other OCR enforcement activities suggest a high probability that many other covered entities and business associates may be sitting ducks for similar sanctions. See e.g., HIPAA Compliance Survey Churns Up Many Business Associate Problems (January 3, 2017). Consequently, all covered entities and business associates generally should treat the CCDH Resolution Agreement as a message to review and correct as necessary their organizations’ compliance and recordkeeping to minimize their exposure to potential sanctions from violations of the HIPAA business associate rules.

The HIPAA Business Associate Agreement Requirements

OCR’s announcement of the CCDH Resolution Agreement is the latest in a growing series of HIPAA enforcement actions showing the growing risk covered entities and their business associates face for failing to take appropriate steps to comply with the BAA and other Privacy Rule requirements of HIPAA.

As compliance audits and surveys of covered entities and business associates suggest a high level of noncompliance with the business associate agreement requirements among covered entities and business associates, While the ever-growing list of Resolution Agreements and Civil Monetary Penalties announced by OCR cover a variety of categories of HIPAA violations, the CCDH Resolution Agreement highlights the importance of covered entities and their business associates ensuring that before the BA creates, accesses, receives, discloses, retains or destroys any PHI for the covered entity, a BAA meeting the Privacy Rule requirements is signed and retained for at least the six-year period the Privacy Rule requires in a manner easily producible when and if OCR or another agency asks for a copy as part of an investigation or other compliance audit. See Privacy Rule §§ 164.502(e), 164.504(e), 164.532(d) and (e).

The Privacy Rule requires that covered entities and business associates enter into a written and signed business associate agreement that contains the elements specified in Privacy Rule § 164.504(e) before the business associate creates, uses, accesses or discloses PHI of the covered entity. Meanwhile, the Privacy Rule recordkeeping requirements require that covered entities and BAs maintain copies of these BAAs for a minimum of six years.

Violations of the Privacy Rule can carry stiff civil or even criminal penalties Pursuant to amendments to HIPAA enacted as part of the HITECH Act, civil penalties typically do not apply to violations punished under the criminal penalty rules of HIPAA set forth in Social Security Act , 42 U.S.C § 1320d-6 (Section 1177).

Under Section 1177, the criminal enforcement provisions of HIPAA authorize the Justice Department to prosecute a person who knowingly in violation of the Privacy Rule (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, punishable by the following criminal sanctions and penalties:

A fine of up to $50,000, imprisoned not more than 1 year, or both;
If the offense is committed under false pretenses, a fine of up to $100,000, imprisonment of not more than 5 years, or both; and
If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of up to $250,000, imprisoned not more than 10 years, or both.

In contrast, as amended by the HITECH Act, the civil enforcement provisions of HIPAA empower OCR to impose Civil Monetary Penalties on both covered entities and BAs for violations of any of the requirements of the Privacy or Security Rules. The penalty ranges for civil violations depends upon the circumstances associated with the violations and are subject to upward adjustment for inflation. As most recently adjusted here effective September 6, 2016, the following currently are the progressively increasing Civil Monetary Penalty tiers:

A minimum penalty of $100 and a maximum penalty of $50,000 per violation, for violations which the CE or BA “did not know, and by exercising reasonable diligence would not have known” about using “the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances;”
A minimum penalty of $1,000 and a maximum penalty of $50,000 per violation, for violations for “reasonable cause” which do not rise to the level of “willful neglect” where “reasonable cause” means the “circumstances that would make it unreasonable for the covered entity, despite the exercise of ordinary business care and prudence, to comply with the violated Privacy Rule requirement;”
A minimum penalty of $10,000 and a maximum penalty of $50,000 per violation, for violations attributed to “willful neglect,” defined as “the conscious, intentional failure or reckless indifference to the obligation to comply” with the requirement or prohibition; and
A minimum penalty of $50,000 and a maximum penalty of $1.5 million per violation, for violations attributed to “willful neglect” not remedied within 30 days of the date that the covered entity or BA knew or should have known of the violation.

For continuing violations such as failing to implement a required BAA, OCR can treat each day of noncompliance as a separate violation. However, sanctions under each of these tiers generally are subject to a maximum penalty of $1,500,000 for violations of identical requirements or prohibitions during a calendar year. For violations such as the failure to implement and maintain a required BAA where more than one covered entity bears responsibility for the violation, OCR an impose Civil Monetary Penalties against each culpable party. OCR considers a variety of mitigating and aggravating facts and circumstances when arriving at the amount of the penalty within each of these applicable tiers to impose.

While criminal enforcement of HIPAA remains relatively rare, a review of the OCR enforcement record in recent years makes clear that civil enforcement of HIPAA and the sanctions imposed is growing. See e.g., $400K HIPAA Settlement Shows Need To Conduct Timely & Appropriate Risk Assessments; $5.5M Memorial HIPAA Resolution Agreement Shows Need To Audit. For more examples, also see here.

CCDH Sanctions For Violation Of HIPAA Business Associate Agreement Rules

The CCDH Resolution Agreement arises from violations of this requirement that OCR says it discovered as a result of a compliance review conducted in response to an OCR investigation of a CCDH business associate, FileFax, Inc. According to OCR, OCR found from the compliance review of CCDH triggered by OCR’s investigation of FileFax that while CCDH began disclosing PHI to Filefax in 2003 and that Filefax stored records containing protected health information (PHI) for CCDH, neither CCDH nor Filefax could produce a signed Business Associate Agreement (BAA) covering their relationship for any period before October 12, 2015.

Based on the resulting investigation, OCR concluded:

CCDH failed to obtain a BAA providing written assurances from Filefax that it would appropriately safeguard the PHI in Filefax’s possession or control satisfactory assurances as required by Privacy Rule §164.502(e); and
Because CCDH failed to secure the required BAA, it violated the Privacy Rule by impermissibly disclosing the PHI of at least 10,728 individuals to Filefax when CCDH transferred the PHI to Filefax without obtaining the requisite BAA from Filefax (Covered Conduct).

In the Resolution Agreement, CCDH agrees to pay HHS $31,000.00 (Resolution Amount) and enter into and comply with a Corrective Action Plan (CAP) in return for OCR’s release of CCDH from liability for “any actions it may have against CCDH under the HIPAA Rules” for the Covered Conduct. The Resolution Agreement only settles the civil monetary penalty and other OCR enforcement liabilities of CCDH with respect to the Covered Conduct. Its provisions expressly state the Resolution Agreement does not affect any exposures of CCDH to CCDH to OCR civil monetary penalties or other enforcement for any HIPAA violations other than the Covered Conduct.

Perhaps even more noteworthy given the HITECH Act’s provisions coordinating the civil and criminal sanctions of HIPAA, while the Resolution Agreement provides no clear indication that the Justice Department might be considering criminally prosecuting CCDH or any other party in relation to the Covered Conduct, the Resolution Agreement also expressly states that its provisions do not affect CCDH’s potential exposure, if any, to criminal prosecution by the Justice Department for a criminal violation of the Privacy Rules under Section 1177 of the Social Security Act.

Implications For Covered Entities & Business Associates

Covered entities and their business associates should heed the CCDH Resolution Agreement as a strong message from OCR to ensure their organizations are complying with HIPAA’s BAA and other requirements. The Resolution Agreement makes clear that the starting point of this compliance effort must be obtaining and maintaining the requisite BAAs for each BA relationship.

To position their organizations to withstand potential investigation by OCR, covered entities and BAs should start by conducting a well-documented audit within the scope of attorney-client privilege both to verify that an appropriate, signed BAA is in place for each BA relationship as well as adequacy of processes for identifying business associate relationships, ensuring that signed BAAs are in effect before BAs access any PHI, and for investigating, reporting and resolving any breaches of the HIPAA Privacy or Security Rules that may arise in the course of operations.

Conducting this audit as soon as possible is particularly important in light of reported findings of widespread compliance concerns. See HIPAA Compliance Survey Churns Up Many Business Associate Problems (January 3, 2017). As the audit process could identify potential violations or other legally sensitive concerns, covered entities and business associates generally will want to arrange for this audit and evaluation to be conducted under the supervision of legal counsel experienced with HIPAA within or pursuant to processes structured with the assistance of legal counsel within the scope of attorney-client privilege.

Beyond confirming all necessary BAAs are in place, covered entities and business associates also generally will want to evaluate the adequacy of BAs’ processes and procedures for maintaining compliance with the Privacy and Security Rules as well as processes and procedures for responding to audits, investigations and complaints, reporting and addressing breaches of electronic and other PHI and other possible compliance concerns under HIPAA and other related laws. In many instances, parties may n wish to revise and strengthen existing BAAs to more specifically define these policies and procedures more specifically as well as indemnification, cyber or other liability coverage requirements and other contractual provisions for allocating potential costs and liabilities arising from breaches, audits, investigations and other expenses associated with the administration of these provisions.

About The Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar, insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here.

Comments Off on Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements | ARRA, Attorney-Client Privilege, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, employee, Employee Benefits, Employer, Employers, Employment, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Patient Empowerment, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Uncategorized | Tagged: Business Associate, Health Care, Health Insurer, Health Plans, HIPAA, HIPAA OCR, HIPAA Privacy, HITECH, Insurer, Technology, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Brace For Health Plan OCR HIPAA Audits

March 22, 2016

Employer and union sponsored health plans, their sponsors, fiduciaries, and business associates should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) follow OCR’s 2016 audit program on the heels of its announcement last week of two large HIPAA settlements last week.

OCR confirmed today it is sending emails notifying health plans, healthcare providers, healthcare clearing houses (Covered Entities) and their business associates identified as part of the kickoff of its next phase of audits of Covered Entities. In light of the HIPAA verification rules and the notorious spread of opportunistic identity theft and other fraud by opportunistic Cybercriminals following these types of announcements, Covered Entities and business associates should carefully verify the requests validity and manage the response to avoid violating HIPAA in responding and position for defensibility against potential penalties.

Even if health plans or other Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.

To catch up on this latest guidance, Solutions Law Press, Inc. ™ invites you to register to participate in a special WebEx briefing on “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” on Wednesday, March 30, 2016 beginning at Noon Central Time on Wednesday, March 30, 2016.

2016 Audit Program

In its 2016 Phase 2 HIPAA Audit Program, OCR will review the policies and procedures adopted and employed by Covered Entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. OCR says it will primarily conduct these audits as desk audits, although some on-site audits will be conducted.

According to today’s announcement, the 2016 audit process begins with verification of an entity’s address and contact information. OCR is sending emails to Covered Entities and business associates requesting that contact information be provided to OCR on time. OCR will then send a pre-audit questionnaire to gather data about the size, type, and operations of potential audit targets. OCR says this data will be used with other information to create potential audit subject pools. Recipients should contact qualified legal counsel immediately for advice and assistance about proper procedures to verify the email is in fact from OCR and for assistance in responding.

If an entity does not respond to OCR’s request to verify its contact information or pre-audit questionnaire, OCR will use publicly available information about the entity to create its audit subject pool. Therefore an entity that does not respond to OCR may still be selected for an audit or subject to a compliance review. Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity’s spam filtering and virus protection are automatically enabled, OCR expects entities to check their junk or spam email folder for emails from OCR.

The announcement also reflects that OCR is still developing other aspects of the audit program. OCR will post updated audit protocols on its website closer to conducting the 2016 audits. The audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used as a tool by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities.

OCR says its audits will enhance industry awareness of compliance obligations and enable OCR to better target technical assistance regarding problems identified through the audits. Through the information gleaned from the audits, OCR will develop tools and guidance to aid the industry in compliance self-evaluation and in preventing breaches. OCR plans to use results and procedures used in the phase 2 audits to develop its permanent HIPAA audit program.

OCR Settlements Show Enforcement Risk

The audit program announcement comes less than a week after OCR announced millions of dollars of new penalties under settlements with two Covered Entities:

A $1,555,000 settlement with North Memorial Health Care of Minnesota;
A $3.9 million settlement with Feinstein Institute for Medical Research.

The two settlements drive home again the substantial liability that health care providers, health plans, health care clearinghouses and their business associates risk for violating HIPAA.

Feinstein Settlement

Feinstein is a biomedical research institute organized as a New York not-for-profit corporation sponsored by Northwell Health, Inc., formerly known as North Shore Long Island Jewish Health System, a large health system headquartered in Manhasset, New York comprised of 21 hospitals and over 450 patient facilities and physician practices.

OCR’s investigation began after Feinstein filed a breach report indicating that on September 2, 2012, a laptop computer containing the electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI stored in the laptop included the names of research participants, dates of birth, addresses, social security numbers, diagnoses, laboratory results, medications, and medical information about potential participation in a research study.

OCR’s investigation discovered that Feinstein’s security management process was limited in scope, incomplete, and insufficient to address potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the entity. Further, Feinstein lacked policies and procedures for authorizing access to ePHI by its workforce members, failed to implement safeguards to restrict access to unauthorized users, and lacked policies and procedures to govern the receipt and removal of laptops that contained ePHI into and out of its facilities. For electronic equipment procured outside of Feinstein’s standard acquisition process, Feinstein failed to implement proper mechanisms for safeguarding ePHI as required by the Security Rule.

“Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities,” said OCR Director Jocelyn Samuels. “For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”

The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/Feinstein/index.html.

North Memorial

The Feinstein settlement announcement follows yesterday’s announcement of a $1.5 million plus settlement with North Memorial to resolve HIPAA charges that it failed to implement a business associate agreement with a major contractor and failed to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information. North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities.

The settlement highlights the importance for healthcare providers, health plans, healthcare clearinghouses and their business associates to comply with HIPAA’s business associate agreement and other HIPAA organizational, risk assessment, privacy and security, and other requirements.

OCR’s announcement emphasizes the importance of meeting these requirements. “Two major cornerstones of the HIPAA Rules were overlooked by this entity,” said Director Samuels. “Organizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure.”

The settlement comes from charges filed after OCR initiated its investigation of North Memorial following receipt of a breach report on September 27, 2011, which indicated that an unencrypted, password-protected laptop was stolen from a business associate’s workforce member’s locked vehicle, impacting the ePHI of 9,497 individuals.

OCR’s investigation indicated that North Memorial failed to have in place a business associate agreement, as required under the HIPAA Privacy and Security Rules, so that its business associate could perform certain payment and health care operations activities on its behalf. North Memorial gave its business associate, Accretive, access to North Memorial’s hospital database, which stored the ePHI of 289,904 patients. Accretive also received access to non-electronic protected health information as it performed services on-site at North Memorial.

The investigation further determined that North Memorial failed to complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure — including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes.

In addition to the $1,550,000 payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan, as required under the Security Rule. North Memorial will also train appropriate workforce members on all policies and procedures newly developed or revised pursuant to this corrective action plan.

The Resolution Agreement and Corrective Action Plan can be found on the HHS website at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/north-memorial-health-care/index.html.
Settlement Latest Reminder To Manage HIPAA Risks.

Following up on OCR’s imposition of its second-ever HIPAA Civil Monetary Penalty (CMP) and the latest in an ever-growing list of settlements by Covered Entities under HIPAA, these latest settlements illustrate the substantial liability that Covered Entities face for violating HIPAA. To avoid these liabilities, Covered Entities must constantly be diligent to comply with the latest guidance of OCR about their obligations under HIPAA.

As OCR continues to issue additional guidance as well as supplement this guidance through information shared in settlement agreements like the North Memorial settlement, even if Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.

Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities face growing responsibilities and liability for maintaining the security of ePHI.

In response to HITECH, OCR continues to use a carrot and stick approach to encouraging and enforcing compliance. As demonstrated by OCR’s imposition of the second-ever HIPAA Civil Monetary Penalty (CMP) of $239,000 against Lincare and the ever-growing list of Resolution Agreements OCR announces with other Covered Entities, OCR continues to step up enforcement against Covered Entities that breach the Privacy and Security Rules. See OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000.

On the other hand, OCR also continues to encourage voluntary compliance by Covered Entities by sharing guidance and tools to aid Covered Entities to understand fulfill their HIPAA responsibilities such as the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016.The crosswalk that maps the HIPAA Security Rule to the standards of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) as well as mappings to certain other commonly used security frameworks.

While stating that the HIPAA Security Rule does not require use of the NIST Cybersecurity Framework, OCR says it hopes the Crosswalk will provide “a helpful roadmap” for HIPAA Covered Entities and their business associates to understand the overlap between the NIST Cybersecurity Framework, the HIPAA Security Rule, and other security frameworks that can help Covered Entities safeguard health data in a time of increasing risks and help them to identify potential gaps in their programs.

At the same time, OCR’s announcement of its release of the Crosswalk also cautions users that “use of the Framework does not guarantee HIPAA compliance.” Rather, OCR says “the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.

With a USA Today report attributing more than 40 percent of data breaches to the healthcare industry over the last three years 91 percent of all health organizations having reporting breaches over the last two years, OCR has made clear that it intends to zealously investigate and enforce the Security Rules against Covered Entities that violate the Security Rules against Covered Entities that fail to take suitable steps to safeguard the security of PHI as required by the HIPAA Security Rule.

To meet these requirements, the HIPAA Security Rule requires that Covered Entities conduct and be prepared to product documentation of their audit and other efforts to comply with the Security Rule Most Covered Entities will want to consider including an assessment of the adequacy of their existing practices under the Crosswalk and other requirements disclosed by OCR in these assessments to help position the Covered Entity to defend or mitigate HIPAA CMP and other liabilities in the event of a HIPAA breech or audit.

Changing Rules Complicate Compliance

In addition to maintaining adequate security, HIPAA also requires Covered Entities to provide individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans in accordance with the HIPAA Privacy Rule. In response to recurrent difficulties experienced by individuals in exercising these rights, OCR recently published supplemental guidance to clarify and promote better understanding and compliance with these rules by Covered Entities. OCR started this process in January, 2015 by releasing a comprehensive fact sheet (Access fact sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient.

Earlier this month, OCR followed up by publishing on March 1, 2016 a second set of FAQs addresses additional issues, including the fees individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they so choose.

Covered entities and their business associates should expect OCR to ask about use of these tools in audits and investigations. Accordingly, they should move quickly to review and update their business associate agreements and other practices to comply with this new guidance as well as watch for further guidance and enforcement about these practices from OCR.

Other Key HIPAA Regulatory & Enforcement Changes Raise Responsibilities & Risks

OCR’s new guidance on access to PHI follows a host of other regulatory and enforcement activities. While the particulars of each of these new actions and guidance vary, all send a very clear message: OCR expects Covered Entities and their business associates to comply with HIPAA and is offering tools and other guidance to aid them in that process. In the event of a breach or audit, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply.

Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.

Register For 3/30 Webex Briefing

Solutions Law Press, Inc.™ invites to catch up on the latest guidance on the Covered Entities’ responsibility under HIPAA to provide access to patients to PHI by registering here to participate in the “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” Webex briefing by attorney Cynthia Marcotte Stamer that Solutions Law Press, Inc.™ will host beginning at Noon Central Time on Wednesday, March 30, 2016.

About The Author

Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.

As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved.

Comments Off on Brace For Health Plan OCR HIPAA Audits | Brokers, Civil Rights, compensation, compliance, Corporate Compliance, Cybercrime, Data Breach, Data Security, employee, Employee Benefits, FACTA, fiduciary duty, Fiduciary Responsibility, Financial Security, GINA, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, HIPAA, HIPAA, Hospitality, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Management, Medicare Part D, Mental Health, Mental Health Parity, MEWA, Obamacare, Patient Empowerment, Prescription Drugs, Privacy, Professional Liability, Risk Management, third party administrators, Uncategorized, Wellness, Wellness Programs, Workforce | Tagged: Data Breach, Data Security, Employee Benefits, ERISA, Fiduciary Liability, financial privacy, Health Insurance, Health Plan, Health Plans, HIPAA, Medical Privacy, OCR, Office of Civil Rights, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

EEOC ADA Suit Against Magnolia Health Highlights US Employer’s Growing Disability Discrimination Risks

August 18, 2015

A new disability discrimination lawsuit filed by the U.S. Equal Employment Opportunity Commission (EEOC) against Visalia, California -based Magnolia Health Corporation and its affiliates (Magnolia) highlights the need for healthcare industry and other U.S. employers adequacy and defensibility of their practices for offering accommodation to, hiring, screening and other employment practices with respect to persons with actual or perceived disabilities in light of the EEOC’s prioritization of disability discrimination enforcement under the Obama Administration.

In keeping with President Obama’s announced agenda, the EEOC has made disability and other discrimination regulations and enforcement a major priority. The EEOC’s Strategic Enforcement Plan includes eliminating class-based and other recruitment and hiring practices that discriminate against people with disabilities and other classes protected under federal employment discrimination laws among its top six national priorities. In furtherance of these priorities, the EEOC and other federal agencies both have expanded regulatory protections for persons with disabilities and significantly stepped up investigation and enforcement of disability discrimination claims against businesses accused or suspected of discriminating against disabled or other persons protected under federal discrimination laws. See e.g., Discrimination Rules Create Risks For Employer Reliance On Injunction Of FMLA Rule On Same-Sex Partners’ Marital Status; EEOC Suit Against Pipe Fitting Business Shows Disability Discrimination Risks For Employers Hiring Vets With PTSD; EEOC Charges Employer Violated ADA By Terminating Employment At FMLA Leave End; Texas Employers Top Target For EEOC Charges; Wal-Mart Settlement Shows ADA Risks When Considering Employee Return To Work Accommodation Requests & Inquiries; Employer Pays $475,000 To Settle ADA Discrimination Lawsuit Challenging Medical Fitness Testing For EMTs, Firefighters & Other Public Safety Workers.

In keeping with this aggressive enforcement agenda, the EEOC’s suit filed August 8, 2015 against Magnolia reflects this enforcement emphasis. In the suit, the EEOC asks the Federal District Court to award backpay, compensatory and punitive damages on behalf of the class, as well as impose injunctive relief to prevent and address alleged “systemic” practices of disability discrimination in violation of the ADA by Magnolia.

Specifically, the EEOC lawsuit charges Magnolia with engaging since 2012 in systematic discrimination based on disability, a record of disability and perceived disability in violation of the ADA by refusing to hire and denying accommodations with persons disabilities, and ultimately firing individuals that Magnolia regarded as disabled, had a record of a disability or had an actual disability. The EEOC says Magnolia’s prohibited discriminatory practices included only offering positions to certain applicants under the condition that the applicants pass a medical examination, as well as discharging or revoking job offers when it learned of or received records of prior medical conditions or current medical restrictions.

When announcing the suit, the EEOC made clear it intends the lawsuit to send a message to all U.S. employers. “Requiring individuals to be free from any need for accommodation is a trend that the EEOC is seeing in our region. Disability discrimination remains a persistent problem that needs more attention by employers,” said Anna Park, regional attorney for EEOC’s Los Angeles District.

Meanwhile, Director for EEOC’s Fresno Local Office Melissa Barrios warned, “Employers must try to accommodate individuals with disabilities by exploring effective ways to allow them to work provided there is no undue hardship.” Ms. Barrios added, “Employment decisions, such as denying hire or firing, that are made without engaging in that critical interactive process run afoul of the law.”

With the EEOC continuing to emphasize ADA enforcement, U.S. employers should exercise care to ensure that their employment screening, hiring, accommodation and other duties both are properly designed and administered for defensibility under the ADA. Healthcare or other employers should not presume that the EEOC or the courts automatically to accept as obvious or without question that the nature of their business or a particular position disqualifies an individual or class of individuals with a physical or mental disability, past history of injury or illness or other actual or perceived physical or mental limitation automatically for employment in that position. Rather, employers making hiring or other employment decisions should be prepared to prove that their organization complies with the ADA in word and in deed by both adopting policies of compliance and ensuring that those policies are appropriately administered in a well-documented fashion so that the documentation. Employers that decide not to hire an individual with an actual or perceived disability for safety or other reasons should be prepared in the event of a disability discrimination challenge to show that hiring or other employment decisions with respect to individuals with actual, perceived or records of disabilities were made without impermissible disability discrimination. An employer determining that an individual with an actual, perceived or record of disability should be prepared to show that this determination was made either without regard to the individual’s disability or that the individual does not qualify even with reasonable accommodation, that accommodation would be unreasonably costly, or accommodation could not eliminate the safety or other proven barriers to qualification of the individual for the position. Businesses and business leaders concerned with managing these and other disability discrimination risks should keep in mind that evidentiary rules make it important that businesses ensure that in addition to maintaining appropriate written policies, they also conduct their employment activities appropriately to minimize the creation of evidence that could create or support discrimination claims as well as documentation to support the employer’s planned defenses.

For Legal or Consulting Advice, Legal Representation, Training Or More Information

If you need help responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Recognized as a “Top” attorney in employee benefits, labor and employment and health care law extensively involved in health and other employee benefit and human resources policy and program design and administration representation and advocacy throughout her career, Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than 27 years’ experience practicing at the forefront of employee benefits and human resources law.

A Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms.Stamer is recognized nationally and internationally for her practical and creative insights and leadership on health and other employee benefit, human resources and insurance matters and policy.

Ms. Stamer helps management manage. Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.

Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.

Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.

Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see www.cynthiastamer.com, or www.stamerchadwicksoefje.com the member of contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com including:

Comments Off on EEOC ADA Suit Against Magnolia Health Highlights US Employer’s Growing Disability Discrimination Risks | Accommodation, ADA, Disability Discrimination, Discrimination, Employers, Employment Discrimination, Hiring, Human Resources, Internal Controls, Professional Liability, Rehabilitation Act, Risk Management | Tagged: Accommodation, ADA, compliance, Disability Discrimination, EEOC Employer, Employment Practices Liability, Health Care, Human Resources, Rehabilitation Act, Risk Management, Safety | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Kicks Off Dallas HR 2015 Monthly Lunch Series With 2015 Federal Legislative, Regulatory & Enforcement Update

November 10, 2014

Human resources and other management leaders are watching Washington to see if the change in Congressional control resulting from the November 4, 2014 mid-term election ushers in a more management friendly federal legal environment. Since President Obama took office, the Democrats aggressive pursuit of health care, minimum wage and other federal pro-labor legislation, regulations and enforcement has increased management responsibilities, costs and liabilities.

Nationally recognized management attorney, public policy advisor and advocate, author and lecturer Cynthia Marcotte Stamer will help human resources and other management leaders prepare for 2015 when she speaks on “2015 Federal Legislative, Regulatory & Enforcement Update: What HR & Benefit Leaders Should Expect & Do Now” at the 2015 Dallas HR monthly luncheon series kickoff meeting on January 13, 2014.

About The Program

While November 4, 2014 Republican election victories gave Republicans a narrow majority in both the House and Senate when the new Congress takes office January 3, 2015, the new Republican Majority may face significant challenges delivering on their promises to move quickly to enact more business-friendly health care, guest worker, tax and other key reforms Republicans say will boost the employment and the economy.

While President Obama and Democrat Congressional leaders say they plan to work with the new majority, President Obama already is threatening to use vetoes, regulations and executive orders to block Republicans from obstructing or rolling back his pro-labor policy and enforcement agenda. When the new Congress takes office, the narrowness of the Republican Majority in the Senate means Republicans can’t block a Democratic filibuster or override a Presidential veto without recruiting some Democratic support.

As the Democrats and Republicans head into battle again, Board Certified Labor & Employment attorney and public policy advocate Cynthia Marcotte Stamer will help human resources and other management leaders get oriented for the year ahead by sharing her insights and predictions on the legislative, regulatory and enforcement agendas that HR, benefit and other business leaders need to plan for and watch in 2015. Among other things, Ms. Stamer will:

Discuss how management can benefit from monitoring and working to influence potential legislative, regulatory and enforcement developments when planning and administering HR and related workforce policies;
Discuss the key workforce and other legislative, regulatory and enforcement priorities and proposals Democrats and Republicans plan to pursue during 2015;
Share her insights and predictions about how the narrow Republican majority, Mr. Obama’s lame duck presidency and other factors could impact each Party’s ability to pursue its agenda
Share tips management leaders can use to help monitor developments and to help shape legislation, regulation and enforcement through Dallas HR, SHRM and other organizations as well as individually;
Learn tips for anticipating and maintaining flexibility to respond to legislative, regulatory and enforcement developments; and
More

To register or get more details about the program, DallasHR, or both, see http://www.dallashr.org.

About Ms. Stamer

Board certified labor and employment attorney, public policy leader, author, speaker Cynthia Marcotte Stamer is nationally and internationally recognized and valued for her more than 25 years of work advising and representing employers, insurers, employee benefit plans, their fiduciaries and advisors, business and community leaders and governments about workforce, employee benefits, social security and pension, health and insurance, immigration and other performance and risk management, public policy and related regulatory and public policy, management and other operational concerns.

Throughout her career, Ms. Stamer continuously both has helped businesses and their management to monitor and respond to federal and state legislative, regulatory and enforcement concerns and to anticipate and shape federal, state and other laws, regulations, and enforcement in the United States and internationally.

Well known for her leadership on workforce, health and pension policy through her extensive work with clients as well as through her high profile involvements as the Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment, a founding Board member of the Alliance for Health Care Excellence, a Fellow in the American College of Employee Benefit Counsel, the American Bar Association (ABA), and the State Bar of Texas leadership and other involvements with the ABA including her annual service leading the annual agency meeting of Joint Committee on Employee Benefits (JCEB) representatives with the HHS Office of Civil Rights and participation in other JCEB agency meetings, past involvements with legislative affairs for the Texas Association of Business and Dallas HR and others, and many speeches, publications, and other educational outreach efforts, Ms. Stamer has worked closely with Congress and federal and state regulators on the Patient Protection & Affordable Care Act and other health care, pension, immigration, tax and other workforce-related legislative and regulatory reforms for more than 30 years. One of the primary drafters of the Bolivian Social Security reform law and a highly involved leader on U.S. workforce, benefits, immigration and health care policy reform, Ms. Stamer’s experience also includes working with U.S. and foreign government, trade association, private business and other organizations to help reform other countries’ and U.S. workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Ms. Stamer also contributes her policy, regulatory and other leadership to many professional and civic organizations including as Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the American Bar Association RPTE Employee Benefits & Other Compensation Committee and its current Welfare Benefit Plans Committee Co-Chair, a Substantive Groups & Committee Member; a member of the leadership council of the ABA Joint Committee on Employee Benefits; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; the current Vice Chair of the ABA TIPS Employee Benefit Committee, and the past Coordinator of the Gulf Coast TEGE Council TE Division.

The publisher and editor of Solutions Law Press, Inc. who serves on the Editorial Advisory Boards of Employee Benefit News, HR.com, InsuranceThoughtLeadership.com and many other publications, Ms. Stamer also is a prolific and highly respected author and speaker, National Public Radio, CBS, NBC, and other national and regional news organization, Atlantic Information Services, The Bureau of National Affairs, HealthLeaders, Telemundo, Modern Healthcare, Business Insurance, Employee Benefit News, the Employee Benefits News, World At Work, Benefits Magazine, InsuranceThoughtLeadership.com, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, CEO Magazine, CFO Magazine, CIO Magazine, the Houston Business Journal, and many other prominent news and publications. She also serves as a planning faculty member and regularly conducts training and speaks on these and other management, compliance and public policy concerns for these and a diverse range of other organizations. For additional information about Ms. Stamer, see www.cynthiastamer.com.

For Added Information and Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

For Help Or More Information

If you need assistance in auditing or assessing, updating or defending your organization’s compliance, risk manage or other internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping employers and other management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend union-management relations, wage and hour, discrimination and other labor and employment laws, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, reengineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters.Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see hereor contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.com.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.

Comments Off on Stamer Kicks Off Dallas HR 2015 Monthly Lunch Series With 2015 Federal Legislative, Regulatory & Enforcement Update | 105(h), ACA, ADA, Affirmative Action, Affordable Care Act, Bankruptcy, Cafeteria Plans, Child Labor, CHIP, Civil Rights, Claims Administration, COBRA, compensation transparency, Corporate Compliance, Defined Benefit Plans, Defined Contribution Plans, Disability, Disability, Disability Plans, Discrimination, Disease Management, Drug & Alcohol, E-Verify, EEOC, EEOC, Employee Benefits, Employers, Employment Agreement, Employment Tax, ERISA, ESOP, Excise Tax, Executive Compensation, family leave, Fiduciary Responsibility, FMLA, GINA, Government Contractors, Health Care Reform, Health Plans, HIPAA, Human Resources, I-9, Immigration, Income Tax, Insurance, Internal Controls, Internal Investigations, Labor Management Relations, Leave, medical leave, Mental Health, Mental Health Parity, MEWA, Military Leave, Non-Compete, Non-Competition Agreement, Nonresident aliens, OFCCP, OSHA, Patient Protection and Affordable Care Act, Payroll Tax, Preemption, Premium Subsidies, Prescription Drugs, Privacy, Professional Liability, Protected Health Information, Public Policy, Rehabilitation Act, Reporting & Disclosure, Restructuring, Retaliation, Retirement Plans, Risk Management, Safety, Sexual Harassment, Tax, Tax Credit, Telecommuting, Unemployment Benefits, Unemployment Insurance, Union, USERRA, VEVRRA, Wage & Hour, Wellness, Wellness Programs | Tagged: Administrative Simplification, CMS, Health Benefits, Health Insurance, Health insurers, Health Plans, HHS, HPID, HPOES, out-of-pocket maximum, TPAs | Permalink
Posted by Cynthia Marcotte Stamer

IRS Releases Updated Healthcare Law Online Resources Publication

August 1, 2013

The Internal Revenue Service’s updated IRS Healthcare Law Online Resources publication provides a helpful list of resources for employers and individuals to use to get access to laws, regulations and other information about the Patient Protection & Affordable Care Act (ACA) and its implementing rules and regulations. The resource publication issued as Department of Treasury Publication 5093 (6-2013), Catalog Number 63920H presents as follows:

For Help or More Information

ACA and other federal group health plan rules are complex and ever-evolving. If you need help reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices or with other employee benefits, human resources, health care or insurance matters, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Counsel, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on leading health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Update and other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at ww.solutionslawpress.com.

THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

Comments Off on IRS Releases Updated Healthcare Law Online Resources Publication | Bankruptcy, Corporate Compliance, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Mental Health, Mental Health Parity, Professional Liability, Retirement Plans, Risk Management, Tax | Tagged: Affordable Care Act, Employer, Health Care Reform, Health Insurance, Health Plan, internal revenue service, Patient Protection & Affordable Care Act | Permalink
Posted by Cynthia Marcotte Stamer

IRS Extends Remedial Amendment On Cycle Opinion Deadline For Some Defined Benefit Plans

August 1, 2013

The Internal Revenue Service (IRS) is extending the deadline for sponsors and practitioners of defined benefit mass submitter lead plans to submit on-cycle applications.

Announcement 2013-37 extends to January 31, 2014, the deadline to submit on-cycle applications for opinion and advisory letters for sponsors and practitioners maintaining defined benefit mass submitter lead plans for the plans’ second six-year remedial amendment cycle.

Announcement 2013-37 will be in IRB 2013-34, dated August 19, 2013.

For Help or More Information

If you need help reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices or with other employee benefits, human resources, health care or insurance matters, please contact the author of this update, Cynthia Marcotte Stamer.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at ww.solutionslawpress.com.

Comments Off on IRS Extends Remedial Amendment On Cycle Opinion Deadline For Some Defined Benefit Plans | Bankruptcy, Corporate Compliance, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Mental Health, Mental Health Parity, Professional Liability, Retirement Plans, Risk Management, Tax | Tagged: defined benefit plan, determination letter, prototype, remedial amendment, remedial amendment cycle, Retirement Plans | Permalink
Posted by Cynthia Marcotte Stamer

Self-Dealing Or Other Mishandling of Employee Benefit Plan Funds Risky For Fiduciaries & Those Appointing Them

July 31, 2013

New litigation against the former trustee and former investment service provider of four pension plans reminds employer or other employee benefit plan sponsors, business owners or management, investment advisors and others serving as fiduciaries or advisors of employee benefit plans of the need to ensure that employee benefit plans are only used for the benefit of participants and beneficiaries, and prudently and properly invested and administered. Businesses sponsoring plans and their leaders, as well as others serving as fiduciaries or investment advisors are cautioned that mishandling of plan assets or investments can create significant liability both for those who improperly handle plan responsibilities and the employer or other plan sponsor, business owner or management, and others who are involved in their selection, oversight and retention. Consequently, parties should ensure act prudently to ensure plan assets are only invested prudently and for the sole benefit of the plan and its members, as well as to appropriately monitor the actions of other plan fiduciaries or personnel, investment managers, advisors, and others handing investments or other plan transactions, and be prepared to prove it.

The U.S. District Court for the Eastern District of Kentucky on July 26 granted in part the U.S. Department of Labor’s motion for a preliminary injunction against George S. Hofmeister and Bernard Tew, former fiduciaries of four Lexington-based pension plans: the Hillsdale Salaried, Hillsdale Hourly, Revstone Casting Fairfield GMP Local 359, and Fourslides Inc. The injunctions stem from ongoing litigation against the defendants filed by the Labor Department under the Employee Retirement Income Security Act of 1974 (ERISA). See Perez v. George Hofmeister, et al. Civil Action File Number 5:12-cv-00250-KKC, Perez v. George Hofmeister, et al. Civil Action File Number 5:13-cv-00156-KKC and Perez v. Robert La Courciere, et al. Civil Action File Number 5:13-cv-00158-KKC.

The Labor Department previously filed lawsuits in the same court that named Hofmeister and Tew, among others. Hofmeister was the trustee of the four pension plans, and Tew was managing director of their investment service provider, Bluegrass Investment Management LLC. The court’s order removes Hofmeister as a fiduciary of the plans and prohibits him from taking any actions with respect to the pensions plans or their assets. Tew resigned as fiduciary of the plans a few days before a hearing regarding the Labor Department’s motion. The lawsuits alleged that the defendants engaged in a series of prohibited transactions resulting in the misuse of approximately $12.1 million from the Hillsdale Salaried pension plan, approximately $22.5 million from the Hillsdale Hourly pension plan, approximately $4.4 million from the Revstone Casting Fairfield GMP Local 359 pension plan, and approximately $500,000 from the Fourslides Inc. pension plan. The four plan sponsors are closely affiliated with Lexington-based Revstone Industries LLC and Spara LLC.

The suits follow an EBSA investigation that found violations of the Employee Retirement Income Security Act, including prohibited loans to related companies, prohibited use of plan assets for the purchase and lease of employer property, prohibited purchase of customer notes from affiliated companies, prohibited transfer of assets in favor of parties-in-interest, payment of excessive fees to services providers, and payment of fees on behalf of the companies.

ERISA’s fiduciary responsibility rules compel individuals named as employee benefit plan fiduciaries, or who functionally exercise or have discretion or control over plan assets or their investments, or certain other plan actions to act prudently and for the exclusive benefit of participants and beneficiaries. Plan fiduciaries must act “solely in the interest” of the plan and its members. ERISA also expressly prohibits fiduciaries from dealing with the plan or its assets for the benefit of themselves or any third party. Meanwhile, ERISA’s prohibited transaction rules identify a list of parties and transactions that are per se prohibited and violate ERISA’s fiduciary responsibility rules unless the fiduciary demonstrates that an applicable exception applies. These transactions commonly are referred to as “prohibited transactions.”

According to the Labor Department brief Hofmeister, Tew and Bluegrass have repeatedly violated ERISA, using nearly $40 million in pension plan assets to benefit themselves or related parties. The department’s investigation of these pension plans revealed a pattern of prohibited transactions involving the use of these plans’ assets by Hofmeister, Tew and investment adviser firms. Alleged improper use of the plans’ assets began within days or months of Hofmeister assuming control of the pension plans. The department contends that Hofmeister has placed millions of dollars in pension plan assets at risk and has consistently failed to act to protect these assets when required.

Under ERISA, fiduciaries that commit prohibited transactions or breach other fiduciary duties rules of ERISA generally are liable personally to the employee benefit plan for the greater of damages resulting from the breach or profits realized, plus attorneys’ fees and other costs of recovery. In addition, the Labor Department also can impose penalties of up to 20 percent of the amount of the fiduciary breach, seek to enjoin the breaching fiduciaries from serving in a fiduciary capacity, and refer them to the Department of Justice for criminal prosecution. Bankruptcy often does not provide any protection against the obligation to repay.

Employers, members of management, and others with discretion or control over plan assets or the selection, appointment, oversight or retention for those providing fiduciary or other plan services should be careful to act prudently when performing these duties to avoid becoming exposed to liability for bad actors. Beyond avoiding committing its own breach of fiduciary duties, a plan sponsor, member of management or other party who is a named fiduciary or possesses fiduciary power or authority over the plan also sometimes can be liable for the prohibited transactions or other fiduciary breaches of another fiduciary under ERISA’s co-fiduciary responsibility rules. These rules generally allow co-fiduciary liability to attach when an otherwise innocent fiduciary either enabled the breach by failing to appropriately fulfill its own fiduciary responsibilities, knew or should have have known of the breach but failed to properly act to prudently intervene to protect the plan and its assets, or later discovers the breach and fails to prudently act to intervene to protect the plan and its assets.

In addition to prudently overseeing those handling investments or other plan assets or performing other fiduciary functions, parties engaging these individuals should ensure that all fiduciaries, investment advisors and service providers of the plan handing plan matters are carefully credentialed. A documented background check should be conducted to confirm that the individuals or their organizations are not disqualified from serving as fiduciaries and have appropriate credentials and reputations to perform those duties. This analysis should be periodically rechecked and that documentation and its review also carefully preserved.

Furthermore, employers and plan fiduciaries also should confirm and retain documentation that the parties serving as fiduciaries, involved in the handling of plan assets or funds, or acting in certain other capacities are bonded as required by ERISA. ERISA’s fiduciary responsibility rules require appropriate bonding. In addition to overlooking the necessity of bonding, many plan sponsors and vendors underestimate the amount and required terms of the bonding and the scope of individuals required to be bonded.

Failing to meet this requirement can broaden the scope of fiduciary liability to a plan sponsor or member of management who selected or appointed the fiduciary or service provider that engages in the prohibited transaction or other inappropriate conduct. Consequently, in the event of a plan loss, Labor Department investigators typically request documentation of this credentialing and bonding early in the investigation.

Employee benefit plan vendor selection and compensation arrangements made by association and other employee benefit plan sponsors, fiduciaries and service providers are coming under increasing scrutiny by the EBSA. While ERISA technically grants plan sponsors and fiduciaries wide latitude to make these choices, the exercise of these powers comes with great responsibility. See e.g., Plan Sponsors. Their Owners & Management & Others Risk Personal Liability If Others Defraud Plans or Mismanage Employee Benefit Plan Responsibilities; New Rules Give Employee Benefit Plan Fiduciaries & Investment Advisors New Investment Advice Options; DOL Proposes To Expand Investment Related Services Giving Rise to ERISA Fiduciary Status As Investment Fiduciary.

Associations, employer and other plan sponsors, and other entities and individuals who in name or in function have or exercise discretionary responsibility or authority over the selection of plan fiduciaries, administrative or investment service providers or other services to the plan or the establishment of their compensation generally must make those decisions in accordance with the fiduciary responsibility and prohibited transaction rules of ERISA.

Since the earliest days of ERISA, the EBSA as well as private plaintiffs have aggressively enforced these and other fiduciary responsibility rules. In recent years, EBSA has taken further steps to tighten and enforce these protections such as the new fee disclosure rules recently implemented by the EBSA and other fiduciary guidance. See, e.g., Western Mixers & Officers Ordered To Pay $1.2M+ For Improperly Using Benefit Plan Funds For Company Operations, Other ERISA Violations; Plan Administrator Faces Civil & Criminal Prosecution For Allegedly Making Prohibited $3.2 Million Real Estate Investment; Tough times are no excuse for ERISA shortcuts.

Despite these well-document fiduciary exposures and a well-established pattern of enforcement by the Labor Department and private plaintiffs, many companies and their business leaders fail to appreciate the responsibilities and liabilities associated with the establishment and administration of employee benefit plans. Frequently, employer and other employee benefit plan sponsors fail adequately to follow or document their administration of appropriate procedures to be in a position to prove their fulfillment of these requirements when selecting plan fiduciaries and service providers, determining the compensation paid for their services, overseeing the performance of these parties, or engaging in other dealings with respect to plan design or administration. In other instances, businesses and their leaders do not realize that the functional definition that ERISA uses to determine fiduciary status means that individuals participating in discretionary decisions about the employee benefit plan, as well as the plan sponsor, may bear liability under many commonly occurring situations if appropriate care is not exercised to protect participants or beneficiaries in these plans. For this reason, businesses and associations providing employee benefits to employees or dependents, as well as members of management participating in, or having responsibility to oversee or influence decisions about the establishment, maintenance, funding, and administration of their organization’s employee benefit programs need a clear understanding of their responsibilities with respect to such programs, the steps that they should take to prove their fulfillment of these responsibilities, and their other options for preventing or mitigating their otherwise applicable fiduciary risks.

In light of the significant liability risks, employer, association and other employee benefit plan sponsors and their management, plan fiduciaries, service providers and consultants should exercise care when selecting plan fiduciaries and service providers, establishing their compensation and making other related arrangements. To minimize fiduciary exposures, parties participating in these activities should seek the advice of competent legal counsel on their potential fiduciary status and responsibilities on these activities and take appropriate steps to minimize potential exposures.

For Help or More Information

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on leading health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at ww.solutionslawpress.com.

1 Comment | Bankruptcy, Corporate Compliance, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Mental Health, Mental Health Parity, Professional Liability, Retirement Plans, Risk Management, Tax | Tagged: ERISA, fee disclosure, Fiduciary, participant fee disclosuyrenvestment-advisor, plan investiments, prohibited traansaction, Prudence | Permalink
Posted by Cynthia Marcotte Stamer

Id & Manage Hidden Employee Benefit Exposures In Business Insolvency Or Other Transactions

June 5, 2013

The June 4, 2013 announcement of the Employee Benefit Security Administration (EBSA) provides a timely reminder to businesses sponsoring employee benefit plans, their owners and management, plan fiduciaries, banks, administrative service providers and other plan vendors, employee benefit plan and bankruptcy trustees, corporate receivers, creditors, and others looking to expedite the windup of abandoned 401(k), profit-sharing and other individual account pension plans of the challenges that can result when employee benefit plan responsibilities are mishandled when companies fail or experience other significant events, as well as the availability of tools to help mitigate or prevent these challenges through responsible proactive action.

Hidden Employee Benefit Exposures For Unwary Abound For Parties In Business Insolvency Or Other Transactions

A complex maze of ERISA, tax and other rules make, administration and termination of employee benefit plans a complicated matter. When the company sponsoring a plan experiences a significant workforce or other restructuring, becomes distressed, goes bankrupt or liquidates, merges, sells assets or engages in other significant business transaction impacting the plans or its workforce, the rules, as well as the circumstances, can create a liability and operational quagmire for everyone from the sponsoring business, its management, buyers, vendors, plan fiduciaries, plan participants and beneficiaries, related entities, asset purchasers and others. While tough economic times may tempt business leaders to cut corners, more than 3o years of litigation and enforcement precedent make clear that cutting corners on the assessment and handling of employee benefit and other workforce responsibilities amid business distress or in other business transactions or events presents risks for all parties involved. See e.g., Tough Times Are No Excuse For ERISA Shortcuts; Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders. While many business leaders and plan fiduciaries lack a strong understanding of these rules and their implications in times of business or benefit plan distress or other significant business transactions, even those experienced with these concerns need to use caution to understand and respond to the series of ongoing changes in these rules, regulations and precedent that impact on the handling of plan related responsibilities in these and other special situations.

The Internal Revenue Code (Code) requires contains a maze of requirements that companies sponsoring pension, profit-sharing, health and other employee benefit plans, their plans, and plan administrators must follow when maintaining, administering, or terminating these plans including in many instances, special rules on the termination of the plans, distribution of assets, and the liabilities that attach to affiliated companies, successors, and assets resulting from transactions involving employee benefit plans or their sponsors.

In addition to the Code’s rules, companies and other individuals that in name or in function have or exercise discretionary responsibility or authority over the maintenance, administration or funding of employee benefit plans regulated by ERISA also generally must meet ERISA’s high standards for carrying out these duties based on their functional ability to exercise discretion over these matters, whether or not they have been named as fiduciaries formally. Under many circumstances these rules, or the handling of transactions can broaden the scope of responsibility or create exposures for a surprising range of parties dealing with the plan sponsor, related corporations or their stock, assets, benefit plans or workforce in corporate bankruptcies, mergers, asset or stock acquisitions, liquidations or other transactions.

Beyond these basic tax and fiduciary obligations, ERISA and the Internal Revenue Code (Code) create additional responsibilities and liabilities for when dealing with defined benefit or other pension plans subject to ERISA’s minimum funding and plan termination rules that when violated trigger a plethora of funding and notification obligations, penalties, liens on assets, and other obligations that can create significant traps for unwary plan fiduciaries and administrators, the sponsoring corporation, its management, affiliates and successors, as well as creditors or purchasers of stock or assets and others dealing with them.

Despite these well-documented responsibilities and a well-established pattern of enforcement by the Department of Labor, Pension Benefit Guarantee Corporation, Internal Revenue Service and private plaintiffs, many businesses and business leaders fail to appropriately understand these and other basic responsibilities and liabilities associated with the establishment, administration, termination and windup of employee benefit plans and other details about how their or others mishandling of employee benefit plan related responsibilities can undermine business goals and create unanticipated liability exposures.

Frequently, companies sponsoring their employee benefit plans and their executives mistakenly assume that they can rely upon vendors and advisors to ensure that their programs are appropriately established. The establishment and maintenance of these arrangements with limited review or oversight by the sponsoring company or its management team can be risky.

In other instances, businesses and their leaders do not realize that ERISA’s functional definition to determine fiduciary status means that individuals participating in discretionary decisions about the employee benefit plan, as well as the plan sponsor, may bear liability under many commonly occurring situations if appropriate care is not exercised to protect participants or beneficiaries in these plans.

In yet other instances, purchasers, related entities, bankruptcy trustees and creditors or others don’t appreciate the way their own or others mishandling of employee benefit plan obligations or exposures can impact their transactions and associated risks.

Proactive Action Can Mitigate Exposures & Costs

For this reason, companies providing employee benefits and their management, service providers, and related entities and the businesses dealing with them need a clear understanding of the rules and responsibilities Federal law imposes on the funding, administration and termination of these programs, how these rules can impact their responsibilities and goals, and the steps necessary to avoid or mitigate exposures likely to result if they or others mishandle employee benefit plan related responsibilities or assets and how to avoid or mitigate these concerns.

The challenges of winding up an abandoned plan discussed in the EBSA news release yesterday highlights just one of these complications, the problem of dealing with abandoned plans.

When companies and their management abandon plans, they leave their plans, participants and beneficiaries, service providers and others in limbo, without the authority or funds to wind up the plans. When employers abandon their individual account pension plans, custodians such as banks, insurers and mutual fund companies are left holding the assets of these abandoned plans but without the authority to terminate such plans and make benefit distributions even in response to participant demands. Service providers often find themselves in the legally awkward situation of having continuing plan responsibilities without necessary direction or compensation for performance. Meanwhile, participants and beneficiaries can’t manage, access or often even get information about their funds until the situation resolves. Dealing with these issues usually requires cumbersome, time-consuming and costly processes often requiring complex, lengthy, highly formalistic and expensive judicial and administrative procedures to resolve while fiduciary, tax and other liabilities mount. Meanwhile, participants and beneficiaries often lose access to their accounts or benefits or even see plan value decline as plan assets that could go to benefits are diverted to cover administrative costs of winding up the plan.

The EBSAs abandoned plan program is just one of many examples of tools that parties struggling with these issues can use to mitigate these challenges and exposures. EBSA uses its abandoned plan program to facilitate a voluntary efficient process for winding up the affairs of abandoned individual account plans so that benefit distributions are made to participants and beneficiaries when this occurs.

The EBSA Abandoned Plan News Release and the EBSA’s related response Response to ADP/JP Morgan published June 4, 2013 show an example of how EBSA used its abandoned plan program to give critical relief to JP Morgan Chase Bank NA and ADP Inc. to use to wind up certain abandoned plans without exhausting the 90-day waiting period that ordinarily applies before the termination of a retirement plan based on the best interest of participants pursuant to 29 CFR §2578.1. By exercising its discretion to waive the 90-day notice period, the EBSA allowed JP Morgan Chase Bank NA and ADP Inc. to terminate immediately and wind up approximately 180 defined contribution pension plans abandoned due to corporate crises or neglect.

Requesting relief from the EBSA like that granted to JP Morgan Chase Bank NA and ADP Inc. in the announcement made yesterday is just one of various types of relief that legal counsel experienced with dealing with workforce and employee benefit plan challenges that can arise when companies or their plans become inadequately funded, bankrupt, or experience other significant transactions or events, can use to help debtors, and other plan sponsors, their management, affiliates, successors, buyers, plan fiduciaries, vendors, bankruptcy creditors and trustees.

Experienced counsel can help companies understand and negotiate the complex rules of the EBSA, the Pension Benefit Guarantee Corporation and the Internal Revenue Service governing dealings with these plans and where appropriate and available by taking advantage of relief or other options to mitigate these challenges. Involving experienced counsel to explore and use these options early can help all parties get participants and beneficiaries their benefits while minimizing legal risks, time and expenses associated with the wind up of these troubled or abandoned plans. Even where special dispensation is not available, the early involvement of experienced legal counsel as early as possible after the possibility that a business or its plans or assets will be impacted by underfunding, insolvency, a bankruptcy or liquidation, workforce reduction, sale, merger or other significant event can help plan and administer the steps necessary to handle cost effectively employee benefit related responsibilities and impacts.

For Help or More Information

If you need help with assessing or handing employee benefit or workforce challenges arising from business or employee benefit plan insolvency, stock or asset sales, mergers, bankruptcy or liquidation, reductions or other workforce changes or other significant business transactions or events, or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters including extensive experience handling workforce and employee benefit challenges arising from plan underfunding, company restructurings, workforce change, insolvencies, bankruptcies, mergers, stock or asset acquisitions, or other significant business or plan transactions.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, and insurers, bankruptcy trustees and receivers, asset purchasers, creditors and others dealing with plans and their sponsors, and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns. Her experience includes involvement in the planning, execution and resolution of workforce and employee benefit related details of a multitude of high and low profile restructurings, bankruptcies and other significant transactions throughout her more than 25 year career.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

For important information about this communication click here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.

1 Comment | Affordable Care Act, Bankruptcy, Claims Administration, Corporate Compliance, Defined Benefit Plans, Defined Contribution Plans, Employee Benefits, Employers, Employment Agreement, ERISA, Excise Tax, Executive Compensation, Fiduciary Responsibility, Health Care Reform, Health Plans, HIPAA, Human Resources, Income Tax, Insurance, MEWA, Patient Protection and Affordable Care Act, Professional Liability, Reporting & Disclosure, Restructuring, Retirement Plans, Risk Management, Tax | Tagged: abandoned plans, bankkruptcy, employee benefit plans, ERISA, fiduciary responsibiltiies, illiquid, insolvancy, reductions in force, Reengineering | Permalink
Posted by Cynthia Marcotte Stamer

Borzi Tells House Committee Current Fiduciary Regs Flawed; Must Fix Loopholes In Investment Advisor Definition To Protect Plans

July 28, 2011

Assistant Secretary of Labor, Employee Benefits Security Administration (EBSA) Phyllis C. Borzi testified Tuesday, July 26, 2011 to the House Committee on Education and the Workforce Subcommitte on Health, Employment, Labor, and Pensions that EBSA a proposed fiduciary regulation that would update EBSA regulations defining when a person is considered a “fiduciary” by reason of giving investment advice for a fee with respect to assets of an employee benefit plan or IRA will help protect employee benefit plan participants by correcting “loopholes” in a “flawed 35-year-old rule” that allow many parties providing advice about the investment of retirement plan assets to escape coverage by ERISA’s fiduciary responsibility rules. The proposed regulations and other stepped up regulations and enforcement of ERISA’s fiduciary protections by the EBSA means that plan sponsors, fiduciaries, investment advisors and other plan service providers and others involved in the sponsorship, design, and administration of an employee benefit plan need to act to manage expanding fiduciary responsibilities and exposures.

Borzi Says Loopholes & Other Flaws In Existing Regulations Hurt Plans & Their Participants

Borzi told the Committee that EBSA believes its rules about the types of advisory relationships that give rise to fiduciary status under the ERISA on the part of those providing investment advice services need to change because “technicalities” and “loopholes” in the current EBSA fiduciary regulations definition of “investment advisor” in effect since 1975 harms participants and beneficiaries by allowing many advisers to easily dodge fiduciary status.

Borzi testified that the five-part regulatory test used under the current regulations to determine when ERISA’s fiduciary requirements apply to “investment advice” and when the advisor is a “fiduciary” significantly narrowed the plain language of the ERISA statute so that much of what plainly is advice about plan investments is not treated as investment advice as fiduciary conduct under ERISA and the person paid to render that advice is not treated as an ERISA fiduciary.

Under current fiduciary regulation, an investment adviser is not treated as a fiduciary accountable for complying with ERISA’s prudence, exclusive benefit, prohibited transaction and other fiduciary responsibility safeguards if and when providing advice that meets each element of a five part test.

Under the current regulation, a person is a fiduciary under ERISA and/or the tax code with respect to their advice only if and when he or she:

Make recommendations on investing in, purchasing or selling securities or other property, or give advice as to their value;
On a regular basis;
Pursuant to a mutual understanding that the advice;
Will serve as a primary basis for investment decisions; and
Will be individualized to the particular needs of the plan.

Borzi told members of Congress this narrow definition of investment advisor exempts a wide range of parties receiving compensation for providing advice about the investment of employee benefit funds from coverage by ERISA’s fiduciary responsibility requirements. Borzi testified that the narrowness of the existing regulation opened the door to serious problems, and changes in the market since the regulation was issued in 1975 have allowed these problems to proliferate and intensify. Borzi says the narrowness of the regulation has harmed some plans, participants, and IRA holders. Research has linked adviser conflicts with underperformance. SEC reviews of certain financial sales practices may also reflect these influences. Finally, EBSA’s own enforcement experience has demonstrated specific negative effects of conflicted investment advice.

Borzi Says Proposed Regulation Would Strengthen Protections For Plans & Their Participants

Borzi said the proposed regulation published in the Federal Register on October 22, 2010 would change the rules defining a person is considered to be a “fiduciary” by reason of giving investment advice for a fee with respect to assets of an employee benefit plan or IRA by modifying the current regulation in effect since 1975 would replace the five-part test of “investment advisor” with a broader definition more in keeping with the statutory language while providing clear exceptions for conduct that should not result in fiduciary status.

According to Borzi, types of advice and recommendations that generally would trigger fiduciary status under the proposed regulations include: (1) appraisals or fairness opinions concerning the value of securities or other property; (2) recommendations as to the advisability of investing in, purchasing, holding or selling securities or other property; or (3) recommendations as to the management of securities or other property.

To be a fiduciary for performing these or other activities treated as fiduciary investment advice, Borzi explained that a person engaging in one of these activities must receive a fee and also meet at least one of the following four conditions:

Represent to a plan, participant or beneficiary that the individual is acting as an ERISA fiduciary;
Already be an ERISA fiduciary to the plan by virtue of having any control over the management or disposition of plan assets, or by having discretionary authority over the administration of the plan;
Be an investment adviser under the Investment Advisers Act of 1940; or
Provide the advice pursuant to an agreement or understanding that the advice may be considered in connection with investment or management decisions with respect to plan assets and will be individualized to the needs of the plan.

At the same time, Borzi testified that the proposed regulation recognizes that activities by certain persons should not result in fiduciary status. Specifically, these are:

Persons who do not represent themselves to be ERISA fiduciaries, and who make it clear to the plan that they are acting for a purchaser/seller on the opposite side of the transaction from the plan rather than providing impartial advice;
Persons who provide general financial/investment information, such as recommendations on asset allocation to 401(k) participants under existing Departmental guidance on investment education;
Persons who market investment option platforms to 401(k) plan fiduciaries on a non-individualized basis and disclose in writing that they are not providing impartial advice; and
Appraisers who provide investment values to plans to use only for reporting their assets to the DOL and IRS.
EBSA Still Working To Address Expressed Concerns

The proposed regulation has prompted a large volume of comments and a vigorous debate. Borzi testified that the EBSA is working hard to hear and consider every stakeholder concern and shared some examples of how EBSA is considering addressing certain of these concerns. Borzi said EBSA is taking multiple steps in its effort to respond to these and other concerns in its efforts to finalize the regulation including:

Borzi told the Committee EBSA is working to better understand how specific compensation arrangements would be affected by the proposed rule and whether clarifications of existing prohibited transactions exemptions would be appropriate. Borzi said EBSA has already begun to issue subregulatory guidance describing some of these clarifications and will continue to do so as necessary as it completes its analysis.

Borzi also said that as EBSA further develops its thinking in this rulemaking, EBSA is paying special attention to the two primary exceptions to fiduciary status under the proposed rule: (1) clarifying the difference between investment education that does not give rise to fiduciary status and fiduciary investment advice; and (2) clarifying the scope of the so-called “sellers’ exception” under which sales activity is not fiduciary advice. In both cases, Borzi said EBSA intends to analyze and address the comments and concerns that were raised during our extensive public comment period.

Finally, Borzi said EBSA is exploring a range of appropriate regulatory options for moving forward, taking into consideration public comments submitted for the record, EBSA’s economic analysis, and relevant academic research. In so doing, Borzi told the Committee EBSA is aiming to address conflicted investment advice while not unnecessarily disrupting existing compensation practices or business models.

Plan Sponsors, Fiduciaries, Service Providers Should Prepare For Tighter Rules While Continuing To Provide Input To EBSA

The proposed changes to the definition of investment advisor is one of many steps that EBSA is taking to tighten the regulations implementing ERISA’s fiduciary requirements and to enforce the protections of ERISA. The proposal to expand the conditions that providing investment advice regarding retirement plan assets will trigger the fiduciary protections of ERISA is designed to expand the reach of those regulations. Service providers involved in providing these or other related services generally will want to review and update their processes, documentation and training to manage new exposures likely to arise from these proposed regulations, while continuing to share feedback to EBSA and other rulemakers.

Service providers are not the only parties that need to update practices and provide input about these rules. Plan sponsors, fiduciaries, service providers, participants and beneficiaries also are impacted. Employers and other plan sponsors, fiduciaries and others need to anticipate and respond effectively to the inevitable efforts by providers of investment advice and other services to avoid or shift liability. Parties securing or relying on advice or services about investments or other responsibilities should:

Carefully, prudently conduct a documented investigation and critical analysis of existing and proposed advisors and other service providers credentials, analysis, performance, contract, recommendations and other conduct;
Carefully review contracts and other materials and secure appropriate constractual and other safeguards;
Require indemnification, insurance and other protections;
Ensure that appropriate action is taken to appoint parties intended to perform fiduciary advisory or other services to manage risks
Secure and maintain appropriate fiduciary and other liability insurance coverage;
Carefully conduct an appropriate, well-documented prudent review of performance, credentials and other relevant factors on a regular basis to preserve ongoing evidence of prudence; and
Other appropriate safeguards to manage risks and liabilities.

To help guard and position themselves to defend against fiduciary exposures plan sponsors, fiduciaries, service providers and others involved in the administration of health or other employee benefit plans should seek the advice of legal counsel with appropriate experience with employee benefit and other related matters to develop an understanding of ERISA and other laws and the duties and liabilities that these rules may create for their organizations and themselves personally. For additional tips and information about managing these risks, see here.

For Help With These Or Other Risk Management Matters

If you need assistance in auditing or assessing, updating or defending your wage and hour or with other labor and employment, employee benefit, compensation or internal controls practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend wage and hour and other workforce and internal controls policies, procedures and actions. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on wage and hour, worker classification and other human resources and workforce, employee benefits, compensation, internal controls and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press

Comments Off on Borzi Tells House Committee Current Fiduciary Regs Flawed; Must Fix Loopholes In Investment Advisor Definition To Protect Plans | Bankruptcy, Corporate Compliance, Defined Benefit Plans, Defined Contribution Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Human Resources, Insurance, Internal Controls, Internal Investigations, Professional Liability, Reporting & Disclosure, Restructuring, Retirement Plans, Risk Management, Union | Tagged: 404, Director Liability, embezzlement, ERISA, Fiduciary, Fiduciary Responsibility, Officer Liability, Officers & Directors Liability, Owner Liability, Plan Sponsor Liability, Service Provider Liability, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Spectrum Healthcare NLRB Charge Settlement Highlights Need To Defend Against Possible Unfair Labor Practices & Other Union Exposures

May 20, 2011

The National Labor Regulations Board (NLRB)’s announcement of a settlement against a Connecticut nursing home operator this week in conjunction with a series of other enforcement actions highlight the need for businesses to tighten defenses and exercise other caution to minimize their organization’s exposure to potential NLRB charges or investigation. As reflected by many of these enforcement acts, the exposures arise both from active efforts by businesses to suppress union organizing or contracting activities, as well as the failure to identify and manage hidden labor law exposures in the design and administration of more ordinary human resources, compliance, business operations and other policies and practices.

On May 17, 2011, the NLRB announced here that Connecticut nursing home operator Spectrum Healthcare has agreed to settle a NLRB case involving multiple allegations of unlawful suspensions, discharges and unilateral changes in violation of the National Labor Relations Act and other federal labor laws by offering reinstatement and back pay to all discharged and striking workers and signing a new three-year collective bargaining agreement with its employees’ union, New England Health Care Employees Union District 1199, SEIU.

Along with the contract and reinstatement of all employees, the company agreed to pay $545,000 in back pay and pension benefits to employees who were harmed by the unfair labor practices, and to expunge any disciplinary records related to the case. As a result, all NLRB charges against the company have been withdrawn. Spectrum admits to no wrongdoing in the settlement.

The settlement, reached midway through a hearing before an NLRB administrative law judge in Connecticut and approved by the judge yesterday, ends a long-running dispute which grew into a strike by almost 400 employees at four nursing homes in Connecticut operated by Spectrum Healthcare, LLC. Complaints issued by the NLRB Regional Office in Hartford alleged that, beginning in the fall of 2009, several months after the prior collective bargaining agreement expired, Spectrum discharged seven employees and suspended three others to retaliate against their union activities and to discourage other employees from supporting the union. In addition, one employee was discharged and seven others were suspended after the employer unilaterally changed its tardiness discipline policy without first bargaining with the union.

The complaints further alleged that in April 2010, employees at the four nursing homes — in Derby, Ansonia, Winsted, and Hartford — went on strike to protest the unfair labor practices. When the strikers offered unconditionally to return to work in late August, the employer refused to take them back. Under federal labor law, if a strike is called because of an unfair labor practice, employees are entitled to reinstatement after an unconditional offer to return to work.

The reinstated employees are due to return to the facilities this week.

The Spectrum Healthcare settlement is reflective of the growing number of NLRB enforcement orders against employers generally and health care providers specifically under the Obama Administration. The Obama Administration has close ties and has expressed its strong and open support for union and union organizing activities. The adoption of a series of union friendly labor law reforms was one of the key campaign promises of President Obama during his election campaign. While other legislative priorities and the change in the leadership of the House of Representatives appears to have slowed efforts to push through this agenda, it has not slowed the Administration’s efforts to support unions with strong enforcement activities. Empowered by a difficult economic and job situation and an awareness of the Obama Administration’s strong support for union organizing and other activities, unions are stepping up organizing efforts and more aggressively challenging employers actions.

Over the past few months, public awareness of the Obama Administration’s aggressive enforcement agenda on behalf of unions has drawn new attention as a result of the widespread media coverage of NLRB actions challenging Boeings planned relocation of certain manufacturing jobs intervention in a planned relocation of certain manufacturing operations. See, e.g., Acting General Counsel Lafe Solomon releases statement on Boeing complaint; National Labor Relations Board issues complaint against Boeing Company for unlawfully transferring work to a non-union facility. However, the Boeing and Spectrum Healthcare actions represent only the tip of the iceberg of the rising number of NLRB enforcement activities, most of which take place with little media or public attention.

Along side the Spectrum Healthcare and Boeing actions, in recent weeks, the NLRB also has been busy with several other enforcement activities. For instance:

On May 9 2011, the NLRB issued a complaint against Hispanics United of Buffalo (HUB), a nonprofit that provides social services to low-income clients, that alleges that HUB unlawfully discharged five employees after they took to Facebook to criticize working conditions, including work load and staffing issues. The case involves an employee who, in advance of a meeting with management about working conditions, posted to her Facebook ; and
On May 17, the NLRB secured a temporary injunction from a U.S. District Court in San Jose California against San Jose area waste hauling company OS Transport LLC, charged with engaging in unfair labor practices including the termination of a lead organizer and another Union supporter, retaliation against Union efforts in the form of unfavorable assignments, threats to Union supporters, and promises of improved treatment of employees who disavow the Union for the alleged purpose of defeating a union. o offer reinstatement to two drivers and restore full assignments to other drivers who had expressed support for a union during an organizing campaign. More Details here.,

In addition, in recent weeks, the NLRB also has:

Sued the state of Arizona on amendment limiting method for choosing union representation on May 5, 2011;
Secured an order requiring a Milwaukee job training center to pay back pay and reinstate workers fired for complaining about bounced paychecks on May 3, 2011;
Ordered a concrete supplier to rehire employees in Indianapolis on May 2, 2011;
Found a New York egg processing plant of unlawful interference and ordered a third election ohm April 27, 2011; and
Secured a settlement from Build.com of unlawful dischrage charges for firing employee based on Facebook comments on April 20

Amid this difficult enforcement environment, business leaders should exercise special care to prepare to defend their actions against both potential organizing efforts, to understand the types of actions and activities that may help fuel charges, and take steps to manage these and other union organization and other labor risks.

For Help With Labor & Employment, Employee Benefits Or Other Risk Management and Defense

If you need assistance in auditing or assessing, updating or defending your labor and employment, employee benefits, compliance, risk manage or other internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend wage and hour and other workforce and internal controls policies, procedures and actions. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on wage and hour, worker classification and other human resources and workforce, employee benefits, compensation, internal controls and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press

Comments Off on Spectrum Healthcare NLRB Charge Settlement Highlights Need To Defend Against Possible Unfair Labor Practices & Other Union Exposures | 105(h), Absenteeism, ADA, Affirmative Action, Affordable Care Act, ARRA, Bankruptcy, Cafeteria Plans, Child Labor, CHIP, Claims Administration, COBRA, COBRA Subsidy, Corporate Compliance, Data Security, Defined Benefit Plans, Defined Contribution Plans, Disability, Disability, Disability Plans, Discrimination, Disease Management, Drug & Alcohol, E-Verify, EEOC, Employee Benefits, Employers, Employment Agreement, Employment Tax, ERISA, Excise Tax, Fair Labor Standards Act, family leave, Fiduciary Responsibility, FMLA, GINA, Government Contractors, H.R. 4872, Health Care Reform, Health Plans, HIPAA, Human Resources, I-9, Immigration, Income Tax, Insurance, Internal Controls, Internal Investigations, Labor Management Relations, Leave, Malpractice, medical leave, Medicare Part D, Mental Health, Mental Health Parity, Military Leave, Non-Compete, Non-Competition Agreement, Nonresident aliens, OFCCP, OSHA, Pandemic, Patient Empowerment, Patient Protection and Affordable Care Act, Payroll Tax, Preemption, Prescription Drugs, Privacy, Professional Liability, Protected Health Information, Public Policy, Refunds, Rehabilitation Act, Reporting & Disclosure, Restructuring, Retaliation, Retirement Plans, Risk Management, Safety, Sexual Harassment, Stimulus Bill, Swine Flu, Tax, Tax Credit, Tax Qualification, Telecommuting, Uncategorized, Unemployment Benefits, Unemployment Insurance, Union, USERRA, VEVRRA, Wage & Hour, Wellness, Wellness Programs, Whistleblower | Tagged: ADAAA, Americans With Disabiltiies Act, Employer, employment discrimination, facebook, HR, Human Resources, NLRA, social medial, unfair labor practices, Union | Permalink
Posted by Cynthia Marcotte Stamer

Plan Sponsors. Their Owners & Management & Others Risk Personal Liability If Others Defraud Plans or Mismanage Employee Benefit Plan Responsibilities

April 4, 2011

Mitigate Risk With Appropriate Prevention, Monitoring & Response

Executives, board members, and other business leaders of companies providing health, 401(k) or other employee benefits under plans regulated by the Employee Retirement Income Security Act of 1974, as amended (ERISA) should heed a series of recent fiduciary liability settlement orders and lawsuits of the U.S. Department of Labor (Labor Department) as important reminders of the potential personal liability exposures executives can may face if their company’s benefit programs are not appropriately maintained and administered.

Recent Enforcement Actions, Changing Regulations Highlight Fiduciary Risks

On March 29, 2011, the Labor Department sued the owner of Eyeglass Factory, Inc. (EGF), Stephen Schaffer, for breach of fiduciary duties under ERISA by failing to ensure that EGF timely forwarded health plan contributions collected from employees to pay health plan contributions to the plan and failing to ensure that he and other plan fiduciaries and service providers were bonded in accordance with ERISA’s fidelity bond requirements.[i] The Labor Department suit charges that from July 1, 2000 to October 1, 2000, Schaffer and EGF withheld and failed to forward to the health plan contributions deducted from employee pay for health insurance coverage and contributions made to the flexible benefit plan sponsored by EGF from January 1, 2000 to December 4, 2000. The employees’ paycheck withholdings were commingled with the company’s general assets and used for its general operating expenses. The Labor Department is asking the court to order that Schaffer and other defendants make restitution to the plan for the misapplied contributions, including lost opportunity costs, to correct prohibited transactions and to appoint an independent fiduciary to oversee the plans once Schaffer is removed as the plan fiduciary.

The Schaffer suit follows the Labor Department’s successful prosecution of a breach of fiduciary duty action against Larry Lauterback, the president and former owner of a Minnesota Cement Company, for his role in allowing his construction company to commingle with company assets and divert to company use employee health and 401(k) contributions withheld from employee’s pay. In Solis v. Larry Lauterback, [ii] the District Court ordered Lauterback to restore $17,273.18 in unremitted employee contributions and lost opportunity costs to the company’s health and dental plan, and $747.20 in unremitted employee contributions to the company’s 401(k) plan and enjoins Lauterback from serving or acting as a fiduciary or service provider to any employee benefit plan for three years.. The order followed the entry of a consent judgment against Lauterback and the plan sponsor, Slate Cement, Inc., for failure to remit employee contributions, failure to forward employee contributions to medical and dental providers, co-mingling employee contributions of the general assets and using those assets for company operations.

The Schaffer and Lauterback actions taken in March, 2011 are only the most recent in a series of enforcement actions taken against business executives, board members, plan vendors and others for their role in committing or failing to take prudent steps to prevent or redress alleged misconduct relating to the maintenance, administration and funding of various employee benefit programs regulated by ERISA. In recent months and years, the Labor Department has filed several lawsuits against business executives and businesses for alleged breaches of fiduciary duties. While misuse of employee contributions by plan sponsors is a common focus of many of these actions, plan sponsors, plan service providers and members of their management with discretionary authority or responsibility over plan assets or administration or the election of those appointed to administer those responsibilities often arise out of the failure or these individuals to take prudent steps to prevent, monitor or address misconduct by other plan fiduciaries or service providers.[iii]

Plan sponsors, fiduciaries, service providers and their management should anticipate these risks and their attendant responsibilities will continue to rise as the Labor Department moves forward to adopt and implement revisions and enhancements to its fiduciary regulations such as those provided for in the new “Interim Final Regulation Relating to Improved Fee Disclosure for Pension Plans” scheduled to take effect in July, 2011 and the Proposed Regulation on the “Definition of the Term Fiduciary” published by the Labor Department in July and October, 2010 respectively.

Meanwhile, the Labor Department enforcement activities highlight the longstanding and ongoing policy of aggressive investigation and enforcement of alleged misconduct by companies, company officials, and service providers in connection with the maintenance, administration and funding of ERISA-regulated employee benefit plans. In its Fiscal Year 2010, the Labor Department closed 3,112 civil investigations, of which 2,301 (73.94%) resulted in monetary recoveries or other corrective action. The Labor Department referred 264 cases for civil litigation and filed 128 civil lawsuits. Meanwhile on the criminal side, the Labor Department closed 281 criminal investigations and obtained indictments against 96 people.

In addition to prosecutions brought by the Labor Department, companies and individuals that exercise discretion and control of the administration or funding of employee benefit plans regulated by ERISA also may be sued personally by participants and beneficiaries for breach of fiduciary under ERISA. A review of the Labor Department’s enforcement record and existing precedent makes clear that where the Labor Department perceives that a plan sponsor or its management fails to take appropriate steps to protect plan participants, the Labor Department will aggressively pursue enforcement regardless of the size of the plan sponsor or its plan, or the business hardships that the plan sponsor may be facing.

Plan Sponsors, Fiduciaries, Service Providers & Their Management Should Act To Manage Exposures

Given these exposures, businesses providing employee benefits to employees or dependents, as well as members of management participating in, or having responsibility to oversee or influence decisions concerning the establishment, maintenance, funding, and administration of their organization’s employee benefit programs need a clear understanding of their responsibilities with respect to such programs, the steps that they should take to demonstrate their fulfillment of these responsibilities, and their other options for preventing or mitigating their otherwise applicable fiduciary risks.

To help guard and position themselves to defend against these and other exposures, plan sponsors, fiduciaries, service providers and others involved in the administration of health or other employee benefit plans should seek the advice of legal counsel with appropriate experience with employee benefit and other related matters to develop an understanding of ERISA and other laws and the duties and liabilities that these rules may create for their organizations and themselves personally. For additional tips and information about managing these risks, see here.

For Help With These Or Other Risk Management Matters

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 23 years of work helping employers; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend wage and hour and other workforce and internal controls policies, procedures and actions. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on wage and hour, worker classification and other human resources and workforce, employee benefits, compensation, internal controls and related matters. She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press

[i] Chao v. Stephen Schaffer, the Eyeglass Factory, Inc., No O2-CV-60197, as announced in EBSA Release No. 11-341-CHI (March 29, 2011).

[ii] Solis v. Larry Lauterback, as announced in EBSA Release No 11-322-CHI (March 14, 2011).

[iii] See, e.g. Chao v. Associated Plan Administrators, as announced in EBSA Release No. 07-1265-BOS/BOS 2007-298 (October 16, 2007); Chao v. Starkey, as announced in EBSA Release No. 05-747-ATL (May 2, 2005); Chao v. Perry., as announced in EBSA Release BOS 2002-054 (March 21, 2002); Chao v. Mabry, as announced in EBSA Release No. 160 (March 20, 2002). See also, e.g., Baker v. Kingsley, 2006 WL 2027606 (N.D.Ill.2007); In Re Enron Corp Securities Derivative & “ERISA” Litigation, 284 F.Supp. 511 (S.D.Tex. 2003); Varity Corp. v. Howe, 516 U.S. 489 (1996); Brink v. DeLesio, 496 F. Supp. 1350 (D.Md. 1980).

Comments Off on Plan Sponsors. Their Owners & Management & Others Risk Personal Liability If Others Defraud Plans or Mismanage Employee Benefit Plan Responsibilities | Bankruptcy, Corporate Compliance, Defined Benefit Plans, Defined Contribution Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Human Resources, Insurance, Internal Controls, Internal Investigations, Professional Liability, Reporting & Disclosure, Restructuring, Retirement Plans, Risk Management, Union | Tagged: 404, Director Liability, embezzlement, ERISA, Fiduciary, Fiduciary Responsibility, Officer Liability, Officers & Directors Liability, Owner Liability, Plan Sponsor Liability, Service Provider Liability, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Avoiding Liability For Another’s Health Plan Fraud

February 25, 2011

TPA’s Embezzlement Guilty Plea Reminds Plan Sponsors, Fiduciaries & Service Providers To Ensure Fiduciaries, Administrators & Staff Prudently Selected, Monitored & Bonded

The guilty plea of an Ohio-based third-party administrator to embezzlement of $1 million in plan assets reminds employers and other employee benefit plan sponsors and members of their management participating in plan related activities, plan administrators and other plan fiduciaries and plan service providers (“plan decision-makers”) of the importance of ensuring appropriate, well-documented credentialing and selection, oversight, auditing and bonding the individuals and companies acting as fiduciaries and others participating in administration of plans or their assets (“plan workforce members”) to minimize their potential exposure to potential personal liability as a result of the fraud under the Employee Retirement Income Security Act (ERISA).

Cox Prosecution Reflective DOL Readiness To Prosecute Parties For Misuse of Plan Monies & Other Plan Fraud

According to a February 23, 2011 U.S. Department of Labor (DOL) announcement, Rhonda Sue Irvin Cox, owner of Irvin Administrative Solutions LLC (IAS), pleaded guilty to the embezzlement of $1 million of retirement plan assets from client plans administered by IAS. The DOL reports that between January 2003 and April 2007, Cox plead guilty to using used her position with ISC to embezzle the funds from 12 of 59 plans for which IAS served as a third party administrator. Cox also pleaded guilty to one count of making false statements in documents required under ERISA to be kept and certified by the plans’ administrator. Scheduled to be sentenced on June 1, 2011, Cox faces a maximum of five years in prison on each criminal count, a $250,000 fine and a special assessment. Cox is scheduled to be sentenced on June 1, 2011.

The DOL and Justice Department have a long-standing record of aggressive investigation and prosecution of embezzlement or other fraud impacting health and other employee benefit plans. Their criminal and civil enforcement and prosecution record makes clear this commitment remains strong.

Plan Sponsors, Fiduciaries & Service Providers May Face Civil Liability From When Others Defraud Their Plans

While plan decision-makers generally are aware that individuals defrauding health or other employee benefit plans risk criminal and civil prosecution, many fail to recognize their own potential civil liability exposures that may arise out of the fraudulent acts or other misconduct of another plan workforce member.

Embezzlement of plan assets is one of many acts of misconduct that can create potential fiduciary liability exposure for plan decision-makers under ERISA. Until confronted with potential fraud, misconduct or other misfeasance by a plan fiduciary, service provider or other plan workforce member, many plan decision-makers lack an adequate appreciation of the personal liability they may incur if they cannot demonstrate appropriate steps were taken to protect their health plan from this misconduct.

Under ERISA’s fiduciary responsibility rules, embezzlement or other misuse of employee contributions or other plan assets as well as certain other misconduct or misfeasance by a plan fiduciary, service provider or other plan workforce member can create personal liability exposures for plan decision-makers with responsibility or discretionary authority over the selection, retention, or management of plan workforce members if the plan decision-maker cannot demonstrate appropriate steps were taken to select, monitor and bond the plan workforce and other prudent action was taken to prevent and redress the fraud. Accordingly, health plans, their sponsors, fiduciaries, service providers, their management, and others serving as, or selecting, managing or retaining companies or individuals that participate in the handling of health plan assets or administration should act to strengthen their health plans and themselves against these exposures.

Risk Management Strategies & Tips

When embezzlement or other concern affecting their health plan arises, plan decision-makers concerned about protecting their health plans and themselves must act promptly in a carefully documented, prudent manner to investigate and respond to the concern. They should be prepared to present well-documented evidence of the scope and limits of their responsibility, authority, awareness, and potential for the selection, monitoring and oversight of the plan workforce member or others responsible for the performance of those actions, the adequacy of the bonding arrangements for the plan, and other efforts to prudently protect the plan before, during and after the discovery of the concern. While these and other steps can help strengthen the ability of a plan decision-maker to liability exposures that can result from the other plan workforce member’s embezzlement of plan assets or other misconduct, plan sponsors and plan decision-makers also should acquire suitable fiduciary and other liability insurance coverage and make other arrangements to help provide for the potential financial costs and other demands that are likely to arise in the event that it becomes necessary to investigate or redress fraud or other misconduct. Learn more here.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need help investigating or responding to fraud or other misconduct affection a health or other employee benefit plan, dealing with an employee benefit plan investigation or enforcement action by the Labor Department, private plaintiffs or another public or private party, reviewing current or proposed health plan processes or procedures, or responding to other employee benefit, labor and employment or other related controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters. In connection with this work, Ms. Stamer regularly counsels and helps clients to defend a broad range of clients about employee benefit plan fraud and other fiduciary responsibility concerns. Throughout her career, she has represented and served as special counsel to health and other employee benefit plans, plan sponsors, plan service providers, officers, directors and other management officials, bankruptcy trustees, debtors and creditors, and others in connection with health and other employee benefit plan fraud and other fiduciary responsibility and related investigations, prosecutions and other actions involving the Labor Department, IRS, HHS, Justice Department, state insurance and attorneys general, bankruptcy actions, and participant, beneficiary and vendor disputes. She also is recognized for her publications, industry leadership, workshops and presentations on these and other employee benefits, insurance and human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on health care, human resources, employee benefits, data security and privacy, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

Comments Off on Avoiding Liability For Another’s Health Plan Fraud | Defined Benefit Plans, Defined Contribution Plans, Disability Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Human Resources, Insurance, Internal Controls, Internal Investigations, Malpractice, Professional Liability, Retirement Plans, Risk Management | Tagged: co-fiduciary liability, embezzlement, employee benefit, ERISA, Fiduciary Liability, fraud, Health Plan | Permalink
Posted by Cynthia Marcotte Stamer

Stamer To Speak About TPA & Other Plan Services Agreement Contracting Strategies For Managing Risks & Improving Effectiveness At 2010 Great Lakes Benefits Conference

March 13, 2010

Curran Tomko Tarski LLP Labor & Employment Practice Chair and Solutions Law Press Publisher Cynthia Marcotte Stamer will discuss “TPA & Other Plan Services Agreements- Managing Risks & Improving Effectiveness” At 2010 Great Lakes Benefits Conference to be held at the Wyndham Chicago Hotel on June 16-17, 2010.

Growing regulatory, fiduciary and other compliance risks magnify the importance of the careful negotiation and documentation of third party administration and other plan-related service agreements for plans, plan sponsors, plan fiduciaries and service providers. Careful credentialing, negotiation and documentation of administrative and other services relationships plays an increasingly key role in the ability of plan sponsors, plans, fiduciaries and service providers to allocate and efficiently manage plan operations, meet compliance obligations, and allocate and manage fiduciary and other legal risks.

Ms. Stamer’s workshop will examine key concerns like how administrative services contract terms, plan terms, the parties of actions and other factors help determine which parties are exposed to fiduciary and other liabilities; who is responsible for fiduciary, administrative, reporting and disclosure, bonding, indemnification and other responsibilities; and terms and processes that may help parties manage their relationships and legal risks by exploring some of the common issues and concerns that need to be considered when entering into these contractual arrangements.

Co-hosted by the Internal Revenue Service and ASPPA, this two day Conference features presentations on regulatory, legislative, administrative and actuarial and other employee benefit issues lead by local, regional and national government representatives from the Internal Revenue Service and the Department of Labor and nationally recognized employee benefit leaders from private industry. To register for the Conference or for additional information, see here.

Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee, an ABA Joint Committee on Employee Benefits Council member, Chair of the Curran Tomko Tarski Labor, Employment & Employee Benefits Practice and former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is nationally recognized for more than 22 years domestic work with employer and other plan sponsors, fiduciaries, administrative and other service providers, insurers, and other clients on employee benefit program and product design, documentation, administration, compliance, risk management, and public policy matters. The publisher of Solutions Law Press, Ms. Stamer also publishes, conducts training and speaks extensively on these and related concerns. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly. For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

If you need assistance with vendor or other outsourcing contracts, or other employee benefits, employment, compensation or other management concerns, wish to inquire about compliance, risk management or training, or need legal representation on other matters please contact Cynthia Marcotte Stamer, CTT Labor & Employment Practice Chair at cstamer@cttlegal.com, 214.270.2402; or your other preferred Curran Tomko Tarski LLP attorney.

If you found this information of interest, you also may be interested in reviewing other updates and publications by Ms. Stamer including:

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here and learn more about other Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press distributions here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

Comments Off on Stamer To Speak About TPA & Other Plan Services Agreement Contracting Strategies For Managing Risks & Improving Effectiveness At 2010 Great Lakes Benefits Conference | CHIP, COBRA, Corporate Compliance, Defined Benefit Plans, Disability Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, FMLA, Health Plans, HIPAA, Human Resources, Insurance, Internal Controls, Malpractice, Medicare Part D, Mental Health, Mental Health Parity, Preemption, Prescription Drugs, Privacy, Professional Liability, Reporting & Disclosure, Retirement Plans, Risk Management, Tax, Wellness Programs | Tagged: administrative services agreement, bonding, compliance, ERISA, Fiduciary Responsibility, Health Plans, Insurance, Retirement Plans, Risk Management, tpa, trustees | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Speaks To CPAs About “Privacy & Information Security: Managing Your Accounting Practice’s Liabilities & Counseling Your Clients” January 12, 2010

December 28, 2009

Accountants and their clients face increasing regulatory and business pressures to protect the sensitive business and personal information collected and maintained in the course of their operation to minimize their exposure to personal identity theft and other cybercrime scams by employees, business partners and others. Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer will speak about “Privacy & Information Security: Managing Your Accounting Practice’s Liabilities & Counseling Your Clients” to members of the Dallas CPA Society on January 12, 2010 beginning at 2:00 p.m.

Part of the Dallas CPA Society Member Appreciation CPE Series Meeting, Ms. Stamer’s presentation will be part of four hours of free CPE training to be provided at a program open to members only at the Hilton Lincoln Centre Hotel located at 5410 LBJ Freeway, Dallas TX 75240 from 1 p.m. to 4:50 p.m. Central Time. (Parking at the facility costs $5.00). To register or for additional information, see here.

If you need help responding to these developments or other legislative, regulatory or enforcement concerns, Curran Tomko Tarski LLP can help. Curran Tomko and Tarski LLP and its attorneys have significant experience assisting businesses and business leaders to manage and defend privacy, data security, tax employee benefit, employment, health care, environmental, safety, securities and other compliance and risk management concerns.

Curran Tomko Tarksi LLP Partner Cynthia Marcotte Stamer has more than 22 years experience helping businesses to use the law, process and technology to manage people and processes, and to manage technology, privacy and data security, employment and other legal and operational risks affecting their businesses. Author of “Privacy & Securities Standards-A Brief Nutshell,” “Privacy Invasions of Medical Care-An Emerging Perspective,” and “E-Health Business and Transactional Law Other Liability-Tort and Regulatory;” published by The Bureau of National Affairs, Inc., and many other publications, Ms. Stamer has extensive experience advising a accounting firms, law firms, banks and financial services organizations, insurers, consultants, health plans, health care providers and others about HIPAA, FACTA, and other privacy, trade secret and other information security and data breach risk management and compliance concerns. Ms Stamer also speaks, publishes and provides public policy input extensively on data security, technology and other internal controls and risk management matters. Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee, an ABA Joint Committee on Employee Benefits Council member, and Chair of the Curran Tomko Tarski Labor, Employment & Employee Benefits Practice, Ms. Stamer also is Board Certified in Labor & Employment law. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly. For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

If you need assistance with these or other compliance concerns, wish to inquire about federal or state regulatory compliance audits, risk management or training, assistance investigating or responding to a known or suspected compliance or risk management concern, or need legal representation on other matters please contact the author of this update, Cynthia Marcotte Stamer, CTT Labor & Employment Practice Chair at cstamer@cttlegal.com, 214.270.2402; or your other preferred Curran Tomko Tarski LLP attorney.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here /the Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press HR & Benefits Update distributions here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

Comments Off on Stamer Speaks To CPAs About “Privacy & Information Security: Managing Your Accounting Practice’s Liabilities & Counseling Your Clients” January 12, 2010 | Corporate Compliance, Data Security, EEOC, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, GINA, Health Plans, Human Resources, Internal Controls, Malpractice, Privacy, Professional Liability, Protected Health Information, Risk Management | Tagged: Acountant's Liability, Corporate Compliance, CPA, CPE, Employee Benefits, Employer, GINA, Health Insurance, Health Plans, Human Resources, Internal Controls, Medical Coverage, Privacy, Risk Management, Tax | Permalink
Posted by Cynthia Marcotte Stamer

Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders

December 18, 2009

By Cynthia Marcotte Stamer

Business owners, executives, board members, and other business leaders of companies facing financial challenges should heed a mounting series of recent fiduciary liability settlement orders, judgments and prosecutions as strong reminders of the potential personal risk they may face if their health, 401(k) or other employee benefit programs are not appropriately funded and administered as required by the Employee Retirement Income Security Act of 1974, as amended (ERISA).

Businesses leaders struggling to deal with economic setbacks frequently may be tempted to use employee benefit plan contributions or funds for added liquidity or otherwise fail to take appropriate steps to protect and timely deposit plan contributions or other plan assets. A long and ever-mounting series of decisions demonstrates the risks of yielding to these temptations for businesses that sponsor these plans and the business leaders that make these decisions.

EBSA Prosecutes Businesses & Executives That Bungle ERISA Obligations

The mishandling of employee benefit obligations by financially distressed companies during the ongoing economic downturn is fueling an increase in Department of Labor Employee Benefit Security Administration (EBSA) enforcement actions against distressed or bankrupt companies and their officers or directors for alleged breaches of fiduciary duties or other mishandling of medical, 401(k) or other pension, and other employee benefit programs sponsored by their financially distressed companies.

EBSA enforcement activities during 2009 continue to highlight the longstanding and ongoing policy of aggressive investigation and enforcement of alleged misconduct by companies, company officials, and service providers in connection with the maintenance, administration and funding of ERISA-regulated employee benefit plans. A review of the Labor Department’s enforcement record makes clear that where the Labor Department perceives that a plan sponsor or its management fails to take appropriate steps to protect plan participants, the Labor Department will aggressively pursue enforcement regardless of the size of the plan sponsor or its plan, or the business hardships that the plan sponsor may be facing.

EBSA reports enforcing $1.3 billion in recoveries related to pension, 401(k), health and other benefits during fiscal year 2009. EBSA has filed numerous lawsuits to compel distressed companies and/or members of their management to pay restitution or other damages for alleged breaches of ERISA fiduciary duties, to appoint independent fiduciaries, or both for plans sponsored by bankrupt or financially distressed companies.

Recent settlements and judgments obtained by the Labor Department and through private litigation document that officers and other members of management participating, or possessing authority to influence, the handling of heath, 401(k) and other pension, or other employee benefit plans regulated by ERISA may be exposed to personal liability if these benefit programs are not maintained and administered appropriately. This risk is particularly grave when the sponsoring company becomes financially distressed or goes bankrupt, as the handling of employee benefit and other responsibilities becomes particularly disrupted and the lack of company liquidity often leaves executives and service providers as the only or best source of recovery for government officials and private plaintiffs.

Executives Ordered To Pay To Make Things Right

In the December 2, 2009 decision in Solis v. Struthers Industries Inc., for instance, a federal district judge ordered business leader Jomey B. Ethridge liable to pay $303,084.61 to restore assets belonging to the 401(k) plan of bankrupt Struthers Industries in an ERISA fiduciary responsibility action filed by the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA). Filed by the EBSA in the U.S. District Court for the Southern District of Mississippi, the Struthers Industries lawsuit alleged that Ethridge and Struthers Industries allowed employee contributions to be used for purposes other than providing benefits resulting in losses of $310,084.57. According to court documents, Struthers Industries designed and built heat transfer and pressure vessels at its Gulfport facility. In 2001, its 401(k) plan had 278 participants and assets totaling $8,279,083. The company filed for bankruptcy in 2003, and its assets were auctioned off in 2005. An independent fiduciary was appointed by the court in 2007 to manage the plan’s assets. The ordered Ethridge personally to pay $303,084.61 in restitution to the plan for his involvement in the mishandling of the plan’s assets. The order also bars Ethridge from acting as a benefit plan fiduciary in the future.

The Struthers Industries decision comes on the heels of EBSA’s success in Solis v. T.E. Corcoran Co. Inc. last month in recovering more than $89,000 from business owners and operators found to have breached fiduciary duties to the participants of the T.E. Corcoran Co. Inc. Profit Sharing Plan by improperly loaning plan assets to he plan sponsor and an affiliated company. The Labor Department sued T.E. Corcoran Co. and its owners, John F. Corcoran and Thomas E. Corcoran Jr., alleging that the company and its owners caused the plan to lend money to the two companies at below market interest rates, without terms of payment and without documentation in violation of ERISA. The suit filed in the U.S. District Court for the District of Massachusetts, also named as a defendant Coran Development Co. Inc., a company co-owned by the Corcorans. T.E. Corcoran Co. Inc. was the sponsor and administrator of the plan, while John and Thomas Corcoran were trustees of the plan, making all three fiduciaries and parties in interest with respect to the plan. ERISA specifically prohibits the use of employee benefit plan funds to benefit parties in interest.

The Corcoran judgment requires that the plan account balances of defendants John F. Corcoran and Thomas E. Corcoran Jr. be offset in the amount of $89,273 plus interest to be allocated to the accounts of the other plan participants. The offset will make whole all of the accounts of the non-trustee participants. In addition, the court order appoints an independent trustee to oversee the final distribution of the plan’s assets and the proper termination of the plan, requires the defendants to cooperate fully with the independent trustee in this process, and then prohibits them from serving as fiduciaries to any ERISA-covered plan for 10 years.

A complex maze of ERISA, tax and other rules make the establishment, administration and termination of employee benefit plans a complicated matter. When the company sponsoring a plan goes bankrupt or becomes distressed, the rules, as well as the circumstances can make the administration of these responsibilities a powder keg of liability for all involved. Companies and other individuals that in name or in function possess or exercise discretionary responsibility or authority over the maintenance, administration or funding of employee benefit plans regulated by ERISA frequently are found to be accountable for complying with the high standards required by ERISA for carrying out these duties based on their functional ability to exercise discretion over these matters, whether or not they have been named as fiduciaries formally.

In other instances, businesses and their leaders do not realize that the functional definition that ERISA uses to determine fiduciary status means that individuals participating in discretionary decisions relating to the employee benefit plan, as well as the plan sponsor, may bear liability under many commonly occurring situations if appropriate care is not exercised to protect participants or beneficiaries in these plans.

For this reason, businesses providing employee benefits to employees or dependents, as well as members of management participating in, or having responsibility to oversee or influence decisions concerning the establishment, maintenance, funding, and administration of their organization’s employee benefit programs need a clear understanding of their responsibilities with respect to such programs, the steps that they should take to demonstrate their fulfillment of these responsibilities, and their other options for preventing or mitigating their otherwise applicable fiduciary risks.

If you have questions about or need assistance evaluating, commenting on or responding to these or other employment, health or other employee benefit, workplace health and safety, corporate ethics and compliance or other concerns or claims, please contact the author of this article, Curran Tomko Tarski LLP Labor & Employment Practice Group Chair Cynthia Marcotte Stamer. Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization and Chair of the American Bar Association RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is experienced with assisting employers and others about compliance with federal and state equal employment opportunity, compensation and employee benefit, workplace safety, and other labor and employment, as well as advising and defending employers and others against tax, employment discrimination and other labor and employment, and other related audits, investigations and litigation, charges, audits, claims and investigations by the IRS, Department of Labor and other federal and state regulators. Ms. Stamer has advised and represented employers on these and other labor and employment, compensation, employee benefit and other personnel and staffing matters for more than 20 years. Ms. Stamer also speaks and writes extensively on these and other related matters. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly. For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

Other Information & Resources

We hope that this information is useful to you. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information here or registering to participate in the distribution of our Solutions Law Press HR & Benefits Update distributions here. Some other recent updates that may be of interested include the following, which you can access by clicking on the article title:

For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject here.

Comments Off on Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders | Bankruptcy, Corporate Compliance, Defined Benefit Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Internal Controls, Internal Investigations, Professional Liability, Restructuring, Retirement Plans | Tagged: Bankruptcy, Corporate Compliance, Distressed Company, E&O Liability, EBSA, ERISA, Fiduciary Liability, Fiduciayr Responsibility, Officers & Directors Liability, Reorganization, Restructuring | Permalink
Posted by Cynthia Marcotte Stamer

Speak Up America: Where & How To Read & Share Your Feedback About The Health Care Reform Legislation

August 1, 2009

As the health care reform policy debate continues, Americans increasingly are asking where to read the text of the health care reform legislation that members of Congress are debating and how to share their input.

While numerous alternatives presently are pending before Congress, much of recent discussion and debate has focused around one of the following bills:

H.R. 3200: America’s Affordable Health Choices Act of 2009, introduced in the House by Rep Dingell, John D. on July 14, 2009 the text of which as originally introduced may be reviewed here. It has been the focus of significant mark up negotiation through out July before the following House Energy and Commerce, House Ways & Means, and House Education & Labor Committees; and
S. __, the Affordable Health Choices Act approved by the Senate Committee on Health, Education, Labor and Pensions, the text of which as approved may be reviewed here.

When reviewing these bills, Americans should keep in mind that members of Congress are engaged in ongoing negotiations about the specific provisions and language of these bills, as well as other legislation. Official developments generally may be monitored here.

Many American businesses and individuals also are asking about how and where to share their views, how to organize others to do the same and other questions about getting the word out. Here a some quick ideas. We encourage others to share.

The Coalition For Patient Empowerment and the Coalition for Responsible Health Care Reform linkedin group are two one of many resources where individuals are sharing information about these matters.
Concerned individuals should share their views both by faxing, e-mailing or telephoning key decisionmakers in Congress, as well as joining and participating in activities of other individuals and groups that share their concerns. Contact and get involved with this and other groups that share your concerns.
Contact the offices of your Congressional representatives in the House and Senate as well as other members of Congress that support your views and ask them about other groups and ways that you can share your views. They will welcome your input and involvement.
If you are aware of or involved in a group that shares your views, we encourage you to share it on the Coalition for Responsible Health Care Reform linkedin group. If you or others are planning a town hall or other health care reform meeting, use this or other linked in groups to spread the word.
If you are interested in volunteering to plan events in your region, let us know.

We also encourage you and others to join the discussion about these and other health care reform proposals and concerns by joining the Coalition for Responsible Health Care Reform Group on Linkedin, and registering to receive these updates here.

When communicating, consider targeting your messages to members of Congress whose votes are likely to be impacted by your communications.

For instance, with both the House and Senate in the majority in Congress, Democrats generally have greater control over what legislation moves forward. The Democratic Leadership of the House and Sentate generally can get legislation passed by their members as long as they can maintain consensus among the members of their parties. In connection with the health care reform proposals, however, cost and other considerations have made maintaining a consensus more difficult than on other legislation. Certain fiscally moderate members of the Democratic Party have expressed concern about the expense and other aspects of their Leadership proposed health care reform proposals. These Democrats in Congress generally the members of Congress whose votes are most likely to be impacted by public input and feedback generally and from voters in their districts and contributors specifically.

In the House of Representatives, these members likely are the “Blue Dog Democrats.” Read about Blue Dog Democrats here.

The fiscal conservatism of Blue Dog Democrats makes them more likely to listen to concerns about the cost and other concerns relating to the health care reform bills touted by the Democrat Leadership in the House and Senate. In fact, many Blue Dog Democrats already are speaking out about their concerns about the cost and other aspects of the Bill.

Contact from voters and contributors in their districts and others could make a major difference in the ability that the House Democrat Leadership needs to pass their Bill. Immediately contacting these members and getting others – particularly voters and contributors in the districts that elect these members – is one of the most important steps that concerned Americans can do to position their concerns to be heard.

For most concerned voters, telephone or fax contact is the best means to convey these messages. To minimize spam, most members only accept e-mail submitted through their website links. Security concerns can delay receipt of written correspondence for weeks.

For persons interested in making their voices heard and sharing information with others who wish to do the same, the following contact information may be of interest:

The number of the Capital Switchboard is 202-224-3121.

The Blue Dog Leadership Team and there telephone and fax numbers are:

Rep. Stephanie Herseth Sandlin (SD), Blue Dog Co-Chair for Administration, Telephone: 202.225.2801 , Fax: 202.225.5823

Rep. Baron Hill (IN-09), Blue Dog Co-Chair for Policy,Telephone: 202-225-4031, Fax: (202) 226-6866

Rep. Charlie Melancon (LA-03), Blue Dog Co-Chair for Communications, Telephone: 202-225-4031, Fax: (202) 226-3944

Rep. Heath Shuler (NC-11), Blue Dog Whip, Telephone: 202-225-6401, Fax: (202) 226-6422

The Blue Dog Members and their telephone numbers are :

Altmire, Jason (PA-04),(202)225-2565
Arcuri, Mike (NY-24), (202)225-3665
Baca, Joe (CA-43),(202)225-6161
Barrow, John (GA-12), (202) 225-2823
Berry, Marion (AR-01), (202) 225-4076
Bishop, Sanford (GA-02), (202) 225-3631
Boren, Dan (OK-02), (202) 225-2701
Boswell, Leonard (IA-03), (202) 225-3806
Boyd, Allen (FL-02), (202) 225-5235
Bright, Bobby (AL-02), (202) 225-2901
Cardoza, Dennis (CA-18), (202) 225-6131
Carney, Christopher (PA-10), (202) 225-3731
Chandler, Ben (KY-06), (202) 225-4706
Childers, Travis (MS-01), (202) 225-4306
Cooper, Jim (TN 5^th), (202) 225-4311
Costa, Jim (CA 20^th), (202) 225-3341
Cuellar, Henry (TX 28^th), (202) 225-1640
Dahlkemper, Kathleen A. (PA 3^rd), (202) 225-5406
Davis, Lincoln (TN 4^th),(202) 225-6831
Donnelly, Joe (IN 2^nd), (202) 225-3915
Ellsworth, Brad (IN 8^th), (202) 225-4636
Giffords, Gabrielle (AZ 8^th), (202) 225-2542
Gordon, Bart (TN 6^th), (202) 225-4231
Griffith, Parker (AL 5^th), (202) 225-4801
Harman, Jane (CA 36^th), (202) 225-8220
Herseth Sandlin, Stephanie (SD At Large), (202) 225-2801
Hill, Baron P. (IN 9^th), (202) 225-5315
Holden, Tim (PA 17^th), (202) 225-5546
Kratovil, Frank Jr. (MD 1^st), (202) 225-5311
McIntyre, Mike (NC 7^th), (202) 225-2731
Marshall, Jim (GA 8^th), (202) 225-6531
Matheson, Jim (UT 2^nd), (202) 225-3011
Melancon, Charlie (LA 3^rd), (202) 225-4031
Michaud, Michael H. (ME 2^nd), (202) 225-6306
Minnick, Walt (ID 1^st), (202) 225-6611
Mitchell, Harry E. (AZ 5^th), (202) 225-2190
Moore, Dennis (KS 3^rd), (202) 225-2865
Murphy, Patrick J. (PA 8^th), (202) 225-4276
Nye, Glenn C. (VA 2^nd), (202) 225-4215
Peterson, Collin C. (MN 7^th), (202) 225-2165
Pomeroy, Earl (ND At Large), (202) 225-2611
Ross, Mike (AR 4^th), (202) 225-3772
Salazar, John T. (CO 3^rd), (202) 225-4761
Sanchez, Loretta (CA 47^th), (202) 225-2965
Schiff, Adam B. (CA 29^th), (202) 225-4176
Scott, David (GA 13^th), (202) 225-2939
Shuler, Heath (NC 11^th), (202) 225-6401
Space, Zachary T. (OH 18^th), (202) 225-6265
Tanner, John S. (TN 8^th), (202) 225-4714
Taylor, Gene (MS 4^th), (202) 225-5772
Thompson, Mike (CA 1^st), (202) 225-3311
Wilson, Charles (OH-06), (202) 225-5705

You and others also are invited to join the discussion about these and other health care reform proposals and concerns by:

Joining the Coalition for Responsible Health Care Reform Group on Linkedin and registering to receive these updates here; and
E-mailing Cstamer@cttlegal.com to participate in the Coalition for Patient Empowerment.

Curran Tomko Tarski LLP Can Help

If your business needs assistance monitoring or providing input on health care reform or other human resources, employee benefit or compensation legislation or regulations, or auditing, updating or defending its health or other employee benefit, human resources, or compensation arrangements, or responding to employee benefits, employment or compensation related charges or suits, please contact Ms. Stamer at cstamer@cttlegal.com, (214) 270-2402; or your favorite Curran Tomko Tarski, LLP attorney. For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi, LLP team, see here.

The author of this article, Curran Tomko Tarski LLP Labor & Employment Practice Group Chair Cynthia Marcotte Stamer and other members of Curran Tomko and Tarski LLP are experienced with assisting employer and employee benefit plan sponsors, administrators and others about labor and employment, compensation and employee benefit compliance and risk management concerns, as well as advising and defending these and other clients in labor and employment, compensation, and employee benefit related audits, investigations and litigation, charges, audits, claims and investigations.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Chair of the ABA RPTE Employee Benefit Plans and Other Compensation Group, a member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer has extensive experience with health and retirement, work force and other employee benefit and employment matters. She is nationally and internationally known for her innovative work with employers, associations, churches, insurers and others to develop health benefit, onsight medical, wellness and other employee benefit and employment arrangements, as well as her involvement in health care, pension and other public policy advocacy.

More Information & Resources

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here /the Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press HR & Benefits Update distributions here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

Comments Off on Speak Up America: Where & How To Read & Share Your Feedback About The Health Care Reform Legislation | Employee Benefits, Employers, Employment Tax, ERISA, Health Care Reform, Health Plans, Human Resources, Immigration, Income Tax, Insurance, Malpractice, Preemption, Professional Liability, Tax, Uncategorized | Tagged: Corporate Compliance, Employee Benefits, Employer, Employers, ERISA, Health Care Reform, Health Insurance, Health Plans, Human Resources, Insurance, Insurer, Labor, Managed Care, Medical Coverage | Permalink
Posted by Cynthia Marcotte Stamer

Stamer, Others To Discuss Technology Use/Risks in Employee Benefits, Tax & HR Consulting & Administration

July 29, 2009

Cynthia Marcotte Stamer will speak about “Technology Issues for Tax Attorneys and their Clients” on September 26, 2009 at the American Bar Association 2009 Fall Joint Tax Meeting in Chicago.

The September 26 program will feature a panel discussion of:

Research tools, anti-virus, encryption and other technology practice aids, tools and tricks tax practitioners;
IRS, DOL and other rules impacting opportunities for employers and employee benefit plan administrators to use electronic communications to reduce employment and employee benefit plan communication expenses;
Electronic communications with government agencies and the need to be prepared to provide electronic records for tax audits;
Expanding personal information privacy and data security considerations; and
More.

Moderated by Frank Palmieri of Palmieri & Eisenberg, Alexandria, VA, the confirmed panelists include:

Catherine Sanders Reach of the American Bar Association, Chicago, IL;
Cynthia Marcotte Stamer of Curran Tomko Tarksi LLP, Dallas, TX;
Joy M. Mercer of Joy M. Mercer, PC, Florham Park, NJ; and
Danny A. Martin, Jr. of Shell Oil Company, Houston, TX.

The session is scheduled to take place from 2:30 p.m. – 4:00 p.m. on Saturday, September 26, 2009. To register for the meeting or other details, see here.

Chair Elect of the American Bar Association RPTE Employee Benefits & Compensation Committee, an ABA Joint Committee on Employee Benefits Council member, and Chair of the Curran Tomko Tarski Labor, Employment & Employee Benefits Practice, Cynthia Marcotte Stamer is nationally and internationally recognized for her work assisting businesses, employee benefit plan fiduciaries and vendors, governments, and other entities to develop administer and defend cost-effective employee benefit other human resources programs, policies and procedures to meet their budgetary, risk management and compliance and other objectives. Board certified in Labor & Employment law, Ms. Stamer applies her extensive experience regarding employment, employee benefit, tax, privacy and data security and other related laws to assists clients in a wide range of business and litigation contexts. The co-founder of the Solutions Law Consortium, Ms. Stamer also makes extensive use of cloud computing and other technology in her own practice and provides input to human resources and other clients others about the use of these and other technology tools to manage employee benefit, human resources, internal controls and other operations. In connection with this work, Ms. Stamer has works, writes and consults extensively with a diverse range of clients about the development, use technology and other processes to streamline health and other benefit, payroll and other human resources, employee benefits, tax, compliance and other business processes and the management and protection of sensitive personal and other information and data.

If your organization or employee benefit plan needs assistance managing or evaluating options or responsibilities associated with the use of technology and data in connection with its health care, employee benefits, tax or other operation or other human resources, employee benefits or and compliance concerns, please contact Ms. Stamer at cstamer@cttlegal.com, (214) 270-2402; or your favorite Curran Tomko Tarski, LLP attorney. For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi, LLP team, see here.

More Information & Resources

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here /the Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press HR & Benefits Update distributions here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@SolutionsLawyer.net.

Comments Off on Stamer, Others To Discuss Technology Use/Risks in Employee Benefits, Tax & HR Consulting & Administration | Employee Benefits, Employers, Employment Tax, ERISA, Health Plans, Income Tax, Internal Controls, Privacy, Professional Liability, Risk Management, Tax, Wage & Hour | Tagged: Data Security, Employee Benefit Communications, Employee Benefits, Health Care, Health Plans, Privacy, Retirement Plans, Tax, Technology | Permalink
Posted by Cynthia Marcotte Stamer

Stamer Moderates June 25 ABA Teleconference On When Benefits Lawyers and Other Service Providers Be Sued for Malpractice for Services to ERISA Plans

June 9, 2009

Cynthia Marcotte Stamer will moderate a June 25, 2009 teleconference on “Can Benefits Lawyers and Other Service Providers Be Sued for Malpractice for Services to ERISA Plans?”

The telephone conference hosted by the American Bar Association (ABA) Joint Committee on Employee Benefits (JCEB) is scheduled for Thursday, June 25, 2009 from 1:00-2:00 pm Eastern Time, 12:00-1:00 pm Central Time, 11:00 am-12:00 pm Mountain Time, and 10:00 am-11:00 am Pacific Time.

The teleconference will feature a discussion by Hogan & Hartson LLP attorney Kurt Lawson and AARP Foundation Litigation attorney Mary Ellen Signorille about how the federal precedent governing when and how ERISA preemption affects state malpractice and misfeasance claims against accountants, lawyers, health care providers, actuaries and others has evolved during the five year period since the United State’s Aetna v. Davila decision reframed when ERISA preempts state law malpractice claims and the implications of this precedent on the viability and litigation of these state law malpractice claims.

To register or for additional information, go to here.

About Cynthia Marcotte Stamer

The immediate past Chair of the American Bar Association’s Managed Care & Insurance Section, Cynthia Marcotte Stamer is a highly regarded legal advisor, author and speaker recognized both nationally and internationally for her expertise in the areas of health benefits and other human resource compliance matters. Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, “Cindy” recently joined Curran Tomko Tarski, LLP as the Chair of its Labor & Employment and Health Care Practices April 1, 2009.

The Managing Editor of Solutions Law Press and an Editorial Advisory Board Member and author for Employee Benefit News and other publications, Ms. Stamer is a widely published author and popular speaker. In addition to hundreds of publications on health plan and other human resources, employee benefit and internal controls issues, Ms. Stamer is the author of the “Health Plan Eligibility Toolkit.” Her work has been featured and published by the American Bar Association, BNA, SHRM, World At Work, Employee Benefit News and the American Health Lawyers Association. Her insights on human resources risk management matters have been quoted in The Wall Street Journal, the Dallas Business Journal, Managed Care Executive, HealthLeaders, Business Insurance, Employee Benefit News and the Dallas Morning News.

Ms. Stamer also serves in a number of professional leadership roles including the leadership council of the ABA Joint Committee on Employee Benefits, Vice Chair of the ABA Real Property, Probate & Trust Section and Employee Benefits & Compensation Group.

Cynthia Marcotte Stamer and other members of Curran Tomko and Tarski LLP are experienced with advising and assisting employers with these and other health plan and other employee benefit, labor and employment, compensation, and internal controls matters. If your organization needs assistance with assessing, managing or defending its wage and hour or other labor and employment, compensation or benefit practices, please contact Ms. Stamer via e-mail here, or by calling (214) 270-2402. For additional information about the experience, services, publications and involvements of Ms. Stamer specifically or to access some of her many publications, see here, For more information and other members of the Curran Tomko Tarksi, LLP team, see the Curran Tomko Tarski Website.

We hope that this information is useful to you. For additional information about the experience, services, publications and involvements of Ms. Stamer specifically or to access some of her many publications, see here, For more information and other members of the Curran Tomko Tarksi, LLP team, see the Curran Tomko Tarski Website.

You can register to receive future updates and information about upcoming programs, access other publications by Ms. Stamer and access other helpful resources here. If you or someone else you know would like to receive updates about developments on these and other human resources and employee benefits concerns, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here. If you would prefer not to receive these updates, please send a reply e-mail with “Remove” in the subject line to support@SolutionsLawyer.net. You also can register to participate in the distribution of these updates by registering to participate in the Solutions Law Press HR & Benefits Update Blog here.

Comments Off on Stamer Moderates June 25 ABA Teleconference On When Benefits Lawyers and Other Service Providers Be Sued for Malpractice for Services to ERISA Plans | Employee Benefits, Employers, ERISA, Health Plans, Human Resources, Insurance, Internal Controls, Malpractice, Preemption, Professional Liability, Retirement Plans, Risk Management | Tagged: Employee Benefits, Employer, Employers, Employment, ERISA, ERISA Preemption, Health Plans, Human Resources, Insurance, Insurer, Internal Controls, Labor, Malpractice, Managed Care, Medical Coverage, Vendor Contracting | Permalink
Posted by Cynthia Marcotte Stamer

Check the Status of your VCP Submission

Revised VCP Model Compliance Statement and Schedules

About Solutions Law Press, Inc.™

About Solutions Law Press, Inc.™

HIPAA Right Of Access Rule

UHIC & Other OCR Right Of Access Resolution Agreements

ERISA Section 502(c) Penalty For Failing To Timely Respond To Member Information Request

Plans Must Assure Timely Access & Disclosure

For More Information

About Solutions Law Press, Inc.™

Banner Health Settlement

OCR Warns Other HIPAA-Covered Entities

More Information

About the Author

About Solutions Law Press, Inc.™

IMPORTANT NOTICE ABOUT THIS COMMUNICATION

About the Author

“2017 Federal Group Health Plan Mental Health Rules Update”

Email Subscription

Pages

Recent Posts

Archives

Share this blog

Solutions Law Press HR & Benefits Update