| Page 11

$2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others

May 10, 2017

Healthcare providers, health plans, healthcare clearinghouses and their business associates (Covered Entities) can’t disclose the name or other protected health care information about a patient in press releases or other announcements without prior authorization from the patient. That’s the clear lesson Covered Entities should learn from the $2.4 million payment to the U.S. Department of Health and Human Services (HHS) that the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS) is paying to settle charges it violated the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule by issuing a press release with the name and other protected health information (PHI) about a patient without the patient’s prior HIPAA-compliant authorization under a Resolution Agreement and Corrective Action Plan (Resolution Agreement) announced May 10, 2017 by HHS Office of Civil Rights (OCR).

The Resolution Agreement resolves OCR charges the operator of 13 hospitals, eight Cancer Centers, three Heart & Vascular Institutes, and 27 sports medicine and rehabilitation centers violated the Privacy Rule that resulted from an OCR compliance review of MHHS triggered by multiple media reports suggesting that MHHS improperly disclosed the name and other details about a patient arrested and charged with presenting an allegedly fraudulent identification card to office staff at an MHHS’s clinic after MHHS clinic staff alerted law enforcement of suspicions the patient was presenting false identification to the clinic. According to OCR, after law enforcement investigated and arrested the patient, MHHS published a press release concerning the incident in which MHHS senior management approved the impermissible disclosure of the patient’s PHI by adding the patient’s name in the title of the press release without securing prior authorization of the patient.

While OCR concluded the report to law enforcement allowable under the Privacy Rule, OCR found MHHS violated the Privacy Rule by issuing the press release disclosing the patient’s name and other PHI without authorization from the patient and also by failing to timely document the sanctioning of its workforce members for impermissibly disclosing the patient’s information.

To resolve and avoid the potential Civil Monetary Penalties that HIPAA could authorize OCR to impose for the alleged Privacy Rule violation, MHHS agrees in the Resolution Agreement to pay OCR a $2.4 million monetary settlement and implement a corrective action plan that obligates MHHS to update and train its workforce on its policies and procedures on safeguarding PHI from impermissible uses and disclosures including specific instructions and procedures to:

Address (a) Uses and disclosures for which an authorization is required, including to the media, to public officials, and on the internet; (b) Disclosures for law enforcement purposes; and (c) Uses and disclosures for health oversight activities;
Identify MHHS personnel or representatives whom workforce members, agents, or business associates may contact in the event of any inquiry or concern regarding compliance with HIPAA in relation to these activities;
Internal reporting procedures requiring all workforce members to report to the designated person or office at the earliest possible time any potential violations of the Privacy, Security or Breach Notification Rules or of MHHS’ privacy and security policies and procedures and MHHS promptly to investigate and address all received reports in a timely manner; and
Application and documentation of appropriate sanctions (which may include retraining or other instructive corrective action, depending on the circumstances) against members of MHHS’ workforce, including senior level management, who fail to comply with the Privacy, Security or Breach Notification Rules or MHHS’ privacy and security policies and procedures, including a description of the sanctions; a timeframe in which MHHS will apply and document sanctions for violations of the HIPAA Rules or of MHHS’ privacy, security or breach policies or procedures; the manner in which MHHS will document the sanctions; and where MHHS will store or retain such documentation (e.g., personnel file).

The corrective action plan in the Resolution Agreement also requires all MHHS facilities to attest to their understanding of permissible uses and disclosures of PHI, including disclosures to the media and others.

Covered entities should keep in mind the MHHS Resolution Agreement is the latest in a series of OCR enforcement actions and resolution agreements highlighting the need for Covered Entities to adopt and use appropriate policies and procedures to prevent wrongful disclosures of PHI to the media or public. For instance, in June, 2013, OCR required Shasta Regional Medical Center (SRMC) to pay a $275,000 settlement payment and implement a comprehensive corrective action plan to resolve OCR charges stemming from SRMC’s disclosure of PHI about a patient to members of the media and its workforce in an effort to respond to accusations the patient made that SRMC engaged in fraud and other misconduct. See HIPAA Sanctions Triggered From Covered Entity Statements To Media, Workforce. In contrast, the $2.2 million resolution agreement that OCR required New York Presbyterian Hospital for improperly allowing a film crew to film hospital patients in violation of HIPAA was almost 10 times greater than the SRMC penalty and was accompanied by OCR’s publication OCR of specific additional guidance warning Covered Entities against improper disclosures to the media. See $2 Million+ HIPAA Settlement, FAQ Warn Providers Protect PHI From Media, Other Recording Or Use.

Following on the heels of this previous guidance and prior enforcement actions warning Covered Entities against wrongful disclosure to the media, the MHHS Resolution Agreement sends a strong message to Covered Entities that they should expect little sympathy if their organizations improperly share PHI with the media. OCR’s announcement of the MHHS Resolution Agreement, for instance quotes OCR Director Roger Severino with stating that “Senior management should have known that disclosing a patient’s name on the title of a press release was a clear HIPAA Privacy violation that would induce a swift OCR response.” The announcement goes on to quote Director Severino further as stating, “This case reminds us that organizations can readily cooperate with law enforcement without violating HIPAA, but that they must nevertheless continue to protect patient privacy when making statements to the public and elsewhere.”

Conduct Entity-Wide Risk Assessment & Review & Tighten Media Relations Policies, Processes & Training ASAP

Covered entities should heed the warning by conducting a risk assessment of their organization’s susceptibility to potential improper disclosures to media or others and reviewing and implementing necessary written policies, procedures and training to prevent the improper disclosure of patient PHI to media or others unless the Covered Entity either secures prior HIPAA-compliant authorization from the patient or can prove the disclosure falls squarely under an exception to the Privacy Rule’s prohibition against disclosure of PHI without authorization except as allowed by the Privacy Rule.

Taking these and other needed steps to evaluate, and strengthen and enforce as needed, risk assessments, policies, procedures, and training to prevent wrongful use, access or disclosure of PHI to the media or others is particularly critical in light of the ongoing tightening of expectations, and rising enforcement and sanctions for HIPAA violations since Congress amended HIPAA in 2009. See OCR Audit Program Kickoff Further Heats HIPAA Privacy Risks; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website.

Based on experiences reported in the MHHS and other similar resolution agreements, Covered Entities also generally will want to ensure that their policies, procedures and training extend to all potential sources of communications that could involve patient information and make clear that the Privacy Rule restrictions must be followed even if the circumstances involve allegations of misconduct, special performance by healthcare providers or others that it would benefit the organization or certain individuals to have known to the public, or other circumstances likely to be of interest to the media or other parties.

As part of this process, covered entities should ensure they look outside the four corners of their Privacy Policies to ensure that appropriate training and clarification is provided to address media, practice transition, workforce communication and other policies and practices that may be covered by pre-existing or other policies of other departments or operational elements not typically under the direct oversight and management of the Privacy Officer such as media relations. Media relations, physician and patients affairs, outside legal counsel, media relations, marketing and other internal and external departments and consultants dealing with the media, the public or other inquiries or disputes should carefully include and coordinate with the privacy officer both to ensure appropriate policies and procedures are followed and proper documentation created and retained to show authorization, account, or meet other requirements.

In conducting this analysis and risk assessment, it will be important that Covered Entities include, but also look beyond the four corners of their Privacy Policies to ensure that their review and risk assessment identifies and assesses and addresses compliance risks on an entity wide basis. This entity-wide assessment should include both communications and requests for information normally addressed to the Privacy Officer as well as requests and communications that could arise in the course of media or other public relations, practice transition, workforce communication and other operations not typically under the direct oversight and management of the Privacy Officer. For this reason, Covered Entities also generally will not only to adopt and implement specific policies, processes and training in these other departments to prohibit and prevent inappropriate disclosures of PHI in the course of those departments operations. It also may be advisable to pre-established processes for reviewing media or other communications for potential PHI content and require prior review of any proposed public relations and other internal or external communications containing patient PHI or other information by the privacy officer, legal counsel or another suitably qualified party.

Because of the high risk that the preparation or review of media or other public communications reports will involve the use and disclosure of PHI, Covered Entities also generally should verify that all outside media or public relations, legal, or other outside service providers participating in the investigation, response or preparation or review of communications to the media or others both are covered by signed business associate agreements that fulfill the Privacy Rule and other requirements of HIPAA as well as possess detailed knowledge and understanding of the Privacy and Security Rules suitable to participate in and help safeguard the Covered Entity against violations of these and other Privacy Rules. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Health Care,” “Labor & Employment,” “Tax: Erisa & Employee Benefits” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 29 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to manage and defend compliance, public policy, regulatory, staffing and other operations and risk management concerns. A core focus of this work includes work to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; dealings with JCHO and other accreditation and quality organizations; investigation and defense of private litigation and other federal and state health care industry investigations and enforcement; insurance or other liability management and allocation; process and product development; managed care, physician and other staffing, business associate and other contracting; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws. Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on trade secret, HIPAA and other medical, consumer, insurance, tax, and other privacy and data security, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

Her work includes both regulatory and public policy advocacy and thought leadership, as well as advising and representing a broad range of health industry and other clients about policy design, drafting, administration, business associate and other contracting, risk assessments, audits and other risk prevention and mitigation, investigation, reporting, mitigation and resolution of known or suspected violations or other incidents and responding to and defending investigations or other actions by plaintiffs, DOJ, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others.

In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health plans, health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved. For information about republication or other use, please contact Ms. Stamer here.

Comments Off on $2.4M HIPAA Settlement Message Warns Health Plans & Providers Against Sharing Medical Info With Media, Others | ADA, board of directors, Brokers, Cafeteria Plans, Civil Monetary Penalties, Civil Rights, compliance, conflict of interest, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, Disability Discrimination, Electronic Medical Record, employee, Employee Benefits, Employer, Employers, Employment, EMR, ERISA, Fair Credit Reporting Act, fiduciary duty, GINA, HIPAA, HIPAA, Hiring, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Internal Revenue Code, IRC, Leadership, LGBT, Management, Medicare Part D, Mental Health, Mental Health Parity, MEWA, Physician, Prescription Drugs, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Technology, third party administrators, Uncategorized | Tagged: Health Care Provider, Health Plans, HIPAA, Medical Privacy, PHI, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

SHOP Marketplace Still Health Coverage Option For Small Employers; All Employers Should Confirm Health Plan Compliance

May 10, 2017

While Congress continues to debate the future of the Obamacare health reforms and its exchanges, the Department of Health & Human Services is reminding employers with less than 50 employees that wish to offer group health coverage for their employees to check out their coverage options offered the Small Business Health Options Program (SHOP) Marketplace established as part of the Patient Protection and Affordable Care Act (ACA). Before or when offering health coverage for employees or their dependents, employers and their management should confirm they fully understand and appropriately arrange for fulfillment of all applicable federal, contractual and other requirements to avoid unfortunate and often expensive liabilities.

The SHOP Marketplace is intended to offer an opportunity for for small employers who want to provide health and dental insurance to their employees. Use of the SHOP Marketplace to obtain coverage may be an option for an employer if it is a business or non-profit organization with 50 or fewer full-time equivalent employees (FTEs). An employer that qualifies to get group health coverage through the SHOP doesn’t have to wait for an annual enrollment period; it can start offering SHOP insurance to your employees any time of year by completing the enrollment process by the applicable deadline prior to the first day of the month that the employer wants to start offering coverage through the SHOP.

In addition to the option to buy coverage through the SHOP, employers with 25 or fewer employees also may be eligible to use the Small Employer Health Care Credit created by the ACA to help defray the costs of providing this coverage to their qualifying employees. For instance, Monday, May 15 is the sign up deadline for small employers and nonprofit employees interested in obtaining small group health plan coverage for their employees through the the SHOP Marketplace beginning on June 1. See HealthCare.gov/Small-Business to enroll your small business or non-profit employees or get more details.

While many excellent reasons may exist for a business to offer group health coverage for qualifying employees, all employers regardless of size considering offering group health coverage obtained through the SHOP or other sources should keep in mind that employers that establish and maintain group health coverage, the group health plans they establish and the company or persons with discretionary authority or responsibility for the maintenance, management or administration of these programs or their plans are required to comply with a variety of federal tax, labor and other rules.

Businesses and their owners or management leaders making these decisions should confirm that they fully understand these responsibilities and take appropriate steps to ensure their fulfillment before establishing or maintaining a group health plan to avoid exposing their business, its management or owners or others to unexpected and often substantial liabilities that can result from violation of these requirements. While small employers plans sometimes qualify for some relief from a few of these requirements, depending on their size, the majority of these federal rules apply to most if not all group health plans. Furthermore, businesses sponsoring these programs and their leaders involved in deciding whether and what health coverage to offer for employees and their dependents should not presume that their organization, the resulting plan or its fiduciaries will fulfill these requirements simply by purchasing coverage through the SHOP Marketplace, directly from an insurer, or with the assistance of a broker or consultant. Fulfillment of applicable requirements generally requires that sponsoring employers and individuals within the management responsible for or appointed to oversee the program to take other steps. The scope of responsibility and resulting liability to a sponsoring employer and members of its ownership or management also typically are impacted by the plan design and contracts used to establish and maintain the program, its funding, and various other factors. These factors generally include contractual language in insurance, consulting or brokerage, administrative services and other contracts presented by vendors for use in purchasing and maintaining the program that often shift responsibility for many duties an employer otherwise might assume would be born by the vendor. For these and other reasons, most businesses and their leadership will want to consider arranging for their proposed program and its associated contracts and arrangements to be reviewed by legal counsel experienced in group health plan and associated labor, tax and other laws and arrangements.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

Well-known for her extensive work with health, insurance, financial services, technology, energy, manufacturing, retail, hospitality and governmental employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.

About Solutions Law Press, Inc.™

If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.

NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.

Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.

Leave a Comment » | employee, Employer, Employers, Employment, HR, Human Resources, Labor Management Relations, Leadership, Managment, MSHA, NLRA, Uncategorized | Tagged: Labor Law, labor-management relations, NLRA, Trump Administration | Permalink
Posted by Cynthia Marcotte Stamer

Employers Review Health Plans Now To Avoid Excise Taxes & Other Current Law Plan Risks & Ready For Health Reform

April 25, 2017

While Congress and the Trump Administration continue to ponder and debate what if anything to do with the health care reforms of the Patient Protection and Affordable Care Act (ACA), employer and other health plan sponsors, health plan insurers, plan fiduciaries and others responsible for health plan design, administration or funding must take steps to verify their past and continuing compliance with the ACA and other federal mandates while laying the groundwork to respond quickly to any eventual reforms.

Regardless of what, if anything, the existing Congress or the Trump Administration does to repeal or reform the ACA or other federal health plan rules, all health plan sponsors, insurers, fiduciaries and administrators should act to mitigate their substantial and ever-growing health plan exposures by arranging for an independent compliance audit of their health plan terms, materials and operations for potential uncorrected past or current violations of the 40 federal mandates covered by the Form 8928 reporting and associated Internal Revenue Code excise tax liability exposure, as well as other applicable plan liabilities under the Employee Retirement Income Security Act (ERISA), the Social Security Act, the Internal Revenue Code and other federal laws within open statute of limitation periods.

The cost, complexity and riskiness of health plan sponsorship and administration has grown exponentially over the past two decades. Thanks to the ACA and the continuous stream of other federal laws and regulations implemented over the past 20 years, sponsoring employers, as well as their health plans and those responsible as fiduciaries for administering, funding and insuring these programs now face huge costs, responsibilities and liabilities. While the ACA substantially expanded the federal health plan mandates and liabilities, the ACA is not the lone cause and its amendment or repeal alone won’t fully resolve these risks prospectively or retrospectively insulate sponsoring employers, their plans or their fiduciaries and insurers from the liabilities and costs of compliance issues occurring before Congress repeals or amends the ACA.

Of particular note for employer and other sponsors of group health plans are the self-reporting and excise tax self-assessment and payment requirements for employers coupled with the companion responsibilities and liabilities fiduciaries, plan administrators and others face under these federal mandates make it important that employers and others sponsoring group health plans and their management or other leaders overseeing or participating in plan design or vendor selection, plan administration or other plan related activities get advice and help from qualified legal counsel experienced in health plan matters:

To conduct an independent compliance review and risk assessment of their health plans,
To recommend and assist in the performance of recommended steps to correct or mitigate risks from any potential past or existing violations or other exposures that have arisen or are likely to arise from existing contractual, plan design or other health plan actions;
To explore the potential advisability of taking additional steps to prevent or mitigate health plan associated compliance or other risks going forward whether or not health reform happens; and
To begin preparing to take advantage of any impending health care reforms by evaluating the requirements and procedures that existing plan terms, contracts, vendors and arrangements are likely to require to implement changes necessary to respond to any reforms as quickly and efficiently as possible.

Spring Clean Your Health Plan House

Since any reforms eventually enacted are unlikely to retroactively eliminate liability of employers, their health plans or fiduciaries for violations of federal health plan mandates, health plan terms, or associated contracts occurring before the effective date of reform, employer and other health plan sponsors, fiduciaries, insurers and administrators should begin by identifying, cleaning up any existing, unresolved, and preventing any new health plan compliance problems.

While overall compliance with applicable federal mandates and health terms generally should be the goal, employers or others sponsoring group health plans need to be particularly concerned with their responsibilities and potential liability under the Internal Revenue Code to self-identify, report and pay stiff excise tax penalties of $100 per day per violation of any of 40 federal health plan mandates imposed by the ACA and various other federal laws when the sponsor files its annual tax return.

This employer or other plan sponsor excise tax liability generally arises in addition to the liabilities that plans, their fiduciaries and their insures face for failing to administer and pay benefits under the plans in accordance with the listed 40 federal mandates, whether actually written into or imputed by operation of law into the plan, the costs of which sponsoring employers often will bear responsibility for funding in whole or in part pursuant to their contractual liabilities under the health plan contracts, as plan fiduciaries or both. See, Businesses Must Confirm & Clean Up Health Plan ACA & Other Compliance Following Supreme Court’s King v. Burwell　Decision;　 More Work For Employers, Benefit Plans Following SCOTUS Same-Sex Marriage　Ruling; 2016 & 2017 Health Plan Budgets, Workplans Should Anticipate Expected Changes To　SBCs.

Sponsors and plan fiduciaries also need to be concerned about other risks beyond sponsoring employers’ excise tax liability exposures for sponsoring a non-compliant group health plan. Among other things, group health plans and their fiduciaries can face audits, litigation and enforcement actions by the Centers for Medicare & Medicaid Services and other health plans for improperly coordinating plan claims with other coverage as well as lawsuits from covered persons, their health care providers or other beneficiaries, the Department of Labor and CMS, or others seeking to enforce rights to benefits, penalties in the case of CMS or the Department of Labor, and attorneys’ fees and other costs of enforcement. Beyond benefit litigation, the employer or representatives of the sponsoring employer, if any, named or acting as fiduciaries, insurer or third-party service providers named or acting as fiduciaries, also could face fiduciary lawsuits seeking damages, equitable relief, and attorneys’ fees and costs of court, for failing to prudently administer the plan in accordance with its terms and the law brought by covered persons or their beneficiaries or the DOL as well as fiduciary breach penalties if the fiduciary breach action is brought by the DOL. If the plan fails to comply with claims and appeals procedures or other ERISA notification requirements, parties named or functioning as the plan administrator for this purpose also could face penalties of up to $125 per violation per day in the case of enforcement actions brought by participants and beneficiaries or $1025 per violation per day in the case of actions brought by the DOL, plus attorneys’ fees and other costs of enforcement. Unless the employer previously took steps to draft its health plan documents and negotiate its vendor contracts to provide otherwise, most vendor provided plans typically assign these liabilities to the sponsoring employer or a member of its management by naming that employer or the management person the “plan administrator” and/or “named fiduciary” responsible for those activities and liabilities, requiring the plan sponsor to indemnify the vendor for costs and liabilities arising from the performance of actions under the plan even when those actions don’t comply with ERISA fiduciary or other legal standards applicable to the performance of those duties under the plan, or both, and other contractual or plan provisions that shift liabilities and costs to the plan sponsor.

To mitigate their exposure to these liabilities and costs, employer or other health plan sponsors should consider arranging for an independent legal compliance and risk assessment of their health plan, its terms, materials and operations to help mitigate the sponsoring employer’s exposure to self-identify, self-report on IRS Form 2848 and pay the $100 per day per violation excise tax liability now generally required under the Internal Revenue Code for any such violation.

Beyond mitigating a plan sponsor’s Form 8928 reporting and associated excise tax exposures, an independent compliance audit also can mitigate other risks and exposures for the sponsoring employer, the plan and its fiduciaries, the cost of which the sponsoring employer often bears financial responsibility for funding pursuant to the contractual indemnification and funding obligations entered into in connection with the establishment and maintenance of the plan, the fiduciary role, if any, of the employer with respect to the plan, or both. Accordingly, a timely and appropriate review is likely to help mitigate other risks and liabilities such as:

Fiduciary liability that can arising from failing to administer the plan in accordance with these and other federal health plan mandates under ERISA;
Unanticipated benefit costs and liabilities, which for self-insured plans are likely to be particularly burdensome if compliance issues are not identified and corrected before applicable deadlines to pay and submit claims to the stop-loss or other insurer expire (usually at or shortly after the close of a plan year or if earlier, contract termination);
Benefit costs and penalties for wrongful coordination of benefits with Medicare, Medicaid, DOD and certain other plans or coverage in violation of Secondary Payer and other mandates; and
Costs of defending and settling audits, litigation and other government or participant enforcement actions.

Since prompt self-audit and correction can help mitigate all of these liabilities, business leaders of employers sponsoring health plans should act promptly to engage experienced legal counsel experienced with health plan laws and operations to advise the plan sponsor about how to audit their group health plan’s plan documents, materials and operations for compliance with these and other federal health plan rules within the scope of attorney-client privilege while managing tax, financial, benefit and fiduciary liability exposures to deal with potential compliance concerns that the review might discover as well as mitigate risks that could result if the audit is improperly structured or conducted.

Prepare To Respond To Potential Health Reform & Other Health Plan Improvement

Beyond identifying and addressing existing compliance concerns and other risks associated with prior or existing plan design or administration, most employer and other sponsors also will want to review the health plan document and materials and associated insurance, third-party administration and other health plan vendor contracts pursuant to which the health plan is established, maintained and administered to identify requirements and opportunities to respond quickly to make changes when and if health care reform happens as well as for other opportunities to mitigate existing risks and costs.

As most commentators expect some type of regulatory or statutory health plan relief to result from the current health care reform debates in Congress, employer and other health plan sponsors desiring to accelerate their ability to take advantage of any forthcoming relief should familiarize themselves with the procedures required under existing plan terms, contracts and rules to modify their programs in response to these changes. Almost certainly, plan sponsors should anticipate needing to adopt some amendments to plan documents, summary plan descriptions and other materials to take advantage of any legislative or statutory relief. Plan sponsors also need to keep in mind that their vendor contracts with administrators, group, stop-loss or captive insurers, and other vendors likely also will require the plan sponsor to notify and negotiate with its vendors to secure their agreement before adopting these changes to avoid violating those vendor agreements and prudently to arrange for appropriate implementation and administration of the modified plan design and terms. Identification of the contractual and plan requirements and commencement of discussions with the relevant vendors can help expedite the planning and implementation of any desired plan modifications the plan sponsor elects to make in response to any statutory or regulatory reforms.

While preparing for anticipated health care reforms, most plan sponsors also will want to review their plans and vendor contracts for other potential opportunities to mitigate risks or expenses. With respect to existing and future liability mitigation, each plan sponsor generally should carefully assess the allocation of fiduciary responsibility and liability between the sponsoring employer, members of its management or other workforce team, and vendors to identify potential areas where the contract may assign named or other plan administrator or other fiduciary status and liability to the plan sponsor or a member of its workforce for duties outsourced to a vendor. Sponsoring employers or their management may want to initiate negotiations with the vendor to reallocate the fiduciary role and responsibility to the party responsible for performance of the specific duties, enhancement of performance guarantees, indemnifications and insurance coverage for proper performance of the outsourced duties by the vendor in accordance with the plan terms, including any mandates imposed by the ACA and other federal laws in form and operation, and other safeguards or, if the vendor is unwilling to consider these changes, begin searching for a replacement vendor willing to provide better accountability for its actions with respect to the services it is hired to perform.

Except in rare circumstances where the sponsoring employer has carefully contracted to transfer fiduciary liability to its insurer or administrator and otherwise does not exercise or have a fiduciary obligation to exercise discretion or control over these responsibilities, employers sponsoring group health plans that violate federal mandates like the out-of-pocket limit often ultimately bear some or all of these liabilities even if the violation actually was committed by a plan vendor hired to administer the program either because the plan documents name the employer as the “named fiduciary” or “plan administrator” under ERISA, the employer or a member of its management named in the plan generally bears fiduciary responsibility functionally for selection or oversight of the culpable party, the employer signed a contract, resolution or plan document obligating the employer to indemnify the service provider for the liability, or a combination of these reasons.

Since prompt self-audit and correction can help mitigate all of these liabilities as well as help to preserve access to stop-loss or other reinsurance coverage, if any, applicable to help pay for some or all of any additional benefit liabilities resulting from these benefit mandates, business leaders of companies offering group health plan coverage should act quickly to engage experienced legal counsel for their companies for advice about how to audit their group health plan’s compliance with these and other federal health plan rules within the scope of attorney-client privilege while managing tax, financial, benefit and fiduciary liability exposures to deal with potential compliance concerns that the review might discover as well as mitigate risks that could result if the audit is improperly structured or conducted.

While businesses inevitably will need to involve or coordinate with their accounting, broker, and other vendors involved with the plans, businesses generally will want to get legal advice in a manner that preserves their potential to claim attorney-client privilege to protect against discovery in the event of future enforcement or litigation actions sensitive discussions and analysis　about compliance audits, plan design choices, and other risk management and liability planning as well as to get help identifying potential plan design, contracting, procedural or other changes that may be needed to fix compliance deficiencies and mitigate other risks, particularly in light of complexity of the exposures and risks.

About The Author

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health and othre employee benefit, financial services, health care and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk.

Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer supports these organizations and their leaders on both a real-time, “on demand” basis as well as outsourced operations or special counsel on an interim, special project, or ongoing basis with strategic planning and product and services development and innovation; workforce and operations management, crisis preparedness and response as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

Throughout her career, she has helped a diverse array of clients manage, administer and defend employee and other workforce, vendors and suppliers, their recruitment, selection, performance management, contracting, investigation, discipline and termination; health and other employee benefits; compensation; safety; governance; compliance and internal controls; strategic planning, process and quality improvement; change management; trade secret and other privacy, data security and data breach;; crisis preparedness and response; internal, government and third-party reporting relations, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.

The American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has worked extensively throughout her career with employers, health and other employee benefit plans, insurers, managed care organizations, health care clearinghouses, health care providers, their business associates, employers, banks and other financial institutions, management services organizations, professional and trade associations, accreditation agencies, auditors, technology and other vendors and service providers, and others on benefit and insurance program legal and operational compliance, risk management, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending plan sponsors, fiduciaries, service providers, managed care organizations, insurers, self-insured health plans and other payers. Her experience includes both leading edge work designing and administering programs, as well as defending clients in connection with audits and enforcement actions by OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC, OSHA, Department of Insurance, Department of Justice and state attorneys’ general and other federal and state agencies; accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

A lead policy advisor to the Government of Bolivia on its pension privitization project and involved in U.S. federal and state as well as cross border workforce, pension, health care, Social Security, immigration, and tax regulatory and statutory reform throughout her adult life, Ms. Stamer also is widely sought out for her thoughtleadership and assistance with domestic and international public policy concerns in Pensions, healthcare, workforce, immigration, tax, education and other areas.

Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

For more information about Ms. Stamer or her experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Leave a Comment » | 4980D, 4980H, 6039D, ACA, board of directors, Brokers, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims Administration, compliance, Corporate Compliance, corporate governance, directors, employee, Employee Benefits, Employer, Employment, ERISA, Fair Labor Standards Act, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, health reform, HR, Human Resources, Insurance, insurers, Internal Controls, IRC, Management, Mental Health, Mental Health Parity, Obamacare, Patient Empowerment, Patient Protection & Affordable Care Act, Premium Subsidies, preventive care, Reporting & Disclosure, SBC, Uncategorized, Wellness Programs | Tagged: Americas Health Care Act, Employee Benefits, Employer, Health Benefits, Health Care Reform, Health Plans, Obamacare, Trump Care | Permalink
Posted by Cynthia Marcotte Stamer

Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements

April 24, 2017

Health plans, their fiduciaries and sponsors, health insurers, health care providers, health care clearinghouses (“covered entities”) and their business associates must get and keep your business associate (BA) agreements (BAAs) in place, up-to-date, and readily available for inspection in accordance with the Health Insurance Portability & Accountability Act (HIPAA) Privacy Rule, 45 C.F.R. Part 160 and Subparts A and E of Part 164 (Privacy Rule). That’s the clear message to covered entities and their business associates in the April 17, 2017 HIPAA Resolution Agreement just announced by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) with the Center for Children’s Digestive Health (CCDH).

While the Resolution Agreement relates to breaches of the BAA requirements of a small pediatric practice, all health plans, health care providers and other covered entities and business associates should focus on the adequacy of their BAAs and their BAA record keeping. HIPAA compliance surveys reflect deficiencies with the BAA rules are common throughout the industry. These findings and the involvement of BAs in data breaches or other OCR enforcement activities suggest a high probability that many other covered entities and business associates may be sitting ducks for similar sanctions. See e.g., HIPAA Compliance Survey Churns Up Many Business Associate Problems (January 3, 2017). Consequently, all covered entities and business associates generally should treat the CCDH Resolution Agreement as a message to review and correct as necessary their organizations’ compliance and recordkeeping to minimize their exposure to potential sanctions from violations of the HIPAA business associate rules.

The HIPAA Business Associate Agreement Requirements

OCR’s announcement of the CCDH Resolution Agreement is the latest in a growing series of HIPAA enforcement actions showing the growing risk covered entities and their business associates face for failing to take appropriate steps to comply with the BAA and other Privacy Rule requirements of HIPAA.

As compliance audits and surveys of covered entities and business associates suggest a high level of noncompliance with the business associate agreement requirements among covered entities and business associates, While the ever-growing list of Resolution Agreements and Civil Monetary Penalties announced by OCR cover a variety of categories of HIPAA violations, the CCDH Resolution Agreement highlights the importance of covered entities and their business associates ensuring that before the BA creates, accesses, receives, discloses, retains or destroys any PHI for the covered entity, a BAA meeting the Privacy Rule requirements is signed and retained for at least the six-year period the Privacy Rule requires in a manner easily producible when and if OCR or another agency asks for a copy as part of an investigation or other compliance audit. See Privacy Rule §§ 164.502(e), 164.504(e), 164.532(d) and (e).

The Privacy Rule requires that covered entities and business associates enter into a written and signed business associate agreement that contains the elements specified in Privacy Rule § 164.504(e) before the business associate creates, uses, accesses or discloses PHI of the covered entity. Meanwhile, the Privacy Rule recordkeeping requirements require that covered entities and BAs maintain copies of these BAAs for a minimum of six years.

Violations of the Privacy Rule can carry stiff civil or even criminal penalties Pursuant to amendments to HIPAA enacted as part of the HITECH Act, civil penalties typically do not apply to violations punished under the criminal penalty rules of HIPAA set forth in Social Security Act , 42 U.S.C § 1320d-6 (Section 1177).

Under Section 1177, the criminal enforcement provisions of HIPAA authorize the Justice Department to prosecute a person who knowingly in violation of the Privacy Rule (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an individual; or (3) discloses individually identifiable health information to another person, punishable by the following criminal sanctions and penalties:

A fine of up to $50,000, imprisoned not more than 1 year, or both;
If the offense is committed under false pretenses, a fine of up to $100,000, imprisonment of not more than 5 years, or both; and
If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of up to $250,000, imprisoned not more than 10 years, or both.

In contrast, as amended by the HITECH Act, the civil enforcement provisions of HIPAA empower OCR to impose Civil Monetary Penalties on both covered entities and BAs for violations of any of the requirements of the Privacy or Security Rules. The penalty ranges for civil violations depends upon the circumstances associated with the violations and are subject to upward adjustment for inflation. As most recently adjusted here effective September 6, 2016, the following currently are the progressively increasing Civil Monetary Penalty tiers:

A minimum penalty of $100 and a maximum penalty of $50,000 per violation, for violations which the CE or BA “did not know, and by exercising reasonable diligence would not have known” about using “the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances;”
A minimum penalty of $1,000 and a maximum penalty of $50,000 per violation, for violations for “reasonable cause” which do not rise to the level of “willful neglect” where “reasonable cause” means the “circumstances that would make it unreasonable for the covered entity, despite the exercise of ordinary business care and prudence, to comply with the violated Privacy Rule requirement;”
A minimum penalty of $10,000 and a maximum penalty of $50,000 per violation, for violations attributed to “willful neglect,” defined as “the conscious, intentional failure or reckless indifference to the obligation to comply” with the requirement or prohibition; and
A minimum penalty of $50,000 and a maximum penalty of $1.5 million per violation, for violations attributed to “willful neglect” not remedied within 30 days of the date that the covered entity or BA knew or should have known of the violation.

For continuing violations such as failing to implement a required BAA, OCR can treat each day of noncompliance as a separate violation. However, sanctions under each of these tiers generally are subject to a maximum penalty of $1,500,000 for violations of identical requirements or prohibitions during a calendar year. For violations such as the failure to implement and maintain a required BAA where more than one covered entity bears responsibility for the violation, OCR an impose Civil Monetary Penalties against each culpable party. OCR considers a variety of mitigating and aggravating facts and circumstances when arriving at the amount of the penalty within each of these applicable tiers to impose.

While criminal enforcement of HIPAA remains relatively rare, a review of the OCR enforcement record in recent years makes clear that civil enforcement of HIPAA and the sanctions imposed is growing. See e.g., $400K HIPAA Settlement Shows Need To Conduct Timely & Appropriate Risk Assessments; $5.5M Memorial HIPAA Resolution Agreement Shows Need To Audit. For more examples, also see here.

CCDH Sanctions For Violation Of HIPAA Business Associate Agreement Rules

The CCDH Resolution Agreement arises from violations of this requirement that OCR says it discovered as a result of a compliance review conducted in response to an OCR investigation of a CCDH business associate, FileFax, Inc. According to OCR, OCR found from the compliance review of CCDH triggered by OCR’s investigation of FileFax that while CCDH began disclosing PHI to Filefax in 2003 and that Filefax stored records containing protected health information (PHI) for CCDH, neither CCDH nor Filefax could produce a signed Business Associate Agreement (BAA) covering their relationship for any period before October 12, 2015.

Based on the resulting investigation, OCR concluded:

CCDH failed to obtain a BAA providing written assurances from Filefax that it would appropriately safeguard the PHI in Filefax’s possession or control satisfactory assurances as required by Privacy Rule §164.502(e); and
Because CCDH failed to secure the required BAA, it violated the Privacy Rule by impermissibly disclosing the PHI of at least 10,728 individuals to Filefax when CCDH transferred the PHI to Filefax without obtaining the requisite BAA from Filefax (Covered Conduct).

In the Resolution Agreement, CCDH agrees to pay HHS $31,000.00 (Resolution Amount) and enter into and comply with a Corrective Action Plan (CAP) in return for OCR’s release of CCDH from liability for “any actions it may have against CCDH under the HIPAA Rules” for the Covered Conduct. The Resolution Agreement only settles the civil monetary penalty and other OCR enforcement liabilities of CCDH with respect to the Covered Conduct. Its provisions expressly state the Resolution Agreement does not affect any exposures of CCDH to CCDH to OCR civil monetary penalties or other enforcement for any HIPAA violations other than the Covered Conduct.

Perhaps even more noteworthy given the HITECH Act’s provisions coordinating the civil and criminal sanctions of HIPAA, while the Resolution Agreement provides no clear indication that the Justice Department might be considering criminally prosecuting CCDH or any other party in relation to the Covered Conduct, the Resolution Agreement also expressly states that its provisions do not affect CCDH’s potential exposure, if any, to criminal prosecution by the Justice Department for a criminal violation of the Privacy Rules under Section 1177 of the Social Security Act.

Implications For Covered Entities & Business Associates

Covered entities and their business associates should heed the CCDH Resolution Agreement as a strong message from OCR to ensure their organizations are complying with HIPAA’s BAA and other requirements. The Resolution Agreement makes clear that the starting point of this compliance effort must be obtaining and maintaining the requisite BAAs for each BA relationship.

To position their organizations to withstand potential investigation by OCR, covered entities and BAs should start by conducting a well-documented audit within the scope of attorney-client privilege both to verify that an appropriate, signed BAA is in place for each BA relationship as well as adequacy of processes for identifying business associate relationships, ensuring that signed BAAs are in effect before BAs access any PHI, and for investigating, reporting and resolving any breaches of the HIPAA Privacy or Security Rules that may arise in the course of operations.

Conducting this audit as soon as possible is particularly important in light of reported findings of widespread compliance concerns. See HIPAA Compliance Survey Churns Up Many Business Associate Problems (January 3, 2017). As the audit process could identify potential violations or other legally sensitive concerns, covered entities and business associates generally will want to arrange for this audit and evaluation to be conducted under the supervision of legal counsel experienced with HIPAA within or pursuant to processes structured with the assistance of legal counsel within the scope of attorney-client privilege.

Beyond confirming all necessary BAAs are in place, covered entities and business associates also generally will want to evaluate the adequacy of BAs’ processes and procedures for maintaining compliance with the Privacy and Security Rules as well as processes and procedures for responding to audits, investigations and complaints, reporting and addressing breaches of electronic and other PHI and other possible compliance concerns under HIPAA and other related laws. In many instances, parties may n wish to revise and strengthen existing BAAs to more specifically define these policies and procedures more specifically as well as indemnification, cyber or other liability coverage requirements and other contractual provisions for allocating potential costs and liabilities arising from breaches, audits, investigations and other expenses associated with the administration of these provisions.

About The Author

In the course of this work, Ms. Stamer has accumulated extensive experience helping health industry clients manage workforce, medical staff, vendors and suppliers, medical billing, reimbursement, claims and other provider-payer relations, business partners, and their recruitment, performance, discipline, compliance, safety, compensation, benefits, and training, board, medical staff and other governance; compliance and internal controls; strategic planning, process and quality improvement; change management; assess, deter, investigate and address staffing, quality, compliance and other performance; meaningful use, EMR, HIPAA and other data security and breach and other health IT and data; crisis preparedness and response; internal, government and third-party reporting, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar, insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Leave a Comment » | ARRA, Attorney-Client Privilege, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, employee, Employee Benefits, Employer, Employers, Employment, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Patient Empowerment, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Uncategorized | Tagged: Business Associate, Health Care, Health Insurer, Health Plans, HIPAA, HIPAA OCR, HIPAA Privacy, HITECH, Insurer, Technology, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Consider Access In Prudent Investment Broker Selection

April 19, 2017

https://videopress.com/embed/3futNZyv?hd=0&autoPlay=0&permalink=0&loop=0
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.©2017. Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Leave a Comment » | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Health Reform: Tell Congress Until It Listens

April 19, 2017

https://videopress.com/embed/MqUiaSs1?hd=0&autoPlay=0&permalink=0&loop=0

Leave a Comment » | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

YOU ARE FOLLOWING THIS BLOG

You are following this blog, along with 737 other amazing people (manage).
PAGES
RECENT POSTS
ARCHIVES
- May 2017
- April 2017
- March 2017
- February 2017
- January 2017
- December 2016
- November 2016
- October 2016
- September 2016
- August 2016
- July 2016
- June 2016
- May 2016
- April 2016
- March 2016
- February 2016
- January 2016
- December 2015
- October 2015
- September 2015
- August 2015
- July 2015
- June 2015
- May 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- September 2014
- August 2014
- July 2014
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
SHARE THIS BLOG
May 2017

S M T W T F S

« Apr

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31
BLOGROLL
SOLUTIONS LAW
- Cynthia Stamer.com
- stamerchadwickstamer.com
SOLUTIONS LAW PRESS HR & BENEFITS UPDATE

May 2017
S	M	T	W	T	F	S
« Apr
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Comments Off on SHOP Marketplace Still Health Coverage Option For Small Employers; All Employers Should Confirm Health Plan Compliance | 105(h), 4980D, 4980H, 6039D, ACA, Affordable Care Act, Bankruptcy, board of directors, Brokers, Cafeteria Plans, Claims, Claims Administration, COBRA, compensation, compliance, conflict of interest, Contraception, Corporate Compliance, corporate governance, EBSA, employee, Employee Benefits, Employer, Employers, Employment, Employment Tax, ERISA, Excise Tax, Excise Taxes, Exempt, Fiduciary Responsibility, Form 5500, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, HIPAA, HIPAA, HR, Human Resources, Uncategorized | Tagged: ACA, Employer, Health Benefits, Health Insurance, Health Plan, Obamacare, shop marketplace | Permalink
Posted by Cynthia Marcotte Stamer

Tell Congress Pass AHCA Today

May 4, 2017

The US House of Representatives is scheduled to vote again tonight on the revised Majority-leadership lead first step healthcare reform legislation seeking to provide Americans and American business with some initial relief from the soaring premium and health care costs, care access barriers and regulatory and other burdens that have resulted under the ObamaCare law and regulations. Every American should call, e-mail or fax the leaders and their Congressperson as soon as possible today and tell them to pass this legislation and get busy passing the next set of reforms with no further delay, the get and stay II formed and involved until it gets it done starting with the House hearing and vote slated tonight starting at 8:30 Eastern. Get details here.

Health care and its reform is a complex challenge. Americans and American businesses, health payers, and States and their healthcare needs are highly diverse. The ambitious but far from successful Obamacare law shows the dangers of well-meaning but unrealistic To try to fix these challenges with a sweeping, one shot fix.

While passage of this legislative package won’t magically fix these challenges, it will provide quick relief for some of the ObamaCare expense and restrictions and expand the choices that Americans, American business, payers, providers and States while Congress works with American to identify and pursue legislative, regulatory, marketplace and other improvements.

Let’s get things going in the right direction!

Comments Off on Tell Congress Pass AHCA Today | 4980D, 4980H, 6039D, ACA, Affordable Care Act, board of directors, Cafeteria Plans, Claims Administration, Consumer Protection, Contraception, Corporate Compliance, directors, EBSA, employee, Employee Benefits, Employer, Employers, Employment, Employment Tax, ERISA, Excepted Benefits, exchange, Excise Tax, Excise Taxes, Fair Labor Standards Act, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, health reform, HR, Human Resources, Insurance, insurers, Internal Revenue Code, IRC, King V. Burwell, Leadership, Management, Managment, MEWA, Non-Exempt, Obamacare, Overtime, Patient Empowerment, Patient Protection & Affordable Care Act, Patient Protection and Affordabel Care Act, Patient Protection and Affordable Care Act, Pay, Payroll Tax, Physician, Plan Admistrator, Premium Subsidies, preventive care, Provider, Public Policy, Reporting & Disclosure, SBC, Tax, Wellness, Wellness Programs, Worker Classification, Workforce | Tagged: Affordable Care Act, American Health Care Act, Health Plans, health reform, HSA | Permalink
Posted by Cynthia Marcotte Stamer

Latest $2.5M HIPAA Settlement Warning To Health Plans, Providers: Get HIPAA Compliant

April 26, 2017

A new Department of Health and Human Services Office of Civil Rights (OCR) CardioNet Resolution Agreement and Corrective Action Plan (Resolution Agreement) settling OCR charges of violations of the Privacy and Security Rules of the Health Insurance Portability & Accountability Act against remote cardiac monitoring provider CardioNet provides important lessons for all health plans, health insurers, telemedicine and other healthcare providers, healthcare clearinghouses (Covered Entities) and their business associates about steps to take to reduce their risk of getting hit with big OCR penalty like the $2.5 million settlement payment CardioNet must pay under the Resolution Agreement.

OCR announced the first OCR HIPAA settlement involving a wireless health services provider Monday, April 24. Under the Resolution Agreement, CardioNet agrees to pay OCR $2.5 million and to implement a corrective action plan to settle potential OCR charges it violated the HIPAA Privacy and Security Rules based on the impermissible disclosure of unsecured electronic protected health information (ePHI).

CardioNet Charges & Settlement

As has become increasingly common in recent years, the CardioNet settlement arose from concerns initially brought to OCR’s attention in connection with a HIPAA breach notification report. On January 10, 2012, OCR received notification from the provider of remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias that a workforce member’s laptop with the ePHI of 1,391 individuals was stolen from a parked vehicle outside of the employee’s home. CardioNet subsequently notified OCR of a second breach of ePHI 2,219 individuals, respectively.

Likewise, the HIPAA breaches uncovered by OCR in the course of investigating these CardioNet breaches occur in the operations of many other covered entities. According to the OCR’s investigation in response to these breach reports revealed a series of continuing compliance concerns, including:

CardioNet failed to conduct an accurate and thorough risk analysis to assess the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI and failed to plan for and implement security measures sufficient to reduce those risks and vulnerabilities;
CardioNet’s policies and procedures implementing the standards of the HIPAA Security Rule were in draft form and had not been implemented;
CardioNet was unable to produce any final policies or procedures regarding the implementation of safeguards for ePHI, including those for mobile devices;
CardioNet failed to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain electronic protected health information into and out of its facilities, the encryption of such media, and the movement of these items within its facilities until March 2015; and
CardioNet failed to safeguard against the impermissible disclosure of protected health information by its employees, thereby permitting access to that information by an unauthorized individual, and failed to take sufficient steps to immediately correct the disclosure.

To resolve these OCR charges, CardioNet agrees in the Resolution Agreement to pay $2.5 million to OCR and implement a corrective action plan. Among other things, the corrective action plan requires CardioNet to complete the following actions to the satisfaction of OCR:

Prepare a current, comprehensive and thorough Risk Analysis of security risks and vulnerabilities that incorporates its current facility or facilities and the electronic equipment, data systems, and applications controlled, currently administered or owned by CardioNet, that contain, store, transmit, or receive electronic protected health information (“ePHI”) and update that Risk Analysis annually or more frequently, if appropriate in response to environmental or operational changes affecting the security of ePHI.
Assess whether its existing security measures are sufficient to protect its ePHI and revise its Risk Management Plan, Policies and Procedures, and training materials and implement additional security measures, as needed.
Develop and implement an organization-wide Risk Management Plan to address and mitigate any security risks and vulnerabilities found in the Risk Analysis as required by the Risk Management Plan.
Review and, to the extent necessary, revise, its current Security Rule Policies and Procedures (“Policies and Procedures”) based on the findings of the Risk Analysis and the implementation of the Risk Management Plan to comply with the HIPAA Security Rule.
Provide certification to OCR that all laptops, flashdrives, SD cards, and other portable media devices are encrypted, together with a description of the encryption methods used (“Certification”).
Review, revise its HIPAA Security training to include a focus on security, encryption, and handling of mobile devices and out-of-office transmissions and other policies and practices require to address the issues identified in the Risk Assessment and otherwise comply with the Risk Management Plan and HIPAA train its workforce on these policies and practices.
Investigate all potential violations of its HIPAA policies and procedures and notify OCR in writing within 30 days of any violation.
Submit annual reports to OCR, which must be signed by an owner or officer of CardioNet attesting that he or she has reviewed the annual report, has made a reasonable inquiry regarding its content and believes that, upon such inquiry, the information is accurate and truthful.
Maintain for inspection and copying, and provide to OCR, upon request, all documents and records relating to compliance with the corrective action plan for six years.

Implications For Covered Entities & Business Associates

The latest in a rapidly-growing list of high dollar HIPAA enforcement actions by OCR, the CardioNet Resolution Agreement contains numerous lessons for other Covered entities and their business associates about the importance of appropriate HIPAA privacy and security compliance, including but not limited to the following:

Like many previous resolution agreements announced by OCR, the Resolution Agreement reiterates the responsibility of covered entities and business associates to properly secure their ePHI and that as part of this process, OCR expects all laptop computers and other mobile devices containing or with access to ePHI be properly encrypted and secured.
It also reminds covered entities and their business associates to be prepared for, and expect an audit from OCR when OCR receives a report that their organization experienced a large breach of unsecured ePHI.
The Resolution Agreement’s highlighting of the draft status of CardioNet’s privacy and security policies also reflects OCR expects covered entities to actually final policies, procedures and training in place for maintaining compliance with HIPAA.
The discussion and requirements in the Corrective Action Plan relating to requirements to conduct comprehensive risk assessments at least annually and in response to other events, and to update policies and procedures in response to findings of these risk assessments also drives home the importance of conducting timely, documented risk analyses of the security of their ePHI, taking prompt action to address known risks and periodically updating the risk assessment and the associated privacy and security policies and procedures in response to the findings of the risk assessment and other changing events.
The requirement in the Resolution Agreement of leadership attestation and certification on the required annual report reflects OCR’s expectation that leadership within covered entities and business associates will make HIPAA compliance a priority and will take appropriate action to oversee compliance.
Finally, the $2.5 million settlement payment required by the Resolution Agreement and its implementation against CardioNet makes clear that OCR remains serious about HIPAA enforcement.

Clearly, covered entities, business associates and their management should take steps to promptly review the adequacy of their organizations’ HIPAA compliance policies, practices and documentation in light of the deficiencies listed in the CardioNet and other HIPAA OCR settlements and civil monetary penalty assessments. See e.g., Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements; $400K HIPAA Penalty Teaches Risk Assessment Importance; $3.2 Children’s HIPAA CMP Teaches Key Lessons.

Of course, covered entities and business associates need to keep in mind that acts, omissions and events that create HIPAA liability risks also carry many other potential legal and business risks. For instance, since PHI records and data involved in such breaches usually incorporates Social Security Numbers, credit card or other debt or payment records or other personal consumer information, and other legally sensitive data, covered entities and business associates generally also may face investigation, notification and other responsibilities and liabilities under confidentiality, privacy or data security rules of the Fair and Accurate Credit Transaction Act (FACTA), the Internal Revenue Code, the Social Security Act, state identity theft, data security, medical confidentiality, privacy and ethics, insurance, consumer privacy, common law or other state privacy claims and a host of other federal or state laws. Depending on the nature of the covered entity or its business associates, the breach or other privacy event also may trigger fiduciary liability exposures for health plan fiduciaries in the case of a health plan, professional ethics or licensing investigations or actions against health care providers, insurance companies, administrative service providers or brokers, shareholder or other investor actions, employment or vendor termination or disputes and a host of other indirect legal consequences.

Beyond, and regardless of if, a covered entity or business ultimately succeeds in defending its actions against a charge of violating any of these or other standards, however, covered entities, business associates and their leaders should keep in mind that the most material and often most intractable consequences of a HIPAA or other data or other privacy breach report or public accusation, investigation, admission also typically are the most inevitable:

The intangible, but critical loss of trust and reputation covered entities and business associates inevitably incur among their patients, participants, business partners, investors and the community; and
The substantial financial expenses and administrative and operational disruptions of investigating, defending the actions of the organization and implementation of post-event corrective actions following a data or other privacy breach, audit, investigation, or charge.

In light of these risks, covered entities business associates and their management should use the experiences of CardioNet and other covered entities or business associates caught violating HIPAA or other privacy and security standards to reduce their HIPAA and other privacy and data security exposures. Management of covered entities and their business associates should take steps to ensure that their organizations policies, practices and procedures currently are up-to-date, appropriately administered and monitored, and properly documented. Management should ensure that their organizations carefully evaluate and strengthen as necessary their current HIPAA risk assessments, policies, practices, record keeping and retention and training in light of these and other reports as they are announced in a well-documented manner. The focus of these activities should be both to maintain compliance and position their organizations efficiently and effectively to respond to and defend their actions against a data breach, investigation, audit or accusation of a HIPAA or other privacy or security rule violation with a minimum of liability, cost and reputational and operational damages.

As the conduct of these activities generally will involve the collection and analysis of legally sensitive matters, most covered entities and business associates will want to involve legal counsel experienced with these matters and utilize appropriate procedures to be able to use and assert attorney-client privilege and other evidentiary privileges to mitigate risks associated with these processes. To help plan for and mitigate foreseeable expenses of investigating, responding to or mitigating a known, suspected or asserted breech or other privacy event, most covered entities and business associates also will want to consider the advisability of tightening privacy and data security standards, notification, cooperation and indemnification protections in contracts between covered entities and business associates, acquiring or expanding data breach or other liability coverage, or other options for mitigating the financial costs of responding to a breach notification, investigation or enforcement action.

About The Author

Author of leading works on HIPAA and other privacy and data security works and the scribe leading the American Bar Association Joint Committee on Employee Benefits Annual Agency Meeting with OCR, her experience includes extensive compliance, risk management and data breach and other crisis event investigation, response and remediation under HIPAA and other data security, privacy and breach laws. Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues including meaningful use and EMR, billing and reimbursement, quality measurement and reimbursement, HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and many other concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other “nonpar,” insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Latest $2.5M HIPAA Settlement Warning To Health Plans, Providers: Get HIPAA Compliant | ARRA, Attorney-Client Privilege, board of directors, Brokers, Civil Monetary Penalties, Civil Rights, compliance, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, directors, Electronic Medical Record, Employee Benefits, Employer, fiduciary duty, Fiduciary Responsibility, FINRA, GINA, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Technology, Telecommuting, Uncategorized | Tagged: Breach, Breach Notification, Business Associate, Covered Entity, Health Insurance, Health Plan, HIPAA, HIPAA Privacy, HIPAA Security, Medical Privacy, OCR, Office of Civil Rights, REmote Care, Technology, Telemedicine | Permalink
Posted by Cynthia Marcotte Stamer

Trump Picks Miscimmara As New NLRB Chair

April 26, 2017

President Donald J. Trump has named Philip A. Miscimarra the Chairman of the National Labor Relations Board (NLRB) by President Donald J. Trump.

A Republican and former management lawyer, Miscimarra has served on the NLRB since August 7, 2013, following the Senate’s confirmation of his appointment to the NLRB on July 30, 2013 His current term of appointment to the NLRB is slated to expire on December 16, 2017.

President Trump originally designated Miscimarra to to serve as Acting NLRB Chairman on January 23, 2017. On April 21, 2017, the White House announced the President’s planned to name Miscimarra as the new NLRB Chairman. President Trump’s April 24, 2017 designation of Miscimarra as NLRB Chairman follows through on this plan.

The NLRB also consists of NLRB Member Mark Gaston Pearce (previously NLRB Chairman), whose term expires on August 27, 2018; and NLRB Member Lauren McFerran, whose term expires on December 16, 2019. Two Board member seats are currently vacant.

Before joining the Board, Chairman Miscimarra was a Senior Fellow in the Center for Human Resources at the University of Pennsylvania’s Wharton Business School in the Wharton Center for Human Resources, and a management-side labor and employment law partner with Morgan Lewis & Bockius LLP in Chicago. He also previously worked as a labor and employment attorney with Seyfarth Shaw LLP; Murphy Smith & Polk PC (now the Chicago office of Ogletree, Deakins, Nash, Smoak & Stewart, PC); and Reed Smith Shaw & McClay (now Reed Smith LLP). He is the author or co-author of several books involving labor law issues, including The NLRB and Managerial Discretion: Subcontracting, Relocations, Closings, Sales, Layoffs, and Technological Change (2d ed. 2010) (by Miscimarra, Turner, Friedman, Callahan, Conrad, Lignowski and Scroggins); The NLRB and Secondary Boycotts (3d ed. 2002) (by Miscimarra, Berkowitz, Wiener and Ditelberg); and Government Protection of Employees Involved in Mergers and Acquisitions (1989 and 1997 supp.) (by Northrup and Miscimarra).

Miscimarra received his Juris Doctor from the University of Pennsylvania Law School; a Master of Business Administration from the University of Pennsylvania’s Wharton Business School; and a Bachelor of Arts, summa cum laude, from Duquesne University.

Miscimarra’s appointment as Chair is expected to shift the balance of the NLRB toward a more management friendly perspective. His dissenting opinions during his tenure on the NLRB suggest that under his leadership after the existing vacancies on the NLRB are filled may adopt more management friendly points of view on issues like rolling back “quickie” certification election rules, the NLRB test for determining whether joint employer relationships exist, deciding when handbooks and work rules interfere with employees’ NLRA rights, recognizing collective bargaining units, extending NLRA protections to nontraditional groups such as students, medical professionals and others compared to those pursued by the NLRB during the Obama Administration.

About The Author

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Trump Picks Miscimmara As New NLRB Chair | employee, Employer, Employers, Employment, HR, Human Resources, Labor Management Relations, Leadership, Managment, MSHA, NLRA, Uncategorized | Tagged: Labor Law, labor-management relations, NLRA, Trump Administration | Permalink
Posted by Cynthia Marcotte Stamer

Employers Review Health Plans Now To Avoid Excise Taxes & Other Current Law Plan Risks & Ready For Health Reform

April 25, 2017

To conduct an independent compliance review and risk assessment of their health plans,
To recommend and assist in the performance of recommended steps to correct or mitigate risks from any potential past or existing violations or other exposures that have arisen or are likely to arise from existing contractual, plan design or other health plan actions;
To explore the potential advisability of taking additional steps to prevent or mitigate health plan associated compliance or other risks going forward whether or not health reform happens; and
To begin preparing to take advantage of any impending health care reforms by evaluating the requirements and procedures that existing plan terms, contracts, vendors and arrangements are likely to require to implement changes necessary to respond to any reforms as quickly and efficiently as possible.

Spring Clean Your Health Plan House

Fiduciary liability that can arising from failing to administer the plan in accordance with these and other federal health plan mandates under ERISA;
Unanticipated benefit costs and liabilities, which for self-insured plans are likely to be particularly burdensome if compliance issues are not identified and corrected before applicable deadlines to pay and submit claims to the stop-loss or other insurer expire (usually at or shortly after the close of a plan year or if earlier, contract termination);
Benefit costs and penalties for wrongful coordination of benefits with Medicare, Medicaid, DOD and certain other plans or coverage in violation of Secondary Payer and other mandates; and
Costs of defending and settling audits, litigation and other government or participant enforcement actions.

Prepare To Respond To Potential Health Reform & Other Health Plan Improvement

About The Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.

For more information about Ms. Stamer or her experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Employers Review Health Plans Now To Avoid Excise Taxes & Other Current Law Plan Risks & Ready For Health Reform | 4980D, 4980H, 6039D, ACA, board of directors, Brokers, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims Administration, compliance, Corporate Compliance, corporate governance, directors, employee, Employee Benefits, Employer, Employment, ERISA, Fair Labor Standards Act, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, health reform, HR, Human Resources, Insurance, insurers, Internal Controls, IRC, Management, Mental Health, Mental Health Parity, Obamacare, Patient Empowerment, Patient Protection & Affordable Care Act, Premium Subsidies, preventive care, Reporting & Disclosure, SBC, Uncategorized, Wellness Programs | Tagged: Americas Health Care Act, Employee Benefits, Employer, Health Benefits, Health Care Reform, Health Plans, Obamacare, Trump Care | Permalink
Posted by Cynthia Marcotte Stamer

Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements

April 24, 2017

The HIPAA Business Associate Agreement Requirements

A fine of up to $50,000, imprisoned not more than 1 year, or both;
If the offense is committed under false pretenses, a fine of up to $100,000, imprisonment of not more than 5 years, or both; and
If the offense is committed with intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm, a fine of up to $250,000, imprisoned not more than 10 years, or both.

A minimum penalty of $100 and a maximum penalty of $50,000 per violation, for violations which the CE or BA “did not know, and by exercising reasonable diligence would not have known” about using “the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances;”
A minimum penalty of $1,000 and a maximum penalty of $50,000 per violation, for violations for “reasonable cause” which do not rise to the level of “willful neglect” where “reasonable cause” means the “circumstances that would make it unreasonable for the covered entity, despite the exercise of ordinary business care and prudence, to comply with the violated Privacy Rule requirement;”
A minimum penalty of $10,000 and a maximum penalty of $50,000 per violation, for violations attributed to “willful neglect,” defined as “the conscious, intentional failure or reckless indifference to the obligation to comply” with the requirement or prohibition; and
A minimum penalty of $50,000 and a maximum penalty of $1.5 million per violation, for violations attributed to “willful neglect” not remedied within 30 days of the date that the covered entity or BA knew or should have known of the violation.

CCDH Sanctions For Violation Of HIPAA Business Associate Agreement Rules

Based on the resulting investigation, OCR concluded:

CCDH failed to obtain a BAA providing written assurances from Filefax that it would appropriately safeguard the PHI in Filefax’s possession or control satisfactory assurances as required by Privacy Rule §164.502(e); and
Because CCDH failed to secure the required BAA, it violated the Privacy Rule by impermissibly disclosing the PHI of at least 10,728 individuals to Filefax when CCDH transferred the PHI to Filefax without obtaining the requisite BAA from Filefax (Covered Conduct).

Implications For Covered Entities & Business Associates

About The Author

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar, insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

In connection with this work, Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Latest HIPAA Resolution Agreement Drives Home Importance Of Maintaining Current, Signed Business Associate Agreements | ARRA, Attorney-Client Privilege, Cafeteria Plans, church plan, Civil Monetary Penalties, Civil Rights, Claims, Consumer Protection, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, employee, Employee Benefits, Employer, Employers, Employment, HIPAA, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Internal Investigations, Patient Empowerment, Physician, Plan Admistrator, Privacy, Professional Liability, Protected Health Information, Provider, Risk Management, Uncategorized | Tagged: Business Associate, Health Care, Health Insurer, Health Plans, HIPAA, HIPAA OCR, HIPAA Privacy, HITECH, Insurer, Technology, tpa | Permalink
Posted by Cynthia Marcotte Stamer

Consider Access In Prudent Investment Broker Selection

April 19, 2017

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.©2017. Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.

Comments Off on Consider Access In Prudent Investment Broker Selection | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Health Reform: Tell Congress Until It Listens

April 19, 2017

Comments Off on Health Reform: Tell Congress Until It Listens | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

$400K HIPAA Penalty Teaches Risk Assessment Importance

April 12, 2017

Metro Community Provider Network (MCPN), a federally-qualified health center (FQHC), must pay $400,000 and implement a corrective action plan to resolve U.S. Department of Health and Human Services, Office for Civil Rights (OCR) charges it violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule by failing to implement a security management process to safeguard electronic protected health information (ePHI). The latest in a growing series of high-dollar HIPAA settlements and penalty assessments, it reminds health plans and other HIPAA-covered entities of the importance of conducting risk assessments and other actions to prevent and prepare to respond to hacking and other data breach and security events.

The Resolution Agreement and Corrective Action Plan, like most others before it, resulted from an investigation opened in response to a breach report. On January 27, 2012, MCPN filed a breach report with OCR indicating that a hacker accessed employees’ email accounts and obtained 3,200 individuals’ ePHI through a phishing incident. OCR’s investigation revealed that MCPN took necessary corrective action related to the phishing incident. However, the investigation also revealed that MCPN failed to conduct a risk analysis until mid-February 2012 – well after the hacking incident reported in the breach report.Prior to the breach incident, MCPN had not conducted a risk analysis to assess the risks and vulnerabilities in its ePHI environment, and, consequently, had not implemented any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis.

When MCPN finally conducted a risk analysis, OCR found that risk analysis, as well as all subsequent risk analyses, were insufficient to meet the requirements of the Security Rule.

OCR made a point in announcing the Resolution Agreement of noting it considered MCPN’s status as a FQHC when balancing the significance of the violation with MCPN’s ability to maintain sufficient financial standing to ensure the provision of ongoing patient care. MCPN provides primary medical care, dental care, pharmacies, social work, and behavioral health care services throughout the greater Denver, Colorado metropolitan area to approximately 43,000 patients per year, a large majority of whom have incomes at or below the poverty level. It is likely that OCR would have imposed a much greater settlement amount had the covered entity not been a FQHC serving the poor.

About The Author

Throughout her career, she has helped health industry clients manage workforce, medical staff, vendors and suppliers, medical billing, reimbursement, claims and other provider-payer relations, business partners, and their recruitment, performance, discipline, compliance, safety, compensation, benefits, and training ;board, medical staff and other governance; compliance and internal controls; strategic planning, process and quality improvement; change management; assess, deter, investigate and address staffing, quality, compliance and other performance; meaningful use, EMR, HIPAA and other data security and breach and other health IT and data; crisis preparedness and response; internal, government and third-party reporting, audits, investigations and enforcement; government affairs and public policy; and other compliance and risk management, government and regulatory affairs and operations concerns.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also has extensive health care reimbursement and insurance experience advising and defending health care providers, payers, and others about Medicare, Medicaid, Medicare and Medicaid Advantage, Tri-Care, self-insured group, association, individual and group and other health benefit programs and coverages including but not limited to advising public and private payers about coverage and program design and documentation, advising and defending providers, payers and systems and billing services entities about systems and process design, audits, and other processes; provider credentialing, and contracting; providers and payer billing, reimbursement, claims audits, denials and appeals, coverage coordination, reporting, direct contracting, False Claims Act, Medicare & Medicaid, ERISA, state Prompt Pay, out-of-network and other nonpar insured, and other health care claims, prepayment, post-payment and other coverage, claims denials, appeals, billing and fraud investigations and actions and other reimbursement and payment related investigation, enforcement, litigation and actions.

Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, MGMA, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; a ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposium and chair, faculty member and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, Insurance Thought Leadership and many other prominent publications and speaks and conducts training for a broad range of professional organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
©2017 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved. For information about republication or other use, please contact Ms. Stamer here.

Comments Off on $400K HIPAA Penalty Teaches Risk Assessment Importance | board of directors, Civil Monetary Penalties, compliance, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, Employee Benefits, Employer, Employers, health benefit, Health Benefits, health Care, health insurance, health plan, Health Plans, HIPAA, HIPAA, HR, Human Resources, Identity Theft, Uncategorized | Tagged: Data Security, HIPAA, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Congress Sends President Resolution Striking Down EBSA Regs Allowing States To Default Enroll Non-Governmental Employees In State Run Savings Plans

April 5, 2017

Congress has sent to President Trump for signature a resolution striking down amendments made on December 20, 2016 by the Employee Benefit Security Administration (EBSA) to its regulations on “Savings Arrangements Established by Qualified State Political Subdivisions for Non-Governmental Employees” (Regulation).

Adopted at the end of the Obama Administration, the amended Regulation empowered state governments and their political subdivisions to design and operate payroll deduction savings programs for private-sector employees, including programs that use automatic enrollment, without causing the states or private-sector employers to have established employee pension benefit plans subject to ERISA.

While EBSA in adopting the Rule and other advocates of the Regulation touted it as expanding savings options for Americans not otherwise covered by private retirement programs, Republican leaders and other critics argued among other things that the Regulation undercut the retirement security safeguards provided by ERISA for private sector employees by authorization the creation of government-run plans that lacked the basic protections for retirement savers provided by ERISA and as a result, left private sector workers and retirees forced into these programs with “nowhere to turn if their savings were mismanaged.”

H.J.Res.67 disapproves the Rule and directs that its provisions are to have “no force or effect.” President Trump is expected to sign the Resolution into law.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment, employee benefits, compensation, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Congress Sends President Resolution Striking Down EBSA Regs Allowing States To Default Enroll Non-Governmental Employees In State Run Savings Plans | 401(k), Default enrollment, ERISA, government plan, retirement plan, Retirement Plans, Uncategorized | Tagged: Payroll deduction | Permalink
Posted by Cynthia Marcotte Stamer

Periodically Reevaluate Employee Business Expense Reimbursement Practices

April 5, 2017

Employers looking for cost-effective opportunities to sweeten the perceived value their compensation and fringe benefit packages periodically should re-examine their policies for reimbursement of employees for ordinary and necessary business expenses an employee incurs in connection with the performance of his duties, such as:

Required work clothes or uniforms not appropriate for everyday use.
Supplies and tools for use on the job.
Business use of a car.
Business meals and entertainment.
Business travel away from home.
Business use of a home.
Work-related education.

Businesses generally consider a wide range of factors when deciding what expenses to reimburse to employees. In arriving at these decisions, however, many businesses overlook the opportunity to stretch the overall compensation dollars by reimbursing employees for business expenses in lieu of paying cash compensation to the employee but requiring the employee to use after tax dollars to pay business expenses not reimbursed by the employer.

While many employers believe “cash is king” when paying employees, paying employees more cash in lieu of reimbursing employees for business often increases the employment tax liability of the employer while also unwittingly diminishing the value of the cash compensation paid to the employee because of federal tax rules governing individual deductions a business expenses.

While the Internal Revenue Code and associated Internal Revenue Service regulations impose special rules for certain categories of employment, federal tax law generally allows businesses both:

To deduct from the gross income of the business for purposes of determining its adjusted gross income those amounts the business pays as wages as well as amounts paid to reimburse an employee for ordinary and necessary business expenses expended by the employee in the performance of his duties and to exclude such amounts for calculating the employment tax liabilities of both the employer and the employee; and
In many, but not all instances, to exclude all or some of the reimbursement amount from the taxable wages of the employee for income tax and/or employment tax purposes.

The income and employment tax treatment of business expenses paid by an employee generally is much less favorable when an employee seeks to deduct or exclude xpenditures made for ordinary and necessary business expenses from taxable income.

While federal income tax rules generally allow businesses to deduct ordinary and business expenses directly from gross income to arrive at their taxable adjusted gross income, federal tax rules are more restrictive concerning the deduction of business expenses by employees for income tax purposes and provides no easy mechanism to claim credit for such amounts for employment tax purposes.

In general, the Internal Revenue Code generally only allows employees who otherwise have sufficient deductible expenses to itemize deductions to claim any business expenses as a deduction when calculating their federal income taxes. Depending on the income of the workforce and particularly in the case of lower income workers, the itemization requirement effectively bars a large percentage of employees from any possibility of deducting business expenses incurred in the performance of their work.

Beyond the requirement to itemize, the Internal Revenue Code also imposes a second hurdle that further restricts the deductibility of business expenses when claimed by an employee versus a business. Specifically, the Internal Revenue Code generally only allows an employee to deduct business expenses paid by the employee to the extent those expenses exceed 2% of the employee’ adjusted gross income. This means that even those employees who qualify to file itemize deductions cannot deduct the initial 2% of the ordinary and necessary business expenses the employee pays and connection of the performance of his job even though the Internal Revenue Code would allow the employer to deduct the full amount of amounts paid to reimburse the employee for those same expenses.

Since most employees understand that the purchasing power of any cash compensation they receive from the employer is reduced by the amount of any expenses that they pay but are not reimbursed for, considering reimbursing employees for expenses in lieu of paying the employee cash, then requiring the employee to pay those expenses out of taxable income.

Of course, when considering whether to pay or reimburse employee expenses, employers also should evaluate and verify that their planned treatment of an expenditure and its reimbursement otherwise complies with any union or other contracts, as well as any applicable federal and state occupational safety, wage and hour and other laws.

Regardless of whether the employer or the employee plans to claim a business expense for tax purposes, an employer should encourage its employees to keep, and if reimbursing the employee, submit good records for proof of income and expenses. Employers reimbursing business expenses may wish to educate employees about both the tax and financial value of these reimbursement benefits as a part of the overall compensation package provided to employees. Even where an employer does not reimburse its employees all or part of an otherwise deductible business expense, however, it also may want to share Internal Revenue Service resources like “IRS Publication 529, Miscellaneous Deductions,” and “Publication 463, Travel, Entertainment, Gift and Car Expenses” with employees to help educate employees about these tax rules and their opportunities and responsibilities.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Periodically Reevaluate Employee Business Expense Reimbursement Practices | employee, Employee Benefits, Employment, Employment Discrimination, Employment Tax, HR, Human Resources, Income Tax, IRC, Tax, Unemployment Benefits, Unemployment Insurance | Tagged: benefits, Compensation, Employee, Employer, Employment Tax, expense reimbursement, Fringe Benefits, Income Tax | Permalink
Posted by Cynthia Marcotte Stamer

Labor Department Reports Signal More Safety Emphasis Coming

April 4, 2017

A series of Labor Department Office of Inspector General (OIG) reports emphasizing safety signal possible stepped up safety regulation and enforcement.

OIG recently released the following report(s):

OSHA Could Do More to Ensure Employers Correct Hazards Identified During Inspections, Report No. 02-17-201-10-105 (March 31, 2017);
Better Strategies Needed To Increase Employer Participation In The State Information Data Exchange System, Report No. 04-17-003-03-315 (March 31, 2017);
MSHA Needs to Provide Better Oversight of Emergency Response Plans, Report No. 05-17-002-06-001 (March 31, 2017); and
Review of Job Corps Center Safety and Security, Report No. 26-17-001-03-370 (March 31, 2017).

Since the findings of these reports are likely to prompt enhanced regulatory activity, enforcement or both by the Labor Department, employers should consider their recommendations when evaluating and planning their safety efforts. At the same time, business leaders and others monitoring these developments should keep in mind that the OIG reports were published in the absence of new Labor Department leadership appointed by the Trump Administration. It remains to be seen how fully and which of these recommendations that the new Secretary of Labor ultimately appointed by the Trump Administration will implement.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Labor Department Reports Signal More Safety Emphasis Coming | Employer, Employers, mine safety, occupational safety, OSHA, Safety, Uncategorized | Tagged: compliance, department of labor, Employer, Employment, OIG, OSHA, Risk Management, Safety | Permalink
Posted by Cynthia Marcotte Stamer

Federal Veteran Hiring Benchmarks Increased

March 31, 2017

Government contractors should review and update their veteran recruitment and hiring practices in light of an increase in the 2017 Annual Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) hiring benchmark on the VEVRAA Benchmark Database. The new benchmark – 6.7 percent – is effective March 31, 2017. National and state information has also been updated in the VEVRAA Benchmark Database for federal contractors and subcontractors who calculate an individualized hiring benchmark using the five-factor method.

The target adjustments are part of heightened requirements, audits and scrutiny of their compliance with federal contracting requirements imposed under the Obama Administration, upon federal government contractors and their subcontractors.

Audit and enforcement of discrimination and a host of other government contractor requirements was a key enforcement and audit priority of the Obama Administration. Additionally, the Obama Administration expanded and tightened a wide range of OFCCP and other government contracting standards, reporting, notice and other requirements as part of its efforts to promote affirmative action, prounion and other regulatory agendas, It remains unclear if the new Trump Administration plans to modify these these requirements.

Pending further published guidance to the contrary, contractors should continue to assume the rules remain in effect. Those who adopted the previous year’s national benchmark of 6.9 percent after March 4, 2016, but prior to the adjustment announcement, may keep their benchmark at 6.9 percent.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Federal Veteran Hiring Benchmarks Increased | Civil Rights, compliance, EEOC, Employer, Employers, Employment, Government Contractors, Uncategorized, veterans, VEVRAA | Permalink
Posted by Cynthia Marcotte Stamer

Congress Votes To Nullify Obama Administration’s FTC Privacy Rule

March 30, 2017

Congress yesterday passed S.J.Res.34, disapproving the Obama Administration-issued Federal Communications Commission regulations relating to “Protecting the Privacy of Customers of Broadband and Other Telecommunications Service” published on December 2, 2016.

The nullified FTC Rule: (1) applies the customer privacy requirements of the Communications Act of 1934 to broadband Internet access service and other telecommunications services, (2) requires telecommunications carriers to inform customers about rights to opt in or opt out of the use or the sharing of their confidential information, (3) adopts data security and breach notification requirements, (4) prohibits broadband service offerings that are contingent on surrendering privacy rights, and (5) requires disclosures and affirmative consent when a broadband provider offers customers financial incentives in exchange for the provider’s right to use a customer’s confidential information.

The rule’s nullification is one of a series of Obama Administration regulations that the new Republican majority in Congress has or is expected to overrule using legislative powers to “veto” regulations reserved to Congress on a fast track basis following an agency’s adoption of the rule.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Congress Votes To Nullify Obama Administration’s FTC Privacy Rule | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Congress Overrules Obama Administration Unemployment Comp Drug Testing Rule

March 22, 2017

Congress today passed and sent to President Trump a Joint Resolution overturning an Obamacare era rule on when States may require drug testing of unemployment compensation (UC) applicants.

H.J. Res. 42 overturns a rule that permitted States to drug test UC applicants as a condition of UC eligibility under two circumstances:

If the applicant was terminated from employment with the applicant’s most recent employer because of the unlawful use of a controlled substance; or
If the only available suitable work (as defined in the law of the State conducting the drug testing) for an individual is in an occupation that regularly conducts drug testing (as determined in regulations by the Secretary).

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, or e-mail her here.

Comments Off on Congress Overrules Obama Administration Unemployment Comp Drug Testing Rule | Employment | Tagged: unemployment | Permalink
Posted by Cynthia Marcotte Stamer

Read Manager’s Markup of Republican Health Reform Bill

March 21, 2017

Republicans continue to push health reform on the fast track. Read the Manager’s Amendment to H.R. 1628 at https://rules.house.gov/bill/115/hr-1628, which is scheduled to go before the Rules Committee tomorrow in anticipation of a planned House vote Thursday.

Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, or e-mail her here.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Read Manager’s Markup of Republican Health Reform Bill | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

IRS Clarifies FICA Refund Employee Consent Rules

March 21, 2017

Employers considering seeking employment tax refunds should check out new guidance in Revenue Procedure 2017-28 on the requirements for employee consent used by an employer to support a claim for refund of overpaid taxes under the Federal Insurance Contributions Act (FICA) and the Railroad Retirement Tax Act (RRTA).

The Revenue Procedure clarifies the basic requirements for both a request for employee consent and for the employee consent. It permits employee consent to be requested, furnished, and retained in an electronic format. It also contains guidance on what constitutes “reasonable efforts” if employee consent is not secured in order to permit the employer to claim a refund of the employer share of overpaid FICA or RRTA taxes.

Employers considering filing for a FICA refund may benefit from the added flexibility confirmed by this guidance.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on IRS Clarifies FICA Refund Employee Consent Rules | FICA | Tagged: Employer, Tax | Permalink
Posted by Cynthia Marcotte Stamer

Help Employees Avoid Healthcare Associated Infections

March 18, 2017

Staff infections are only one category of serious infection risks that employees and their families face when getting health care treatment.

Help employees avoid these infection risks by sharing the following tips from the Center for Disease Control:

Speak up. Talk to your doctor about any questions or worries. Ask what they’re doing to protect you.
Keep hands clean. Make sure everyone, including friends and family, clean their hands before touching you. If you don’t see your healthcare providers clean their hands, ask them to do so.
Ask each day if your central line catheter or urinary catheter is necessary. Leaving a catheter in place too long increases the chances you’ll get an infection. Let your doctor or nurse know immediately if the area around the central line becomes sore or red, or if the bandage falls off or looks wet or dirty.
Prepare for surgery. Let your doctor know about any medical problems you have. Ask your doctor how he/she prevents surgical site infections.
Ask your healthcare provider, “Will there be a new needle, new syringe, and a new vial for this procedure or injection?” Insist that your healthcare providers never reuse a needle or syringe on more than one patient.
Get Smart about antibiotics. Antibiotics only treat bacterial infections – they don’t work for viruses like the ones that cause colds and flu. Ask your healthcare provider if there are steps you can take to feel better without using antibiotics. If you’re prescribed an antibiotic, make sure to take the prescribed antibiotic exactly as your healthcare provider tells you and do not skip doses.
Watch out for deadly diarrhea (aka Clostridium difficile). Tell your doctor if you have 3 or more diarrhea episodes in 24 hours, especially if you’ve been taking an antibiotic.
Know the signs and symptoms of infection. Some skin infections, such as MRSA, appear as redness, pain, or drainage at an IV catheter site or surgery site and come with a fever. Infections can also lead to sepsis, a complication caused by the body’s overwhelming and life-threatening response to an infection.
Get Vaccinated. Getting yourself, family, friends, and caregivers vaccinated against the flu and other infections prevents spread of disease.
Cover your mouth and nose. When you sneeze or cough, germs can travel 3 feet or more. Use a tissue to avoid spreading germs with your hands.

Healthcare-associated Infections are not only a problem for healthcare facilities – they represent a public health issue. Learn more about how to be a safe patient. Read: Patient Safety: What You Can Do to Be a Safe Patient.

Comments Off on Help Employees Avoid Healthcare Associated Infections | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Actions, Not Titles or Words, Make Leaders

March 17, 2017

Great leaders build great performance by inspiring each team member to perform their best and helping provide the tools and training to help each team member’s best be better every day.

The ability to recruit great teams is a valuable asset. In an age where businesses and business leaders often tout the value of teamwork, however, many businesses inadvertently undermine their most effective team players and the teamwork they claim to desire by failing to properly measure and reward team players and their teamwork.

Employers and other business leaders looking to maximize performance frequently overly-rely upon personally assigned or claimed performance credit, without making provision for measuring or rewarding teamwork.

The most meaningful measure of leadership, though, is how well a leader coaches, inspires and credits the least talented team member to extraordinary performance while keeping star players motivated and focused on the team. Arriving at a performance measurement and reward program that appropriately rewards leaders and team members for teamwork, while at the same time encouraging the highest individual performance within the team requires that employers reevaluate performance and its measurement both in terms of the individual contributions of members of the team, and their interaction and support for others on the team.

If your organization truly considers teamwork valuable, your performance management measures and resulting performance management and rewards must identify and reward team contributors and the team appropriately.

Developing and communicating these measures and rewards requires management clearly understand, communicate, measure and reward both the desired performances of the team and the respective roles and responsibilities of the individuals on the team. Where management views teamwork as valuable, performance measurement and associated rewards should measure the expected teamwork, as well as team performance. Concurrently, however, management also needs to continue to appropriately monitor, measure and reward individual performance within the team. The focus on team performance should both incorporate appropriate individual performance measures and rewards to encourage and reward superior individual performance for, but not at the expense of, the team that elevates the team to its ultimate potential. At the same time, management also will want to use individual measures to identify and incentivize or weed out underperforming team members, whose lacking performance otherwise undermines the team and its overall performance.

Amid all of these activities, management should keep both team and individual performance measurements and rewards each offer their own opportunities for gamesmanship and abuse. At minimum, all performance and reward systems should be designed and administered for defensibility under wage and hour, employment discrimination, safety, tax, benefit, whistleblower and other federal and state laws as well as other potential operational misuse and manipulation inconsistent with the goals of the business and its operations.

To best promote the desired performances and minimize potential contractual or other legal or operational risks, management should carefully document and communicate its expectations, performance measures and rewards for clarity and defensibility, while reserving appropriate discretion to interpret, administer and where necessary, modify these expectations, measures and rewards in response to ongoing business needs and goals.

Once established, to promote optimal performance with minimum legal and operational risk, management should use care to administer their programs consistent with announced terms until it notifies the team of changes when and if business needs change.

At the end of the day, teamwork and individual performance ideally should combine synergistically where each person’s presence and performance on the team matters, regardless of how great or small.

Struggling to help your leaders and their team members understand the concept? Don’t overlook the opportunity to draw from inspirational examples in sports such as the one captured here.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Actions, Not Titles or Words, Make Leaders | Corporate Compliance, corporate governance, directors, Employer, Employers | Tagged: Employer, HR, Leadership, Management | Permalink
Posted by Cynthia Marcotte Stamer

Read “American Health Care Act” – Paul Ryan’s Proposed ACA Repeal & Replace Legislation

March 6, 2017

Paul Ryan released the American Health Care Act (Act) – the Republican leaderships’ proposed bill to repeal or reform the Obamacare law, the Patient Protection and Affordable Care Act (ACA).

When introducing the Act, Speaker Ryan touted the Act as rescuing the US health care system from the ACA driving down costs, encouraging competition, and giving every American access to quality, affordable health insurance.

Read the Act and your specific ideas and thoughts about the Act and your other input on what our health care system should look like going forward, how these proposals relate and the other reforms you believe Congress should make to build a better healthcare system for today that can survive into the future by joining the discussion in the Solutions Law Press, Inc. Coalition for Responsible Health Care Policy LinkedIn Group.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on Read “American Health Care Act” – Paul Ryan’s Proposed ACA Repeal & Replace Legislation | 105(h), 4980D, 4980H, 6039D, Affordable Care Act, Claims Administration, Employers, Employment, ERISA, Excepted Benefits, Excise Tax, Excise Taxes, fiduciary duty, Fiduciary Responsibility, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health reform, Mental Health Parity, Patient Protection & Affordable Care Act, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

When Trust Matters, Preparations Critical

March 5, 2017

Actual or perceived disloyalty or other reaches of Trece is one of the quickest ways to destroy a working relationship between an a business and its management or other employees or other service providers.

Heading off problems begins with both the management of a business and those providing services to it understanding the call mama and other conflict of interest, loyalty and other responsibilities of the service provider to the businesses

Historically, the common law has recognized that common law management and other employees – but not necessarily independent contractors or other non common law employee service providers – owe a duty of loyalty to their employer that among other things. Inventions, knowledge and other value created by an employee and value derived from the employee generally are presumed the property of the employee under the doctrine of “works for hire.” An employee’s common law duty of loyalty generally also prihibits the employee from engaging in competition with the employer, self dealing, or conflicts of interest unless the the employee proves the employee consented after full disclosure of relevant facts by the employee.

In the age of federal sentencing guidelines and other federal and state internal controls mandates, carefully crafted loyalty, conflict of interest, confidentiality and trade secret, nonsolicitation, noncompete and other provisions in employee contracts, handbooks and policies can promote important regulatory risk management and compliance goals as well as deter employee breaches of loyalty by educating the employee of their duty, limit or overrun statutorial restrictions on some of these common law duties, and otherwise strengthen the ability of an employer to enforce these duties in the event of a violation.

As the common law does not necessarily apply these same duties of loyalty automatically businesses of contractor and other no traditional worker or other service provider relationships, however, ensuring that independent contractors and other nontraditional service providers are engaged pursuant to written agreements that include carefully crafted provisions that clearly reserve the business’ exclusive or other ownership of created products, internal controls mandates, and loyalty, conflict of interest, confidentiality and trade secret, nonsolicitation, noncompete and other safeguards can be critical to protect the interests of the business.

Whether dealing with employees or other service providers, today’s privacy and other limits on business investigatory powers also create a strong demand for businesses to back up their ability to investigate and redress these and other breaches by adopting and requiring all service providers to consent or otherwise be subject to appropriate disclaimers of privacy, computer and other use and monitoring, pre, concurrent and post terminationinvestigation, disclosure, cooperation, and other policies.

Comments Off on When Trust Matters, Preparations Critical | Bankruptcy, board of directors, conflict of interest, Corporate Compliance, Cybercrime, directors, employee, Employer, Employers, Employment, fiduciary duty, Government Contractors, Hiring, HR, Identity Theft, Internal Controls, Internal Investigations, Labor Management Relations, Loyalty, Management, Managment, OFCCP, Retaliation, Risk Management, Technology, Uncategorized, Worker Classification, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

Congress Set To Overrule OSHA Recordkeeping Rule

March 2, 2017

Congress may give employers relief from burdensome Obama-Administration-imposed Occupational Health and Safety Administration (OSHA) rule that clarified an employer’s duty to record and maintain records of workplace injuries and illnesses is a continuing duty.

Adopted in response to a decision of the United States Court of Appeals for the District of Columbia Circuit that held that The Occupational Health and Safety Act does not permit OSHA to impose a continuing recordkeeping obligation on employers, the Rule states employer obligations to make and maintain accurate records of employee injury and illness the duty to make and maintain accurate records of work-related injuries and illnesses is an ongoing obligation that continues for as long as the employer must keep records of the recordable injury or illness. The Rule clarified this duty does not expire just because the employer fails to create the necessary records when first required to do so.
Representative Bradley Byrne (R-AL) introduced the Resolution, which seeks to use the Congressional Review Act (CRA) to overturn the Rule.
If the Senate also adopts the Resolution would overturn the Rule.

Comments Off on Congress Set To Overrule OSHA Recordkeeping Rule | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Resolution To Reverse Obama OSHA Rule Heads To Senate

March 2, 2017

The House of Representatives on Wednesday, March 1, passed and sent to the Senate proposed House Joint Resolution 83 (Resolution) would disapprove and invalidate the Clarification of Employer’s 5 Continuing Obligation to Make and Maintain an Accurate Record of Each Recordable Injury and Illness published
by OSHA on December 19, 2016 (Rule).
Adopted in response to a decision of the United States Court of Appeals for the District of Columbia Circuit that held that The Occupational Health and Safety Act does not permit OSHA to impose a continuing recordkeeping obligation on employers, the Rule states employer obligations to make and maintain accurate records of employee injury and illness the duty to make and maintain accurate records of work-related injuries and illnesses is an ongoing obligation that continues for as long as the employer must keep records of the recordable injury or illness. The Rule clarified this duty does not expire just because the employer fails to create the necessary records when first required to do so.

Representative Bradley Byrne (R-AL) introduced the Resolution, which seeks to use the Congressional Review Act (CRA) to overturn the Rule.

If the Senate also adopts the Resolution would overturn the Rule.

Comments Off on Resolution To Reverse Obama OSHA Rule Heads To Senate | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Employers, Benefit Plans & Exempt Org: Prepare For Shortened Deadlines & Other Changes To IRS Employee Plan & Exempt Organization Exam Documentation Request Procedures

March 1, 2017

Heads up tax-exempt and governmental entities, employer and other qualified employee benefit plan sponsor, fiduciaries, administrators, and recordkeepers and their management, accountants, attorneys, and other service providers and advisors. Changes to the procedures that Internal Revenue Service (IRS) Tax Exempt and Government Entities TE/GE examiners use to make and enforce Information Document Request (IDR) in connection with an audit or other examination make it more important than ever that taxpayers use special care to collect, organize and maintain all of the data and documentation that examiners are likely to request in IDR and take other steps to prepare in advance to respond to an IDR.

New procedures announced in the February 27, 2017 Memorandum For All TE/GE Examiners On New Process For All Information Document Requests and scheduled to take effect April 1 seek to expedite the examination process and reduce backlogs. To accomplish this, the new procedures impose specific, tightened timelines for responding to IDRs and IRS follow and enforcement of data and document productions demanded by an IDR. As part of these changes, the new procedures shorten the time that the examiners will issue early subpoena warnings and subpoenas to compel taxpayers to produce requested data.

Taxpayers unable to respond in a timely fashion risk of both triggering these perilous enforcement procedures and an enhanced risk that IRS examiners will view the delay as an indication that the taxpayer may not be using the internal controls and processes expected by the IRS rules. Accordingly, taxpayers should seek advise from experienced legal counsel about the policies, practices, data and information they might be expected to need to respond to a IDR or other government investigation, recommendations for conducting their operations to promote their ability to efficiently assemble and produce the necessary data, records and other information to respond to a IDR or other investigation, audit or enforcement action, and other appropriate steps to position their organizations timely to recognize and produce the often substantial data generally demanded by an IRD and minimize risks of liability likely to arise from an IRS examination or other governmental or private investigation or action.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 28 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other employee benefit, insurance, technology and other highly regulated organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps these and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, current American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting, former Vice President of the North Texas Health Care Compliance Professionals Association, past Chair of the ABA Health Law Section Managed Care & Insurance Section, past ABA JCEB Council Representative, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Compliance Chair of the National Kidney Foundation of North Texas, and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer’s includes nearly 30 years’ of work with a diverse range of health industry clients on an extensive range of matters.

Ms. Stamer has worked closely with health industry, managed care and insurance, employee benefit, financial services, technology, restructuring, retail, hospitality, manufacturing, consulting, sales, energy, import-export, staffing and other businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of staffing, human resources and workforce performance management, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Best known for her thoughleadership and experience on health benefit and other health and insurance industy matters, Ms. Stamer has worked throughout her career health care, health benefit and insurance and health information technology, data and related process and systems development, policy and operations design, management, product development, innovation, administration, public policy, regulatory compliance, enforcement, contracting, privacy and data security and related matter. Ms. Stamer continuously advises health and insurance industry clients about licensing, regulatory compliance and internal controls, workforce, agent and broker and medical staff performance, claims and reimbursement, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Scribe for ABA JCEB annual agency meeting with OCR for many years, Ms. Stamer also is widely recognized for her extensive work and leadership on HIPAA, FACTA, PCI, IRC and other tax, Social Security, GLB, rade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns including policy design, drafting, administration and training; business associate and other contracting; risk assessments, audits and other risk prevention and mitigation; investigation, reporting, mitigation and resolution of known or suspected breaches, violations or other incidents; and defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others. Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks, insurers and other financial institutions, and others on trade secret confidentiality, privacy, data security and other risk management and compliance including the design, establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR, FTC and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns.

Her clients include public and private health care providers, health insurers, health plans, employers, payroll, staffing, recruitment, insurance and financial services, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others. Ms. Stamer also has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use published by BNA, the ABA and other premier legal industy publishers.

Ms. Stamer also has extensive experience with a diverse array of other human resources and other staffing, services, outsourcing and other workforce, qualified and nonqualified employee benefit, compensation, and related matters, their design, documentation, administration, modification, enforcement and defense and other related operational, compliance and risk management. Her experience includes advising andassisting employer and other plan sponsors, fiduciaries, administrators, vendors and others with and program design, documentation and ongoing administration administration for compliance and defensibility under IRS and other federal and state tax, OFCCP, CAS, SCA, Davis Bacon, SEC and other corporate, ERISA and other federal and state labor and employment, SEC and other corporate, Department of Insurance and other laws and regulations; advising and assisting buyers, sellers, investors, debtors, creditors, trustees, plan fiduciaries and service providers and others in relation to business transactions, restructurings, bankruptcies and other substantial corporate and business events and transactions including significant work involving amendment, termination, windup and restructuring of employee benefit plans and workforce concerns in highly publicized fiduciary, securities or other misconduct investigation and enforcement, bankruptcy, restructuring or other distress situations.

A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy and governmental and regulatory affairs experience, Ms. Stamer also is widely recognized for regulatory and policy work, advocacy and outreach on healthcare, education, aging, disability, savings and retirement, workforce, ethics, and other policies. Throughout her adult life and career, Ms. Stamer has provided thought leadership; policy and program design, statutory and regulatory development design and analysis; drafted legislation, proposed regulations and other guidance, position statements and briefs, comments and other critical policy documents; advised, assisted and represented health care providers, health plans and insurers, employers, professional. and trade associations, community and government leaders and others on health care, health, pension and retirement, workers’ compensation, Social Security and other benefit, insurance and financial services, tax, workforce, aging and disability, immigration, privacy and data security and a host of other international and domestic federal, state and local public policy and regulatory reforms through her involvement and participation in numerous client engagements, founder and Executive Director of the Coalition for Responsible Health Policy and its PROJECT COPE: the Coalition on Patient Empowerment, adviser to the National Physicians Congress for Healthcare Policy, leadership involvement with the US-Mexico Chamber of Commerce, the Texas Association of Business, the ABA JCEB, Health Law, RPTE, Tax, Labor, TIPS, International Life Sciences, and other Sections and Committees, SHRM Governmental Affairs Committee and a host of other involvements and activities.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. In addition to her many years of service as a scrivener for the ABA JCEB’s meeting with OCR, for instance, she also serves as Chair the Southern California ISSA Health Care Privacy & Security Summit, and an editorial advisory board member, author, program chair or steering committee member, and faculties for a multitude of other programs and publications regarding privacy, data security, technology and other compliance, risk management and operational concerns in the health care, health and other insurance, employee benefits and human resources, retail, financial services and other arenas.Ms. Stamer also shares her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Employers, Benefit Plans & Exempt Org: Prepare For Shortened Deadlines & Other Changes To IRS Employee Plan & Exempt Organization Exam Documentation Request Procedures | 401(k), Attorney-Client Privilege, board of directors, church plan, compensation, compliance, Corporate Compliance, corporate governance, Defined Benefit Plans, defined contribution plan, Defined Contribution Plans, directors, Discrimination, Employee Benefits, Employer, Employers, Employment Tax, ERISA, Executive Compensation, Fiduciary Responsibility, Form 5500, HR, Human Resources, Internal Revenue Code, IRC, Pay, pension plan, Plan Admistrator, Retirements, Tax, Tax Qualification, third party administrators, Workforce | Tagged: 401(k), 457 plan, Employee Benefits, Exempt Organizations, IRS, retirement plan, tax exempt, tax qualification, TEGE | Permalink
Posted by Cynthia Marcotte Stamer

MHS $5.5M HIPAA Settlement Reminds Health Plans To Implement & Audit HIPAA Compliance

February 16, 2017

A $5.5 million settlement payment that Memorial Healthcare Systems (MHS) just paid the U.S. Department of Health and Human Services (HHS) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules sends a clear warning message to all health plans, healthcare providers and health care clearinghouses (Covered Entities) and their business associates that simply adopting HIPAA policies alone is insufficient to avoid getting nailed by OCR under HIPAA; Covered Entities and their business associates also must implement, audit and enforce those policies.

MHS, a nonprofit corporation which operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities throughout the South Florida area with affiliated physician offices through an Organized Health Care Arrangement (OHCA) also agreed to implement a robust corrective action plan as part of the Resolution Agreement.

The MHS Resolution Agreement resulted from an investigation initiated by the HHS Office for Civil Rights (OCR) after MHS reported to OCR that protected health information (PHI) of 115,143 individuals had been impermissibly accessed by its employees and impermissibly disclosed to affiliated physician office staff. This information consisted of the affected individuals’ names, dates of birth, and social security numbers. The login credentials of a former employee of an affiliated physician’s office had been used to access the ePHI maintained by MHS on a daily basis without detection from April 2011 to April 2012, affecting 80,000 individuals.

The investigation revealed that although MHS had workforce access policies and procedures in place, MHS failed to implement procedures with respect to reviewing, modifying and/or terminating users’ right of access, as required by the HIPAA Rules. Further, MHS failed to regularly review records of information system activity on applications that maintain electronic protected health information by workforce users and users at affiliated physician practices, despite having identified this risk on several risk analyses conducted by MHS from 2007 to 2012.

MHS’ failure to follow through to implement the controls required by its policies and audit and enforce compliance with HIPAA and its HIPAA policies was a costly mistake. Other Covered Entities should heed MHS’ painful lesson and take documented steps to ensure its HIPAA policies not only are adopted, but also implemented and monitored and audited for compliance.

In response to the MHS settlement, health plans, their sponsors, fiduciaries and business associates should take documented action to audit and correct as needed both their written policies, procedures and notices as well as their operational compliance with HIPAA to mitigate their exposure to similar enforcement action for HIPAA violations.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 28 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other employee benefit, insurance, technology and other highly regulated organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps these and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

1 Comment | board of directors, Civil Monetary Penalties, Civil Rights, compliance, Corporate Compliance, corporate governance, Cybercrime, Data Breach, Data Security, Drug & Alcohol, Electronic Medical Record, Employer, Employers, EMR, ERISA, fiduciary duty, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan | Tagged: Health Plan, HIPAA, ICR, Medical Privacy, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

$3.2 Children’s HIPAA CMP Teaches Key Lessons

February 2, 2017

$3.2 Children’s HIPAA CMP Teaches Key Lessons http://ow.ly/kDQT308DiVv http://ow.ly/i/rrtaJ

Comments Off on $3.2 Children’s HIPAA CMP Teaches Key Lessons | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Learn key HIPAA lesson’s from Children

February 2, 2017

Learn key HIPAA lesson’s from Children’s $3.2M HI http://ow.ly/1hnW308DiKn PAA CMP Assessment http://ow.ly/i/rrsW4

Comments Off on Learn key HIPAA lesson’s from Children | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Learn Key Lessons From $3.2M+ Children’s HIPAA CMP

February 2, 2017

A just-announced $3.2 million Health Insurance Portability & Accountability Act (HIPAA) Civil Monetary Penalty (CMP) paid by Children’s Medical Center of Dallas (Children’s) for failing to adequately secure electronic protected health information (ePHI) and correct other HIPAA compliance deficiencies teaches many key lessons for employer and other health plans and insurers, healthcare clearinghouses, healthcare providers and their business associates (“Covered Entities”) about mistakes to avoid in managing not only ePHI on laptops and mobile devices, as well as their overall HIPAA compliance and risk management.

The Department of Health & Human Services (HHS) Office of Civil Rights (OCR) imposed the $3,217,000.00 Civil Monetary Penalty (CMP) under a January 18, 2017 Final Determination based upon findings that Children’s for years knowingly violated HIPAA by failing to encrypt or otherwise properly secure ePHI on laptops and other mobile devices and failing to comply with many other HIPAA requirements. OCR originally notified Children’s of its intention to impose the CMP based on findings of widespread violations by Children’s of HIPAA in a September 30, 2016 Notice of Proposed Determination (Proposed Determination) that OCR sent to Children’s President of System Clinical Operations, David Berry. Although the Proposed Determination included instructions for requesting a hearing on the Proposed Determination, Children’s paid the CMP rather than exercising these hearing rights.

Evidence Children’s Ignored Repeated Notices of Violations For Years

According to the Proposed Determination, OCR uncovered widespread HIPAA violations by Children’s while investigating the HIPAA compliance of the Dallas-based pediatric health and hospital system in response to two separate notices of large breaches of ePHI that Children’s filed with OCR in response to the HIPAA Breach Notification Rule. Under the Breach Notification Rule, Covered Entities generally must provide notice of any breach of unsecured ePHI involving more than 500 individuals with OCR, subjects of the breached ePHI and the media within 60 days of receiving notice of the breach. In contrast, for breaches of unsecured ePHI involving fewer than 500 individuals, Covered Entities generally must notify subjects of the breached ePHI within 60 days, but can delay notification to OCR until filing a consolidated annual report of small breaches of ePHI.

The two breach notifications that triggered the OCR investigation leading to the CMP both involved losses of mobile devices containing ePHI that Children’s filed with OCR.

The first breach report, filed on January 18, 2010, notified OCR of the loss at the Dallas/Fort Worth International Airport on November 19, 2009 of an unencrypted, non-password protected BlackBerry device containing the ePHI of approximately 3,800 individuals.

The second reported breach report filed on July 5, 2013, reported the theft of an unencrypted laptop with the ePHI of 2,462 individuals from its premises sometime between April 4 and April 9, 2013. The OCR investigation found that although Children’s implemented some physical safeguards to the operating room storage area (e.g., badge access was required, and a security camera was present at one of the entrances), it also provided access to the area to staff who were not authorized to access ePHI. Children’s janitorial staff had unrestricted access to the area where the laptop was stored but did not provide encryption to protect the ePHI on the laptop from access by such unauthorized persons. Children’s internal investigation concluded that the laptop was probably stolen by a member of the janitorial staff.

In the course of investigating these two reported breaches, OCR took note that Children’s previously reported a small breach of unsecured ePHI on an unencrypted mobile device. In a letter dated August 22, 2011, from Children’s Vice President of Compliance and Internal Audit and Chief Compliance Officer Ron Skillens to OCR Equal Opportunity Specialist Jamie Sorley, Mr. Skillens stated that a Children’s workforce member (an unidentified medical resident) lost an iPod device in December 2010. The iPod had been synched to the resident’s Children’s email account, which resulted in the ePHI of at least 22 individuals being placed on the device. The ePHI on the iPod was not encrypted. The loss of the iPod resulted in the impermissible disclosure of ePHI by the medical resident. OCR concluded the ePHI of 22 individuals was impermissibly disclosed, because the workforce member and agent of Children’s provided access to any unauthorized person who discovered the device.

OCR found that the breaches resulted from Children’s violation of the HIPAA Security Rule by failing to encrypt laptops and other mobile devices or and implement other appropriate safeguards for the protection of ePHI on mobile devices;
Failing to appropriately document its decision to not implement encryption on mobile devices and any applicable rationale behind a decision to use alternative security measures to encryption; and
Failing to implement security measures that were an equivalent alternative to the security protection available from encryption solutions.

The Proposed Determination also reports that the OCR ’s investigation revealed that Children repeatedly over several years knowingly failed to implement and administer proper encryption and other safeguards on laptops and other mobile devices containing ePHI despite actual knowledge of the unaddressed risks to unencrypted ePHI in violation of the HIPAA Security Rule dating back to at least 2007. The Proposed Determination notes, for instance, that:

A Security Gap Analysis and Assessment conducted for Children’s December 2006-February 2007 by Strategic Management Systems, Inc. (SMS) (SMS Gap Analysis) identified the absence of risk management as a major finding and recommended that Children’s implement encryption to avoid loss of PHI on stolen or lost laptops.
A separate PricewaterhouseCoopers (PwC) analysis of threats and vulnerabilities to certain ePHI (PwC Analysis) conducted in August, 2008 for Children’s determined that encryption was necessary and appropriate. The PwC Analysis also determined that a mechanism was not in place to protect data on a laptop, workstation, mobile device, or USB thumb drive if the device was lost or stolen and identified the loss of data at rest through unsecured mobile devices as being “high” risk. PwC identified data encryption as a “high priority” item and recommended that Children’s implement data encryption in the fourth quarter of 2008.
Furthermore, in September 2012, the HHS Office of the Inspector General (OIG) issued the findings from its audit of Children’s that focused on information technology controls for devices such as smartphones and USB drives. Among other things, the report, entitled “Universal Serial Bus Control Weaknesses Found at Children’s Medical Center,” found that Children’s had insufficient controls to prevent data from being written onto unauthorized and unencrypted USB devices and that “without sufficient USB controls, there was a risk that ePHI could have been written onto an unauthorized/unencrypted USB device and taken out of the hospital, resulting in a data breach.” A copy of this report was provided to Mr. Skillens.
Despite the prior breach notifications and warnings from the SMS Gap Analysis, the PwC Analysis and the OIG audit report, Children’s failed to take the necessary steps to encrypt and otherwise safeguard its ePHI on mobile devices. Children’s still had not implemented encryption on all devices as of April 9, 2013 even though appropriate commercial encryption products were available to achieve encryption of laptops, workstations, mobile devices, and USB thumb drives in use by Children’s staff by, at least, the time of the PwC Analysis in 2008. Furthermore, while leaving these deficiencies unresolved, the Proposed Determination notes that Children’s issued unencrypted BlackBerry devices to nurses beginning in 2007 and allowed its workforce members to continue using unencrypted laptops and other mobile devices until at least April 9, 2013 despite the findings of SMS and PwC and Children’s actual knowledge about the risk of maintaining unencrypted ePHI on its devices.

Based on this evidence, OCR concluded that Children’s had “actual knowledge” of the unaddressed threats to ePHI as early as March 2007 and at least one year prior to the reported security incidents. Furthermore, OCR also found that Children’s additionally violated HIPAA by failing to implement sufficient policies and procedures governing the receipt and removal of hardware and electronic media that contain ePHI into and out of its facility, and the movement of these items within the facility prior to at least November 9, 2012. Prior to November 2012, Children’s information technology (IT) assets were inventoried and managed separately from the inventory of devices used within its Biomedical Department. Children’s IT asset policies did not apply to devices that accessed or stored ePHI that were managed by the Biomedical Department. Consequently, Children’s was unable to identify all devices to which the device and media control policy should apply prior to completing a full-scope inventory to identify all information systems containing ePHI in November 9, 2012. As Children’s did not conduct a complete inventory to identify all devices to which its IT asset policies apply to ensure that all devices were covered by its device and media control policies, the Proposed Determination concluded Children’s was out of compliance with the Security Rule at 45 C.P.R. § 164.310(d)(l).

After OCR’s investigation indicated widespread Privacy and Security Rule noncompliance by Children’s, the Proposed Determination states that OCR attempted to negotiate a resolution with Children’s through its informal resolution agreement process from approximately November 6, 2015, to August 30, 2016. When these efforts failed, OCR issued a May 10,2016 Letter of Opportunity that formally informed Children’s that since OCR had been unable to resolve its findings that Children’s violated the Privacy and Security Rules by informal means, OCR was informing Children’s of the preliminary indications of non-compliance and providing Children’s with an opportunity to submit written evidence of mitigating factors under 45 C.F.R. § 160.408 or affirmative defenses under 45 C.F.R. § 160.410 for OCR’s consideration in making a determination of a CMP pursuant to 45 C.F.R. § 160.404. The letter stated that Children’s could also submit written evidence to support a waiver of a CMP for the indicated areas of non-compliance. Each of Children’s indicated acts of noncompliance and the potential CMP for them were described in the letter. The letter was delivered to Children’s and received by Children’s agent on May 12, 2016.

Children’s responded to OCR’s letter on or about June 9, 2016. The Proposed Determination states that OCR determined that the information and arguments submitted by Children’s in its June 9, 2016 letter did not support an affirmative defense pursuant to 45 C.F.R. § 160.410 or a waiver of the CMP pursuant to 45 C.F.R. § 160.412. Accordingly, OCR notified Children’s in its September 30, 2016 Proposed Determination of OCR’s intent to implement the $3,217,000.00 CMP and procedures for appealing this planned CMP assessment. When Children’s did not file an appeal, OCR issued the Final Determination assessing the CMP. OCR reports that Children now has paid the $3,217,000.00 CMP.

Important Lessons For Other Covered Entities

The Children’s CMP and underlying circumstances provide many key lessons for other Covered Entities. Obviously, the Final Decision drives home the importance of:

Proper encryption and other security and access controls of devices and systems containing ePHI; and
Proper documentation of risk assessments, audits, breach investigations and other events, compliance analysis and conclusions taken in response, and corrective actions selected and implemented in response to these events.

Beyond the importance of documented compliance with encryption and other requirements, the Children’s CMP and its associated Proposed Determination and Final Determinations also illustrate the importance of proper behavior in response to a known or suspected breach. The Proposed Determination and Final Determination make clear that beyond the breaches uncovered in the course of the investigation, OCR’s decision to implement the CMP was influenced by, among other things:

OCR investigates all large breach reports;
Small breach reports can count too;
The recurrent disregard and failure by Children to act to address the HIPAA security violations over a period of years despite both repeated notifications of its noncompliance and actual breaches resulting from these compliance deficiencies; and
The failure of Children’s to cooperate with OCR to reach a voluntary resolution agreement which might have allowed Children to resolve its liability for the breaches OCR found by paying a potentially smaller settlement payment and implementing corrective actions to OCR’s satisfaction.

About The Author

Recognized by LexisNexis® Martindale-Hubbell® as a “AV-Preeminent” (Top 1%/ the highest) and “Top Rated Lawyer,” with special recognition as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, the author of this update is widely known for her 28 plus years’ of work in health care, health benefit, health policy and regulatory affairs and other health industry concerns as a practicing attorney and management consultant, thought leader, author, public policy advocate and lecturer.

Throughout her adult life and nearly 30-year legal career, Ms. Stamer’s legal, management and governmental affairs work has focused on helping health industry, health benefit and other organizations and their management use the law, performance and risk management tools and process to manage people, performance, quality, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps these and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup legal and operational crises large and small that arise in the course of operations.

Ms. Stamer has worked closely with health industry, managed care and insurance and other businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of staffing, human resources and workforce performance management, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans and insurers, managed care organizations, health care clearinghouses, their business associates, employers, banks and other financial institutions, management services organizations, professional associations, medical staffs, accreditation agencies, auditors, technology and other vendors and service providers, and others on legal and operational compliance, risk management and compliance, public policies and regulatory affairs, contracting, payer-provider, provider-provider, vendor, patient, governmental and community relations and matters including extensive involvement advising, representing and defending public and private hospitals and health care systems; physicians, physician organizations and medical staffs; specialty clinics and pharmacies; skilled nursing, home health, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing and management services organizations; consultants; investors; technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, insurers, self-insured health plans and other payers; and other health industry clients to establish and administer compliance and risk management policies; comply with requirements, investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry investigation, enforcement including insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others, and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns.

Heavily involved in health care and health information technology, data and related process and systems development, policy and operations innovation and a Scribe for ABA JCEB annual agency meeting with OCR for many years who has authored numerous highly-regarded works and training programs on HIPAA and other data security, privacy and use, Ms. Stamer also is widely recognized for her extensive work and leadership on HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns including policy design, drafting, administration and training; business associate and other contracting; risk assessments, audits and other risk prevention and mitigation; investigation, reporting, mitigation and resolution of known or suspected breaches, violations or other incidents; and defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies, other business partners, patients and others. Ms. Stamer has worked extensively with health care providers, health plans, health care clearinghouses, their business associates, employers and other plan sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA, FACTA, trade secret and other information privacy and data security rules, including the establishment, documentation, implementation, audit and enforcement of policies, procedures, systems and safeguards, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health care providers, health insurers, health plans, technology and other vendors, and others. In addition to representing and advising these organizations, she also has conducted training on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.

A popular lecturer and widely published author on health industry concerns, Ms. Stamer continuously advises health industry clients about compliance and internal controls, workforce and medical staff performance, quality, governance, reimbursement, privacy and data security, and other risk management and operational matters. Ms. Stamer also publishes and speaks extensively on health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her insights on these and other related matters appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.

Beyond her extensive involvement advising and representing clients on privacy and data security concerns and other health industry matters, Ms. Stamer also has served for several years as a scrivener for the ABA JCEB’s meeting with OCR, the Chair of the Southern California ISSA Health Care Privacy & Security Summit, and an editorial advisory board member, author, program chair or steering committee member, and faculties for a multitude of other programs and publications regarding privacy, data security, technology and other compliance, risk management and operational concerns in the health care, health and other insurance, employee benefits and human resources, retail, financial services and other arenas.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (469) 767-8872 or via e-mail here.

About Solutions Law Press, Inc.™

Comments Off on Learn Key Lessons From $3.2M+ Children’s HIPAA CMP | compliance, Corporate Compliance, Employer, Employers, health plan, Health Plans, Privacy, Protected Health Information, Uncategorized, Union | Tagged: Children's MEdical Center, civil monetary penalty, CMP, Data Privacy, Data Security, Health Data Privacy, Health Plans, HIPAA, Mobile Device, PHI, Privacy, Protected Health Information, Security, Technology | Permalink
Posted by Cynthia Marcotte Stamer

Health Plans & Sponsors Have Much To Do To Prepare For 2017 Health Reform

January 23, 2017

Health Plans & Sponsors Have Much To Do To Ready To ACA Relief
http://ow.ly/tGfo308hBXj http://ow.ly/i/r5OyS

Comments Off on Health Plans & Sponsors Have Much To Do To Prepare For 2017 Health Reform | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

ACA-ERISA Lawsuit Risks Likely To Continue Until Congress Acts Despite Trump Executive Order For Agencies To Issue Relief

January 23, 2017

Employer and other health plan sponsors, fiduciaries and insurers generally should be prepared to prove that they are maintaining and administering their health plans to comply with many Patient Protection and Affordable Care Act (ACA) mandates pending Congressional repeal or reform of the ACA, despite President Trump’s January 20, 2017 Executive Order on “Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal” (Executive Order) because the Federal agencies responsible for the implementation and interpretation of the ACA generally don’t have authority to bar health plan participants and beneficiaries from bringing benefit denial or breach of fiduciary duty lawsuits against health plans or fiduciaries for violating ACA mandates incorporated into the Employee Retirement Income Security Act (ERISA).

In addition to affirming President Trump’s commitment to seek the prompt repeal of the ACA, the Executive Order seeks to mitigate the burden of the ACA pending Congressional repeal by ordering the Departments Health and Human Services (HHS), Labor (DOL), Treasury (Treasury) and other agencies with ACA authority (Agencies) to exercise all available authority and discretion to the “maximum extent permitted by law:”

To waive, defer, grant exemptions from, or delay the implementation of any provision or requirement of the ACA that would impose a “cost, fee, tax, penalty, or regulatory burden on individuals, families, healthcare providers, health insurers, patients, recipients of healthcare services, purchasers of health insurance, or makers of medical devices, products, or medications.”
To provide greater flexibility to States and cooperate with them in implementing healthcare programs and to waive, defer, grant exemptions from, or delay the implementation of any provision or requirement of the Act that would impose a fiscal burden on any State;
For departments and agencies with responsibilities relating to healthcare or health insurance to encourage the development of a free and open market in interstate commerce for the offering of healthcare services and health insurance, with the goal of achieving and preserving maximum options for patients and consumers.

While applicable Agencies are expected to act as quickly as possible to comply with President Trump’s orders, various statutory and procedural requirements almost certainly will limit both the relief granted and the speed with which the Agencies can grant the relief. One obvious place where statutory limitations on Agencies authority almost certainly will impact the availability of relief arises from the ACA’s incorporation of many of its patient protection act group mandates into ERISA. While the Agencies may possess the authority to lessen the burden of compliance with the regulatory mandates of the ACA by revising regulations, issuing enforcement relief or other certain other actions, these powers do not extend to blocking the authority of participants and beneficiaries to bring suit to enforce the provision of the ACA that the ACA added to ERISA through private benefit denial or breach of fiduciary duty lawsuits brought under ERISA.

In the case of insured health plans, sponsors, insurers and administrators also will need to consider whether their ability to take advantage of the federal relieve available is blocked or restricted by state insurance statutes, regulations or other administrative requirements. The likelihood of state statutory or regulatory restrictions on insured arrangements is particularly likely because of the heavy regulation of these products by states including the widespread incorporation of ACA mandates into state insurance laws and regulations in response to the Market Reform provisions of the ACA.

Even if these federal requirements are met to qualify for, adopt and implement any federally issued regulatory relief, employer and other plan sponsors, insurers, fiduciaries and administrators also should plan for and be prepared to run the necessary traps to properly amend their plan document, summary plan description and other plan notifications, administrative services agreements, stop loss or other insurance contracts and other vendor agreements to implement their desired changes. Beyond knowing what has to be done to adopt and communicate the desired changes, employer and other sponsors and fiduciaries, their consultants, brokers and advisors need to consider the requirements and consequences that the planned changes might have under applicable plan documents and vendor agreements to avoid unanticipated costs or liabilities as well as what actions are needed to ensure that ERISA’s prudence and other fiduciary requirements are met.

Responsible parties should begin preparing to take advantage of the anticipated legislative and regulatory relief both by both carefully monitoring statutory and regulatory health plan developments and positioning themselves to act quickly when relief comes by evaluating their existing heath plan documents, contracts, communications and systems to verify existing compliance and determine requirements for implementing any planned changes, opening up discussion vendors about these possibilities and taking other steps to position themselves to act knowledgeably and efficiently to take advantage of new opportunities if and when they emerge and are warranted.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

Ms. Stamer works with health industry and other businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment, employee benefits, compensation, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on ACA-ERISA Lawsuit Risks Likely To Continue Until Congress Acts Despite Trump Executive Order For Agencies To Issue Relief | 105(h), 4980D, 4980H, 6039D, ACA, Affordable Care Act, Appeals, board of directors, Brokers, Cafeteria Plans, Claims, Claims Administration, COBRA, COBRA Subsidy, compliance, Consumer Protection, Contraception, Corporate Compliance, corporate governance, directors, EBSA, employee, Employee Benefits, Employer, ERISA, Excepted Benefits, exchange, Excise Tax, Excise Taxes, fiduciary duty, Fiduciary Responsibility, FLSA, FMLA, Health Care Reform, health reform, Human Resources, Insurance, insurers, Internal Controls, Internal Revenue Code, IRC, King V. Burwell, Management, Mental Health, Mental Health Parity, MEWA, Obamacare, Patient Empowerment, Patient Protection & Affordable Care Act, Physician, Plan Admistrator, Prescription Drugs, preventive care, Provider, SBC, Uncategorized | Tagged: ACA, Executive Order, Health Care, Health Care Reform, Health Care Reimbursement, Health Insurance, Health Plans, health policy, Minimizing the Economic Burden of the Patient Protection and Affordable Act Act Pending Repeal, Obamacare, Patient Protection and Affordable Care Act | Permalink
Posted by Cynthia Marcotte Stamer

Employers, Plans, Don’t Jump The Gun On ACA Relief

January 23, 2017

Trump Executive Order Promises But Gives No ACA Health Plan Relief Until Agencies Act

Employer and other health plan sponsors, insurers, plan members and their family, health care providers and others struggling to cope with the costs and burdens of complying with the Patient Protection and Affordable Care Act (ACA) health care reforms are celebrating the promise of impending relief from ACA mandates held out by newly inagurated President Donald Trump January 20, 2017 Executive Order on “Minimizing the Economic Burden of the Patient Protection and Affordable Care Act Pending Repeal” (Executive Order).

To waive, defer, grant exemptions from, or delay the implementation of any provision or requirement of the ACA that would impose a “cost, fee, tax, penalty, or regulatory burden on individuals, families, healthcare providers, health insurers, patients, recipients of healthcare services, purchasers of health insurance, or makers of medical devices, products, or medications.”
To provide greater flexibility to States and cooperate with them in implementing healthcare programs and to waive, defer, grant exemptions from, or delay the implementation of any provision or requirement of the Act that would impose a fiscal burden on any State;
For departments and agencies with responsibilities relating to healthcare or health insurance to encourage the development of a free and open market in interstate commerce for the offering of healthcare services and health insurance, with the goal of achieving and preserving maximum options for patients and consumers.

While employer and other health plan sponsors and others struggling to cope with the costs and mandates of ACA unquestionably welcome the promise of relief offered by the Executive Order, it is critical that those looking forward to enjoying this promised relief not jump the gun or overestimate the scope of the relief. Because the Executive Order is not self-executing, the Executive Order provides no legally enforceable relief from applicable ACA compliance obligations unless and until the applicable Agency or Congress adopts that relief consistent with law. While applicable Agencies are expected to act as quickly as possible to comply with President Trump’s orders, various statutory and procedural requirements almost certainly will limit both the relief granted and the speed with which the Agencies can grant the relief.

First, because the Executive Order is not self-executing, it doesn’t actually provide any relief for anyone; rather it just creates the expectation that the Agencies will grant some relief in the future. Those anticipating relief should expect that even regulatory relief will take time since the Agencies by law as well as the terms of the Executive Order will be required to comply with the often time consuming and cumbersome requirements of the Administrative Procedure Act and other applicable statutes in considering and issuing regulatory revisions and relief, including any applicable requirements for submission and approval by the Office of Management and Budget. The often added need for interagency collaboration and negotiation created by the ACA’s grant of multijurisdictional authority over many of its provisions historically has made negotiating these requirements more complicated and time consuming.

Second, relief will not be available for certain exposures because statutory limits on the jurisdiction and authority of the Agencies under the ACA will limit the scope of the relief that an Agency can grant. The Agencies generally do not have the authority to waive certain provisions of the ACA which are not within the discretion of the Agencies, such as the right of participants and beneficiaries in employer or union-sponsored health plan to sue to enforce ACA health plan mandates through a benefits or breach of fiduciary action brought under the Employee Retirement Income Security Act. Likewise, Agencies also will be restricted in their ability to waive penalties or requirements where the statutory mandate is drafted in a manner that denies the Agency discretionary authority to offer that relief.

Third, health plans, their sponsors, insurers, fiduciaries and administrators should anticipate that they may need to take certain action in response to any issued relief before they can take advantage of the relief allowed such as adopting health plan amendments, issuing notices to participants or beneficiaries, making elections or a combination of these actions.

Until these and other required actions are completed by the Agencies and the applicable plan sponsors, fiduciaries and other parties, employers and other plan sponsors, their management, their health plans, health plan fiduciaries, administrators and insurers remain legally obligated to continue to comply with the ACA as presently implemented under the existing regulations and judicial and administrative rulings. While preparing for future changes, health plans, their sponsors, fiduciaries, administrators and insurers also should act to manage their prior and existing liabilities arising out of acts or omissions occurring before Congress or the regulators revise and ease the rules.

While health plans, their sponsors, fiduciaries, administrators and insurers remain legally responsible to comply with existing rules until changed by the regulators or Congress, they still have much to do to get ready for the changes that are coming while acting to manage their health plan costs and liabilities in the meantime. Whether or not the Trump Administration in the future provides relief from Form 8928 self-reporting and excise tax self- assessment penalties for violation of 40 federal group health plans, group health plans and their fiduciaries almost certainly will remain exposed to ERISA lawsuits for violation of ACA or other federal group health plan mandates. In addition, until revoked or revised, employers and health plans remain subject to and risk liability for failing to provide ACA-required tax forms, notices, benefits, coverage, rights or other compliance.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment, employee benefits, compensation, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Employers, Plans, Don’t Jump The Gun On ACA Relief | 105(h), 4980D, 4980H, 6039D, ACA, Affordable Care Act, Appeals, board of directors, Brokers, Cafeteria Plans, Claims Administration, compensation, compliance, Consumer Protection, Contraception, Corporate Compliance, corporate governance, defined contribution plan, Discrimination, Drug & Alcohol, EBSA, Employee Benefits, Employer, Employment, ERISA, Excepted Benefits, exchange, Excise Tax, Excise Taxes, fiduciary duty, FLSA, FMLA, health reform, HR, Human Resources, Insurance, insurers, Internal Controls, Internal Revenue Code, IRC, Mental Health, Mental Health Parity, MEWA, Obamacare, Patient Empowerment, Patient Protection & Affordable Care Act, Prescription Drugs, SBC, Uncategorized | Tagged: ACA, Health Care Reform, Health Insurance, Health Plans, Insurance, Insurer, Obama Care, Patient Protection and Affordable Care Act, Plan Sponsors, Trump | Permalink
Posted by Cynthia Marcotte Stamer

Congress Taking On Health Reform Again: Get Informed & Involved!

December 16, 2016

Congress is getting ready to take on heath care reform again. Americans need to become informed and participate! http://ow.ly/C6bc306V5eT http://ow.ly/i/q1dUA

Comments Off on Congress Taking On Health Reform Again: Get Informed & Involved! | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

PBGC Table Shows Present Value PBGC Maximum Guarantee

December 4, 2016

On December 02, 2016, PBGC posted a table showing the applicable present values for 2017 plan years. For more information see Technical Update 07-04. (12/02/2016).

Comments Off on PBGC Table Shows Present Value PBGC Maximum Guarantee | Bankruptcy, Corporate Compliance, corporate governance, defined benefit plan, Employee Benefits, Employment, Retirements | Permalink
Posted by Cynthia Marcotte Stamer

CMS Alert Warns Worker’s Comp & Other Liability Payers To Comply With Medicare Benefit Coordination Rules

December 4, 2016

The Center for Medicare & Medicaid Services (CMS) is responsible for protecting the Medicare program’s fiscal integrity and ensuring that it pays only for those services that are its responsibility. Medicare Secondary Payer (MSP) provisions make Medicare a secondary payer to certain non-group health plans (NGHPs), which include liability insurers (including self-insured entities), no-fault insurers, and workers’ compensation entities. CMS has the right to recover Medicare payments made that should have been the responsibility of another payer.

MSP situations involving NGHPs are triggered by unexpected incidents, such as car accidents or work-related injuries, involve Medicare beneficiaries, and result in medical expenses for which an NGHP (rather than Medicare) has primary responsibility for payment. In these situations, Medicare becomes a secondary payer. In some MSP situations involving NGHPs, Medicare will initially pay for related medical expenses in order to ensure that the beneficiary has timely access to needed care and later seek to recover those payments.

The CMS Benefits Coordination & Recovery Center (BCRC) seeks repayment for any conditional payments it makes related to a liability, no-fault, or workers’ compensation case. A conditional payment is a payment Medicare makes for services another payer may be responsible for. The payment is “conditional” because it must be repaid to Medicare when a beneficiary receives a settlement, judgment, award, or other payment from an NGHP.

When the BCRC learns of an NGHP case, it gathers information about any related conditional payments Medicare made and request repayment.

A beneficiary or beneficiary’s attorney or other representative may contact the BCRC for any of the following questions/issues:
Questions about Medicare’s recovery rights or the reimbursement process

To obtain conditional payment amounts

To obtain Medicare’s final recovery claim amount

Questions regarding MSP recovery demand letters

Questions with respect to a “Notice of Intent to Refer Debt to the Department of Treasury” letter

Questions regarding repaying Medicare

To request a waiver of recovery with respect to a beneficiary MSP debt. (Note: A waiver of recovery request cannot be accepted or processed until a recovery demand letter is issued.)

To request a first level appeal with respect to the determination contained in a beneficiary MSP recovery demand letter or a determination made on a waiver of recovery request from a beneficiary

Please see the Contacts page for specific contact phone numbers and mailing address information.
Commercial Repayment Center (CRC) Responsibilities
Effective October 5, 2015, the Commercial Repayment Center (CRC) assumed responsibility for the recovery of conditional payments where an insurer/workers’ compensation entity is the identified debtor. Any NGHP recoveries initiated by the BCRC prior to the October 2015 transition will continue to be the responsibility of the BCRC. To view the process of recovering conditional payments from an insurer/workers’ compensation entity, click the Insurer NGHP Recovery link.
When to Contact the CRC
Insurer/workers’ compensation entities should review their recovery letter for a return address or closing referencing the BCRC or CRC. If the CRC sent the letter, contact the CRC. However, if the BCRC sent the letter, contact the BCRC. The insurer/workers’ compensation entity may contact the BCRC or the CRC, depending on who sent their recovery letter, for any of the following questions/issues:
Questions about Medicare’s recovery rights or the reimbursement process

Questions regarding Conditional Payment Letters/Conditional Payment Notices

Questions regarding MSP recovery demand letters

Questions with respect to a “Notice of Intent to Refer Debt to the Department of Treasury” letter

Questions regarding repaying Medicare

To request a first level appeal with respect to the determination contained in an MSP recovery demand letter

Please see the Contacts page for specific contact phone numbers and mailing address information.
Medicare Secondary Payer Recovery Portal (MSPRP)
The MSPRP is a web-based tool designed to assist in the resolution of liability insurance, no-fault insurance, and workers’ compensation Medicare recovery cases. The MSPRP gives users (attorneys, insurers, beneficiaries, and recovery agents) the ability to access and update certain case specific information online and monitor the recovery process online. For additional information regarding the MSPRP, click the Medicare Secondary Payer Recovery Portal link.
Note: NGHP Recovery related materials previously available as downloads on this page have been moved to the Beneficiary or Insurer Services sections of CMS.gov, as applicable. Click the Medicare’s Recovery Process link to access downloads pertinent to the beneficiary. Downloads pertaining to the insurer/workers’ compensation entity may be accessed by clicking the Insurer NGHP Recovery link.

Comments Off on CMS Alert Warns Worker’s Comp & Other Liability Payers To Comply With Medicare Benefit Coordination Rules | Claims, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace | Permalink
Posted by Cynthia Marcotte Stamer

DOL Appeals Preliminary Injunction Blocking White Collar Exemption Salary Threshhold Change

December 2, 2016

The US Department of Labor (DOL) is appealing the November 22 Nevada v US Department of Labor ruling preliminarily enjoining DOL from implementing or enforcing a modification to the DOL Fair Labor Standards Act (FLSA) White Collar Exemption Regulations that would have nearly doubled the minimum salary that an employer must pay an employee on a salaried basis in reliance on the White Collar Exemption.

The Department of Justice on behalf of the Department of Labor filed a notice to appeal the preliminary injunction to the U.S. Circuit Court of Appeals for the Fifth Circuit yesterday.

The November 22 Nevada preliminary injunction order barred DOL nationwide from implementing a change to its White Collar Regulations on December 1, 2016 that would automatically excluded any employee earning a salary of less than $913 per week ($47,476 per year) from coverage by the most commonly relied upon FLSA exemption, White Collar Exemption, pending a future ruling on the merits lifting the injunction.

The Obama Administration’s final rule change published in the Federal Register on May 23, 2016, increases the threshold salary for the exemption from $455 per week to $913 per week ($47,476 per year) effective December 1, 2016 and provides for automatic adjustments to this amount every three years beginning January 1, 2020

DOL’s full statement regarding the litigation is here.

The appeal likely surprises many who assumed that the impending change in Administration would put an end to the Obama Administration’s change. It remains to be seen how quickly the Fifth Circuit will hear the appeal as well as the fate of the rule change and the litigation after President-Elect Trump takes office. Either way, however, zealous and often successful private plaintiff and DOL enforcement of other elements of the While Collar Exemption and other FLSA requirements makes it imperative that employers be prepared to produce the necessary proof to defend their payment of any worker on a salaried basis as well as.compliance with all minimum wage, overtime, record keeping and other FLSA requirements.

About The Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,”“Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

DOL Aggressively Targeting Restaurants For Wage & Hour & Child Labor Law Violations
Stop Bullying Month Opportunity to Strengthen Workplace Anti-Harassment Efforts
Health Plans, Other Covered Entities Have Continuing Duty To Reevaluate HIPAA Enterprise Risk To PHI & Address Security Risks & Other Compliance Concern On Ongoing Basis
New ACA Student Health Insurance Guidance Allows College Payment Of Working Students’ Student Health Insurance Premiums Post 2016
ERISA Violations Cost More Now
IRS Qualified Plan Correction Procedures Changing 1/1/17
DOL Invites FLSA Section 14(c) Certificateholders Test Prototype Application
Private Exchanges: Employer Health Program Panacea or Problem? Consider Carefully!
New DOL, IRS & HHS FAQ Confirms Employers Can’t Pay, Use HRAs to Reimburse Employees For Individual Policy Premiums
Review Health Plans With Reference-Based Reimbursement Designs Under New Agency FAQ Guidance
IRS Guidance Raises Concerns For Many Employers Offering “Skinny” & Other Limited Coverage Health Plans
Plan’s Purchase of Company Stock Triggers $6.48 Million Award Against ESOP Sponsor, Shareholder, Board Members & Trustees
Encourage Workers To Review Withholding As Part Of Annual Enrollment
Making Wellness Work On A Shoestring Budget
Brace For OCR HIPAA Audits
Check Health Plan Privacy For New Guidance Compliance
Health Benefit Still Top Employer Benefit Cost
Congress Passess Joint Resolution Overturning NLRB “Quickie Election Rule”
U.S. Businesses & Their Leaders Face Rising FLSA Collective Action Liability Risks
Improve HR Value To Company By Making HR A Performance Rather Than People Department
Sponsoring Employers Face Excise Taxes, Other Liabilities Unless Health Plans Comply With ACA Out-Of-Pocket & Other Federal Rules
Legal Review Of Health Plan Documents, Processes Needed To Mitigate Employer’s Excise Tax & Other Health Plan Risks
EEOC ADA Suit Against Magnolia Health Highlights US Employer’s Growing Disability Discrimination Risks
10 Practical Pointers To Use Law To Better Strengthen The Legal Defensibility Of Your Business & Its Leaders
Health Insurer/Vendor’s Claims & Appeals Deficiencies Could Trigger Significant Employer Excise Tax Liability
EEOC Charges Employer Violated ADA By Terminating Employment At FMLA Leave End
Businesses Should Verify Proper Tracking, Withholding & Reporting On Tips & Gratuities

Comments Off on DOL Appeals Preliminary Injunction Blocking White Collar Exemption Salary Threshhold Change | Appeals, board of directors, compensation, compliance, Corporate Compliance, corporate governance, directors, employee, Employer, Employers, Employment, Fair Labor Standards Act, Labor Management Relations, Non-Exempt, OFCCP, Risk Management, Salaried, Uncategorized, Worker Classification, Workforce | Permalink
Posted by Cynthia Marcotte Stamer

IRS Changing Employee Plans & Exempt Organization Audit Procedures

November 21, 2016

Employee benefit plans and tax-exempt organizations facing Internal Revenue Service (IRS) audits or investigations after April, 2016, their leaders and advisors should prepare for some changes in the practices IRS agents will use to issue and enforce document requests (IDRs) after March 31.

The IRS Tax Exempt and Government Entities Division (TEGE) just issued updated internal guidance (Guidance) governing the procedures its agents will use to gather information for employee benefit plan and exempt organization examinations including information requests made in connection with:

Employee Benefit Form 5500 Examination Procedures
Exempt Organizations Pre-Audit Procedures
On-Site Examinations
Tax Exempt Bonds Examinations
Indian Tribal Government Examinations and
Federal, State and Local Governments (FSLG) Examinations

The new Guidance follows other recent announcements of changes of IRS employee plan or exempt organization procedures such as recently announced changes in IRS employee plan correction procedures. See, e.g., IRS Qualified Plan Correction Procedures Changing 1/1/17.

The new procedures defined in the Guidance apply more broadly and take effect April 1, 2017. The Guidance also requires that TEGE update the following IRMs to specifically reflect the new procedures within the next two years:

IRM 4.71.1, Overview of Form 5500 Examination Procedures;
IRM 4.75.10, Exempt Organizations Pre-Audit Procedures;
IRM 4.75.11, On-Site Examination Guidelines;
IRM 4.81.5, Tax Exempt Bonds Examination Program Procedures – Conducting the Examination;
IRM 4.86.5, Conducting Indian Tribal Government Examinations; and
IRM 4.90.9, Federal, State and Local Governments (FSLG) – Procedures, Workpapers and Report Writing.

Among other things, the new Guidance will require “active involvement” by managers of IRS examiners’ early in the process. The Guidance also calls for:

Taxpayers to be involved in the IDR process.
Examiners to discuss the issue being examined and the information needed with the taxpayer prior to issuing an IDR.
Examiners to ensure that the IDR clearly states the issue and the relevant information they are requesting.
If the taxpayer does not timely provide the information requested in the IDR by the agreed upon date, including extensions, examiners to issue a delinquency notice.
If the taxpayer fails to respond to the delinquency notice or provides an incomplete response, for the examiner to issue a pre-summons notice to advise the taxpayer that the IRS will issue a summons unless the missing items are fully provided.
For a summons to be issued if the taxpayer fails to provide a complete response to the pre-summons letter by its response due date.

According to TEGE the new procedures set forth in the Guidance are designed to “ensure” that IRS Counsel is prepared to enforce IDRs through the issuance of a summons when necessary while also reinforcing the IRS’ commitment to the respect of taxpayer rights under the Taxpayer Bill of Rights. TEGE says the updated procedures established in the Guidance will promote these goals by:

Providing for open and meaningful communication between the IRS and taxpayers;
Reducing taxpayer burdens
Providing for consistent treatment of taxpayers;
Allowing the IRS to secure more complete and timely responses to IDRs;
Providing consistent timelines for IRS agents to review IDR responses; and
Promoting timely issue resolution.

While it remains to be seen exactly how well the new procedures will promote these goals in operation, leaders, sponsors, administrators and tax advisors to employee benefit plans and exempt organizations tagged for audits after the Guidelines take effect will want to ensure that they review and fully understand the new procedures as soon as possible after receiving notice of the audit.

A clear understanding of the procedures can help the entities and their representatives to take advantage of all available options for mitigating exposures and liability from the audit as well as to avoid unfortunate missteps that could result in forfeiture of otherwise available tax-related rights and options or otherwise increase the tax and other associated risks and liabilities of the entities or others associated with them arising from the audit.

Along with responding to these tax-related risks, leaders and advisors of employee benefit plan and exempt organizations also need to keep in mind the often substantial non-tax related risks that may arise concurrently or evolve from a TEGE or other tax-related audit or investigation. The often substantial tax and non-tax exposures typically makes it desirable if not necessary to involve experienced legal counsel in the process as soon as possible.

To help respond to the audit and manage its tax and non-tax related risks and, leaders responsible for these entities generally not only will want to seek legal advice within the scope of attorney-client privilege from legal counsel immediately after receiving an IDR or other notice of an audit or investigation, as well as consider periodically consulting experienced legal counsel for assistance in conducting pre-audit assessment of compliance and other compliance and risk management planning.

Early involvement of legal counsel generally is necessary both to understand and manage both the tax and non-tax exposures associated with the audit, as well as to preserve and utilize the potential benefits of attorney-client privilege and other evidentiary privileges that could help to mitigate both the tax and non-tax related risks. While federal tax rules afford some evidentiary privileges to certain accounting professionals when providing tax representation or advice, the protective scope of such privileges generally are more limited than attorney-client privilege and work product evidentiary privileges and typically do not apply to non-tax matters. As a result, most entities and their leaders will want to consider involvement of legal counsel to maximize privilege protections and non-tax related exposures even if the parties plan for a qualified tax professional or other consultant to play a significant role in assisting them to prepare for and respond to the audit.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and advisor to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group; immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment, employee benefits, compensation, and other regulatory and operational risk management. Examples of her many highly regarded publications on these matters include the “Texas Payday Law” Chapter of Texas Employment Law, as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on IRS Changing Employee Plans & Exempt Organization Audit Procedures | 105(h), 401(k), 4980D, 4980H, 6039D, ACA, Affordable Care Act, Attorney-Client Privilege, board of directors, Brokers, Cafeteria Plans, church plan, COBRA, compensation, compliance, Corporate Compliance, corporate governance, defined benefit plan, Defined Benefit Plans, defined contribution plan, Defined Contribution Plans, directors, Discrimination, EBSA, employee, Employee Benefits, Employer, Employers, Employment, Employment Tax, ERISA, ESOP, Excise Tax, Excise Taxes, Executive Compensation, Exempt, Form 5500, health reform, HR, Human Resources, Identity Theft, Income Tax, Internal Controls, Internal Investigations, Internal Revenue Code, IRC, Pay, Payroll Tax, pension plan, Plan Admistrator, Tax, Tax Credit, Tax Qualification, Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

DOL Barred From Forcing Employers To Report Labor Relations Advice Under Persuader Rule Injunction

November 18, 2016

Employers paying lawyers or other labor relations consultants for advice or help deterring or responding to unionization organizing activities do not have comply with the controversial “Persuader Rule” reporting and disclosure requirements the Department Of Labor (DOL) tried to impose as part of the Obama Administration’s broader aggressive efforts to empower unions and worker organizing efforts. That’s the effect of U.S. District Court Justice Sam Cummings’ November 16, 2016 National Federation of Independent Business v. Perez decision striking down as invalid and permanently enjoining the DOL from enforcing its regulation officially titled “Interpretation of the ‘Advice’ Exemption in Section 203(c) of the Labor-Management Reporting and Disclosure Act,” commonly referred to as the “Persuader Rule.”

Before DOL adopted the Persuader Rule, there was no requirement to when lawyers or consultants spoke with or advised employers about opposition to union efforts unless the consultant had direct contact with workers. As revised by the Obama Administration, however, the Persuader Rule required employers and consultants—including lawyers—to report both direct contact with workers as well as advice or other help provided to employers by lawyers or consultants about persuading employees on union issues such as training supervisors or employer representatives to conduct meetings; coordinating or directing the activities of supervisors or employer representatives; establishing or facilitating employee committees; drafting, revising or providing speeches; conducting union avoidance seminars; developing or implementing employer personnel policies; involvement in disciplinary action, reward, or other targeting of workers; or various other activities designed to influence union organization matters.

Scheduled to take effect in July, 2016, DOL’s implementation and enforcement of the Persuader Rule originally was delayed by a June 27, 2016 preliminary injunction issued by Justice Cummings that nationally enjoined DOL from implementing any and all aspects of the Persuader Rule based on his findings, among other things, that the plaintiffs likely would succeed on the merits in showing the Persuader Rule:

Violated their right to hire and consult with an attorney, free speech, expression and association rights protected by the First Amendment;
Was overly broad and unacceptably vague;
Violated the Regulatory Flexibility Act; and
Would irreparably harm employers.

After a hearing on the merits, Justice Cummings ruled that the June, 2016 injunction should be made permanent. His November 16, 2016 final order in National Federation of Independent Business v. Perez, permanently enjoins DOL from implementing the Persuader Rule nationwide. Accordingly, employers and their labor attorneys and other labor management consultants are excused from responsibility to comply with the reporting requirements of the Persuader Rule.

About The Author

Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,”“Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on these and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

About Solutions Law Press, Inc.™

Comments Off on DOL Barred From Forcing Employers To Report Labor Relations Advice Under Persuader Rule Injunction | Employer, Employers, HR, Labor Management Relations, Labor Management Relations, Management, NLRA, Reporting & Disclosure, Risk Management, Uncategorized, Union, Union certification, Union elections | Tagged: business, Employee, Employer, Human Resources, Labor, Labor Department, Labor-Management, labor-management relations, National Labor Relations Act, unionization, unions | Permalink
Posted by Cynthia Marcotte Stamer

Thanks to all our veterans and their fam

November 11, 2016

Thanks to all our veterans and their families who do or have served. http://ow.ly/92NE3065CyY

Comments Off on Thanks to all our veterans and their fam | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

Dallas Lawyers D Mag Best Lawyers Nomina

November 11, 2016

Dallas Lawyers D Mag Best Lawyers Nomination Deadline Today At 5 pm http://ow.ly/MX7P3065CWi

Comments Off on Dallas Lawyers D Mag Best Lawyers Nomina | Uncategorized | Permalink
Posted by Cynthia Marcotte Stamer

YOU ARE FOLLOWING THIS BLOG

PAGES

RECENT POSTS

ARCHIVES

SHARE THIS BLOG

BLOGROLL

SOLUTIONS LAW

SOLUTIONS LAW PRESS HR & BENEFITS UPDATE

Trump Executive Order Promises But Gives No ACA Health Plan Relief Until Agencies Act

Email Subscription

Pages

Recent Posts

Archives

Share this blog

Solutions Law Press HR & Benefits Update