A new Department of Health and Human Services Final Rule will tighten subsidy eligibility and implement other reforms for the the Heathcare Marketplace insurance plans created under the Patient Protection and (“ACA”). Health plan sponsors and providers should take into account the probable effect of enrollment and coverage pattern changes these changes will cause for groups of workers and other individuals currently relying on subsidies to maintain Marketplace coverage in their planning, budgeting and compliance.
The 2025 Marketplace Integrity and Affordability Final Rule (“Rule”) reverses Biden Administration rules that lowered requirements for individuals to receive subsidies to pay costs for purchasing health coverage and eased other requirements for Exchange coverage.
According to the now Trump Administration-led Centers for Medicare & Medicaid Services (“CMS”), improper ACA enrollments enabled by weakened verification processes and expanded premium subsidies triggered widespread fraud. Research shows that in 2024, an estimated 5 million people may have been improperly enrolled, costing taxpayers as much as $20 billion[1].
To address these concerns, the new Rule:
Repealing the monthly special enrollment period (SEP) for individuals with projected household incomes at or below 150% of the federal poverty level, a policy used by some agents and brokers to improperly enroll ineligible consumers and perform unauthorized plan switching to gain commissions;
Requiring income verifications to ensure people qualify for the premium subsidies they receive;
Conducting eligibility verifications for the majority of enrollments through SEPs, closing loopholes that allowed people to wait to enroll until they needed care and improving the risk pool, which can lower premiums for middle-class families not receiving subsidies;
Reducing advanced payments of the premium tax credit (APTC) by $5 a month for individuals who are auto re-enrolled in fully-subsidized plans without eligibility verification, ensuring consumers are aware of and engaged in their health coverage; and
Standardizing the Annual Open Enrollment Period starting with the 2027 plan year so that it ends by December 31 for all health insurance exchanges, encouraging people to maintain year-round health coverage rather than waiting until they get sick to enroll, which helps keep insurance affordable for everyone.
CMS says many changes are “temporary” measures set to sunset at the end in 2026 to immediately tamp down on the outflow of funds to ensure that eligibility verification processes work efficiently and allow qualified enrollees to access ACA Exchange coverage without fear of coverage gaps or surprise tax liabilities resulting from the improper actions of third parties.
To ensure federal subsidies for coverage through ACA Exchanges only support the statutory requirements and goals of the ACA, CMS also is:
Prohibiting federal subsidies from being used to help cover the cost of specified sex-trait modification procedures to align an individual’s physical appearance or body with an asserted identity that differs from the individual’s sex; and
Reinstating HHS’ longstanding 2012 interpretation of “lawfully present” to exclude Deferred Action for Childhood Arrivals (DACA) recipients from eligibility and enrollment in ACA Exchange coverage and Basic Health Program (BHP) coverage in States that elect to operate a BHP, including APTC, premium tax credits, and cost-sharing reductions.
CMS says these reforms address “improper enrollments and the improper flow of federal funds implemented during the Biden Administration.
Group health plans, their employer and other sponsors should prepare for potential implications of these changes on their workforce and health plans. These are likely to vary among employers and plans. Possible effects could include:
An increase in the number of uninsured workers or dependents;
Effects on Affordable Care Act and other testing;
New inquiries and requests for special or other enrollment;
Potential new notification and enrollment requirements;
Potential increases in occupational illness, sick or disability leave, absenteeism and presenteeism from uncovered workers; and
More.
Considering these and other effects can help health plans, their sponsors, and employees to prepare for and respond to these effects.
If you have questions or need help with these or other employee benefits concerns, contact the author of this update, Cynthia Marcotte Stamer, who is a Fellow in the American College of Employee Benefits Counsel with decades of employee benefits experience.
More Information Or Help
We hope this update is helpful. For more information about these or other health or other employee benefits, human resources, insurance, or health care legal developments, please contact the author, Cynthia Marcotte Stamer, via e-mail or telephone at (214) 452-8297.
Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating in and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.
About the Author
Cynthia Marcotte Stamer is a Martindale-Hubble AV-Preeminent (highest/top 1%) practicing attorney recognized as a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Health Care Law and Labor and Employment Law; among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law recognized for her experience, scholarship, thought leadership and advocacy on health and other employee benefits, insurance, healthcare, workforce, HIPAA and other data and technology and other compliance in connection with her work with health care and life sciences, employee benefits, insurance, education, technology and other highly regulated and performance-dependent clients.
Board certified in labor and employment law by the Texas Board of Legal Specialization and a Fellow in the American College of Employee Benefits Counsel, Ms. Stamer is nationally recognized for her decades of leading edge experience on the design, sponsorship, administration and defense of health and other employee benefit, workforce, insurance, healthcare , data and technology and other operations to promote legal and operational compliance, reduce regulatory and other liability and promote other operational goals.
Along with her decades of legal and strategic consulting experience, Ms. Stamer also contributes her leadership and experience to many professional, civic and community organizations. She currently serves as Co-Chair of the ABA Real Property Trusts and Estates (“RPTE”) Section Welfare Plan Committee, Co-Chair of the ABA International Section International Employment Law Committee and its Annual Meeting Program Planning Committee, Chair Emeritus and Vice Chair of the ABA Tort Trial and Insurance (“TIPS”) Section Medicine and Law Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee. She also has served as Scribe for the Joint Committee on Employee Benefits (“JCEB”) annual agency meetings with the Department of Health and Human Services and JCEB Council Representative, International Section Life Sciences Committee Chair, RPTE Section Employee Benefits Group Chair and a Substantive Groups Committee Member, Health Law Section Managed Care & Insurance Interest Group Chair, as TIPS Section Medicine and Law Committee Chair and Employee Benefits Committee and Workers Compensation Committee Vice Chair, Tax Section Fringe Benefit Committee Chair, and in various other ABA leadership capacities. Ms. Stamer also is a former Southwest Benefits Association Board Member and Continuing Education Chair, SHRM National Consultant Board Chair and Region IV Chair, Dallas Bar Association Employee Benefits Committee Chair, former Texas Association of Business State, Regional and Dallas Chapter Chair, a founding board member and Past President of the Alliance for Healthcare Excellence, as well as in the leadership of many other professional, civic and community organizations. She also is recognized for her contributions to strengthening health care policy and charitable and community service resolving health care challenges performed under PROJECT COPE Coalition For Patient Empowerment initiative and many other pro bono service involvements locally, nationally and internationally.
Ms. Stamer is the author of many highly regarded works published by leading professional and business publishers, the ABA, the American Health Lawyers Association, and others. Ms. Stamer also frequently speaks and serves on the faculty and steering committee for many ABA and other professional and industry conferences and conducts leadership and industry training for a wide range of organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see http://www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press™
Solutions Law Press™ provides health care, insurance, human resources and employee benefit, data and technology, regulatory and operational performance, and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education. These include extensive resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press™ resources or training.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstances at the particular time. No comment or statement in this publication is to be construed as legal advice or admission. Solutions Law Press and its authors reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. Solutions Law Press and its authors disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law-specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Group health plans, their employer and union sponsors, fiduciaries, insurers, administrators, communications and information technology vendors and participants interested in promoting technologies to help patients control their health and wellness have until June 16, 2025 is to share input with the Centers for Medicare & Medicaid Services (“CMS”) and the Office of the National Coordinator for Health Information Technology (“ONC”) in response to their currently open request for information (“RFI”).
Following up on the CMS Interoperability and Patient Access Final Ruleand part of Secretary Kennedy’s effotts to “Make America Healthy Again,” the agencies are inviting public input on designing a seamless, secure, and patient-centered digital health infrastructure that will help seniors and their families use modern technology to control of their health and well-being, manage chronic conditions, and access care more efficiently.
The RFI invites input from patients, caregivers, providers, payers, technology developers, and other stakeholders on how CMS and ONC can:
Drive the development and adoption of digital health management and care navigation applications;
Strengthen interoperability and secure access to health data through open, standards-based technologies;
Identify barriers preventing the seamless exchange of health information across systems; and
Reduce administrative burden while accelerating progress toward value-based, patient-centered care.
Many employee benefit plans, their sponsors and vendors have extensive experience and interest in the use of mobile applications and other technologies by plan members and their caregivers. Interested parties should consider sharing insights to help promote awareness of helpful designs and to deter investments or mandates of unhelpful technologies.
For More Information Or Help
We hope this update is helpful. For more information about these or other health or other employee benefits, human resources, or health care developments, please contact the author, Cynthia Marcotte Stamer, via e-mail or telephone at (214) 452-8297.
Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating in and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.
About the Author
Cynthia Marcotte Stamer is a Martindale-Hubble AV-Preeminent (highest/top 1%) practicing attorney recognized as a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Health Care Law and Labor and Employment Law; among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law recognized for her experience, scholarship, thought leadership and advocacy on HIPAA and other data and technology use, security and compliance in connection with her work with health care and life sciences, employee benefits, insurance, education, technology and other highly regulated and performance-dependent clients.
Board certified in labor and employment law by the Texas Board of Legal Specialization and a Fellow in the American College of Employee Benefits Counsel, Ms. Stamer is nationally recognized for her decades of leading edge experience on the design, sponsorship, administration and defense of health and other employee benefit, workforce, data and technology and other operations to promote legal and operational compliance, reduce regulatory and other liability and promote other operational goals.
Along with her decades of legal and strategic consulting experience, Ms. Stamer also contributes her leadership and experience to many professional, civic and community organizations. She currently serves as Co-Chair of the ABA Real Property Trusts and Estates (“RPTE”) Section Welfare Plan Committee, Co-Chair of the ABA International Section International Employment Law Committee and its Annual Meeting Program Planning Committee, Chair Emeritus and Vice Chair of the ABA Tort Trial and Insurance (“TIPS”) Section Medicine and Law Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee. She also has served as Scribe for the Joint Committee on Employee Benefits (“JCEB”) annual agency meetings with the Department of Health and Human Services and JCEB Council Representative, International Section Life Sciences Committee Chair, RPTE Section Employee Benefits Group Chair and a Substantive Groups Committee Member, Health Law Section Managed Care & Insurance Interest Group Chair, as TIPS Section Medicine and Law Committee Chair and Employee Benefits Committee and Workers Compensation Committee Vice Chair, Tax Section Fringe Benefit Committee Chair, and in various other ABA leadership capacities. Ms. Stamer also is a former Southwest Benefits Association Board Member and Continuing Education Chair, SHRM National Consultant Board Chair and Region IV Chair, Dallas Bar Association Employee Benefits Committee Chair, former Texas Association of Business State, Regional and Dallas Chapter Chair, a founding board member and Past President of the Alliance for Healthcare Excellence, as well as in the leadership of many other professional, civic and community organizations. She also is recognized for her contributions to strengthening health care policy and charitable and community service resolving health care challenges performed under PROJECT COPE Coalition For Patient Empowerment initiative and many other pro bono service involvements locally, nationally and internationally.
Ms. Stamer is the author of many highly regarded works published by leading professional and business publishers, the ABA, the American Health Lawyers Association, and others. Ms. Stamer also frequently speaks and serves on the faculty and steering committee for many ABA and other professional and industry conferences and conducts leadership and industry training for a wide range of organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see http://www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press™
Solutions Law Press™ provides health care, insurance, human resources and employee benefit, data and technology, regulatory and operational performance, and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education. These include extensive resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press™ resources or training.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstances at the particular time. No comment or statement in this publication is to be construed as legal advice or admission. Solutions Law Press and its authors reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. Solutions Law Press and its authors disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law-specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The Internal Revenue Service (“IRS”) published advanced notice of the 2026 inflation adjusted amounts for Health Savings Accounts (“HSAs”) § 223 of the Internal Revenue Code (“Code”) and the maximum amount that may be made newly available for excepted benefit health reimbursement arrangements (HRAs) provided under § 54.9831-1(c)(3)(viii) of the Pension Excise Tax Regulations.
In calendar year 2026, these amounts are as follows:
The annual limitation on deductions under § 223(b)(2) for an individual with coverage under a high deductible health plan for self-only is $4,400 and for family coverage under a high $8,750.
A “high deductible health plan” under § 223(c)(2)(A) will be defined as a health plan with an annual deductible that is not less than $1,700 for self-only coverage or $3,400 for family coverage, and for which the annual out-of-pocket expenses (deductibles, co-payments, and other amounts, but not premiums) do not exceed $8,500 for self-only coverage or $17,000 for family coverage.
For plan years beginning in 2026, the maximum amount that may be made newly available for the plan year for an excepted benefit HRA under Code § 54.9831-1(c)(3)(viii) is $2,200.
We hope this update is helpful. For more information about these or other health or other employee benefits, human resources, or health care developments, please contact the author, Cynthia Marcotte Stamer, via e-mail or telephone at (214) 452-8297.
Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating in and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.
About the Author
Cynthia Marcotte Stamer is a Martindale-Hubble AV-Preeminent (highest/top 1%) practicing attorney recognized as a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Health Care Law and Labor and Employment Law; among the “Best Lawyers In Dallas” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law recognized for her experience, scholarship, thought leadership and advocacy on HIPAA and other data and technology use, security and compliance in connection with her work with health care and life sciences, employee benefits, insurance, education, technology and other highly regulated and performance-dependent clients.
Board certified in labor and employment law by the Texas Board of Legal Specialization and a Fellow in the American College of Employee Benefits Counsel, Ms. Stamer is nationally recognized for her decades of leading edge experience on the design, sponsorship, administration and defense of health and other employee benefit, workforce, data and technology and other operations to promote legal and operational compliance, reduce regulatory and other liability and promote other operational goals.
Along with her decades of legal and strategic consulting experience, Ms. Stamer also contributes her leadership and experience to many professional, civic and community organizations. She currently serves as Co-Chair of the ABA Real Property Trusts and Estates (“RPTE”) Section Welfare Plan Committee, Co-Chair of the ABA International Section International Employment Law Committee and its Annual Meeting Program Planning Committee, Chair Emeritus and Vice Chair of the ABA Tort Trial and Insurance (“TIPS”) Section Medicine and Law Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee. She also has served as Scribe for the Joint Committee on Employee Benefits (“JCEB”) annual agency meetings with the Department of Health and Human Services and JCEB Council Representative, International Section Life Sciences Committee Chair, RPTE Section Employee Benefits Group Chair and a Substantive Groups Committee Member, Health Law Section Managed Care & Insurance Interest Group Chair, as TIPS Section Medicine and Law Committee Chair and Employee Benefits Committee and Workers Compensation Committee Vice Chair, Tax Section Fringe Benefit Committee Chair, and in various other ABA leadership capacities. Ms. Stamer also is a former Southwest Benefits Association Board Member and Continuing Education Chair, SHRM National Consultant Board Chair and Region IV Chair, Dallas Bar Association Employee Benefits Committee Chair, former Texas Association of Business State, Regional and Dallas Chapter Chair, a founding board member and Past President of the Alliance for Healthcare Excellence, as well as in the leadership of many other professional, civic and community organizations. She also is recognized for her contributions to strengthening health care policy and charitable and community service resolving health care challenges performed under PROJECT COPE Coalition For Patient Empowerment initiative and many other pro bono service involvements locally, nationally and internationally.
Ms. Stamer is the author of many highly regarded works published by leading professional and business publishers, the ABA, the American Health Lawyers Association, and others. Ms. Stamer also frequently speaks and serves on the faculty and steering committee for many ABA and other professional and industry conferences and conducts leadership and industry training for a wide range of organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see http://www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press™
Solutions Law Press™ provides health care, insurance, human resources and employee benefit, data and technology, regulatory and operational performance, and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education. These include extensive resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press™ resources or training.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstances at the particular time. No comment or statement in this publication is to be construed as legal advice or admission. Solutions Law Press and its authors reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. Solutions Law Press and its authors disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law-specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Creating greater transparency of the compensation of prescription benefit management (“PBM”) arrangements used in group health plans covered by the Employee Retirement Income Security Act of 1974 (“ERISA”) is one of many new policy directives President Trump directs federal agencies to pursue to promote lower cost access to prescription drugs under his Executive Order on Lowering Drug Prices By Once Again Putting Americans First (the “Executive Order”) signed April 15, 2025. Employer and union-sponsored health plans, their sponsors, fiduciaries and service providers should carefully track and provide appropriate input to the Department of Labor and other federal agencies charged with implementing the new ERISA transparency requirement and other policy changes directed in the Executive Order.
ERISA PMB Transparency Requirements
To improve the transparency of compensation received by PBMs working with ERISA-covered group health plnas, the Executive Order directs the Department of Labor (“DOL”) to propose regulations to make the fee disclosure requirements of ERISA section 408(b)(2)(B) applicable to PBMs by October 12, 2025.
The Executive Order’s directive to the DOL contemplates that DOL will revise its existing regulations under Section 408(b)(2) to prohibit group health plan fiduciaries from allowing PBMs to directly or indirectly receive compensation for their PBM services unless the PBM discloses its compensation from the arrangement in accordace with the fee disclosure requirements that the Executive Order contemplates DOL will add to ERISA section 408(b)(2).
While DOL regulations have required since 2012 that pension plan service providers to disclose direct or indirect compensation under arrangements with ERISA-covered pension plans in order for the service provider compensation to be allowed “reasonable compensation” under ERISA section 408(b)(2), the fee disclosure requirement currently does not apply to PBMs or other service providers to group health plans or other welfare benefit plan arrangements.
Across the intervening years, concern that the lack of transparency and disclosure allows PBMs to receive excessive compensation and engage in conflicts of interest has led employee benefit industry watchdogs, employer and other plan sponsors, plan members, health care providers and others increasingly to urge the DOL to impose fee disclosure requirements on PBMs and other health and welfare benefit plan service providers. The Executive Order yields to these demands by calling upon the DOL to deem a group health plan’s compensation arrangements with PBMs reasonable only where PBMs disclose direct and indirect compensation, including compensation paid among related parties such as subcontractors, in a manner consistent with current Section 408(b )(2) Regulations.
Other Prescription Drug Reforms
The Executive Order also includes numerous other reform directives beyond calling for DOL to make PBMs subject to ERISA’s fee disclosure rules. These included several directives to HHS and certain other agencies that President Trump intends to lower the cost of prescription drugs within and outside the Medicare program.
Medicare & Other Drug Pricing and Coverage Related Prescription Drug Reforms
Many of the policy directives in the Executive Order seek to reform Medicare and other prescription drug cost and coverage.
By April 15, 2026, for instance, the Executive Order directs HHS to develop a better payment model to improve the ability of the Medicare program to obtain better value for high-cost prescription drugs and biological products covered by Medicare, including those not subject to the Medicare Drug Price Negotiation Program.
In addition, the Executive Order:
Directs HHS to work with the Congress to modify the Medicare Drug Price Negotiation Program to align the treatment of small molecule prescription drugs with that of biological products so as to end the distortion that undermines relative investment in small molecule prescription drugs, coupled with other reforms to prevent any increase in overall costs to Medicare and its beneficiaries;
By June 14, 2025,
Requires HHS to propose changes to the Medicare Drug Price Negotiation Program regulations for the initial price applicability year 2028 and manufacturer implementation of maximum fair price under such program in 2026, 2027, and 2028 to improve the transparency of the Medicare Drug Price Negotiation Program, prioritize the selection of prescription drugs with high costs to the Medicare program, and minimize any negative impacts of the maximum fair price on pharmaceutical innovation within the United States; andRequires HHS to require health centers receiving Public Health Service Act Section 330(e) grants to establish practices to make insulin and injectable epinephrine available at or below the discounted price paid by the health center grantee or sub-grantee under the 340B Prescription Drug Program (plus a minimal administration fee) to low income individuals who have a high cost-sharing requirement for either insulin or injectable epinephrine; have a high unmet deductible; or have no healthcare insurance.Requires the Assistant to the President for Domestic Policy (“APDP”) in coordination with the Secretary, the Director of the Office of Management and Budget (“OMB Director”), and the Assistant to the President for Economic Policy (“APECP”), to provide recommendations to the President on how best to stabilize and reduce Medicare Part D premiums;Requires the HHS Secretary to publish a plan to conduct a survey under the Site-of-Service Price Transparency rules of Social Security Act Section 1833(t)(14)(D)(ii) to determine the hospital acquisition cost for covered outpatient drugs at hospital outpatient departments and propose appropriate adjustments to align Medicare payment with the cost of acquisition, consistent with the budget neutrality requirements; and
Requires HHS to evaluate and propose regulations to ensure that payment within the Medicare program is not encouraging a shift in drug administration volume away from less costly physician office settings to more expensive hospital outpatient departments.
Other Prescription Drug Reforms
In addition to these predominantly Medicare-focused programs, the Executive Order also orders federal agencies to
Requires the Secretary of Labor to propose regulations pursuant to section 408(b)(2)(B) of the Employee Retirement Income Security Act of 1974 to improve employer health plan fiduciary transparency into the direct and indirect compensation received by pharmacy benefit managers by October 12, 2025;
Requires the APDP, in coordination with the HHS Secretary, the OMB Director, and the APECP, to provide recommendations to the President on how best to promote a more competitive, efficient, transparent, and resilient pharmaceutical value chain that delivers lower drug prices for Americans by June 14, 2025;
Requires the Food and Drug Administration to streamline and improve the Importation Program under the Federal Food, Drug, and Cosmetic Act to make it easier for States to obtain approval without sacrificing safety or quality;
Requires the OMB Director, the APDP, and the Assistant to the President for Economic Policy )”APECP, and HHS Secretary to provide joint recommendations on how best to ensure that manufacturers pay accurate Medicaid drug rebates consistent with section 1927 of the Social Security Act, promote innovation in Medicaid drug payment methodologies, link payments for drugs to the value obtained, and support States in managing drug spending;
Requires the HHS Secretary, through the Commissioner of Food and Drugs, to issue a report providing administrative and legislative recommendations to accelerate approval of generics, biosimilars, combination products, and second-in-class brand name medications; and improve the process through which prescription drugs can be reclassified as over-the-counter medications, including recommendations to optimally identify prescription drugs that can be safely provided to patients over the counter;
Requires HHS, the Department of Justice, the Department of Commerce, and the Federal Trade Commission to conduct listening sessions and issue a report with recommendations to reduce anti-competitive behavior from pharmaceutical manufacturers.
Health plans, their sponsoring employers or unions, fiduciaries, PBM and other service providers, brokers, insurers, auditors, and others involved in the design or oversight of PBM and other group health plan arrangements should monitor closely the DOL and other agency responses to the Executive Order to anticipate and prepare for required changes, as well as to be prepared to identify and timely provide input about proposed rules or other actions to DOL or the otherwise applicable regulatory agency before finalized.
The author of this update, Cynthia Marcotte Stamer is an American College of Employee Benefits Counsel Fellow and attorney board certified in Labor and Employment Law by the Texas Board of Legal Specialization, with decades of experience advising employers and other health plan sponsors, health plans, health plan fiduciaries and administrators, PBMs, health and other insurers, third party administrators, managed care organizations, health plan technology, and other businesses about health plan design, administration, and other compliance, risk management and operational matters. If you have questions or need advice or help evaluating or addressing these or other compliance, risk management, or other concerns, contact her.
For More Information
We hope this update is helpful. For more information about these or other health or other employee benefits, human resources, or health care developments, please contact the author, Cynthia Marcotte Stamer, via e-mail or telephone at (214) 452-8297.
Solutions Law Press, Inc. invites you to receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.
About the Author
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation; Cynthia Marcotte Stamer is an attorney board certified in labor and employment law by the Texas Board of Legal Specialization, management consultant, author, public policy advocate and lecturer sought out by clients and industry and government leaders for her more than 35 years of health, insurance, employment and employee benefits and other industry management work, thought leadership, public policy and regulatory affairs advocacy, coaching, teaching, and publications on health and other employee benefits, health care, insurance, workforce and other risk management and compliance.
Along with her decades of legal and strategic consulting experience, Ms. Stamer also contributes her leadership and experience to many professional, civic and community organizations. Along with currently serving as Co-Chair of the ABA Real Property Trusts and Estates (“RPTE”) Section Welfare Plan Committee, Co-Chair of the ABA International Section International Employment Law Committee and its Annual Meeting Program Planning Committee, Chair Emeritus and Vice Chair of the ABA Tort Trial and Insurance (“TIPS”) Section Medicine and Law Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, her previous ABA leadership roles include more than a decade of service as a Scribe for the Joint Committee on Employee Benefits (“JCEB”) annual agency meetings with the Department of Health and Human Services and JCEB Council Representative, International Section Life Sciences Committee Chair, RPTE Section Employee Benefits Group Chair and a Substantive Groups Committee Member, Health Law Section Managed Care & Insurance Interest Group Chair, as TIPS Section Medicine and Law Committee Chair and Employee Benefits Committee and Workers Compensation Committee Vice Chair, Tax Section Fringe Benefit Committee Chair, and in various other ABA leadership capacities. Ms. Stamer also is a former Southwest Benefits Association Board Member and Continuing Education Chair, SHRM National Consultant Board Chair and Region IV Chair, Dallas Bar Association Employee Benefits Committee Chair, former Texas Association of Business State, Regional and Dallas Chapter Chair, a founding board member and Past President of the Alliance for Healthcare Excellence, as well as in the leadership of many other professional, civic and community organizations. She also is recognized for her contributions to strengthening health care policy and charitable and community service resolving health care challenges performed under PROJECT COPE Coalition For Patient Empowerment initiative and many other pro bono service involvements locally, nationally and internationally.
Ms. Stamer is the author of many highly regarded works published by leading professional and business publishers, the ABA, the American Health Lawyers Association, and others. Ms. Stamer also frequently speaks and serves on the faculty and steering committee for many ABA and other professional and industry conferences and conducts leadership and industry training for a wide range of organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see http://www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press™
Solutions Law Press™ provides health care, insurance, human resources and employee benefit, data and technology, regulatory and operational performance, and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education. These include extensive resources on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press™ resources or training.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstances at the particular time. No comment or statement in this publication is to be construed as legal advice or an admission. Solutions Law Press and its authors reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. Solutions Law Press and its authors disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law-specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The $1.19 million Health Insurance Portability and Accountability Act (“HIPAA”) penalty imposed on a Florida pain clinic this week sends a clear warning to health plans, health care providers, healthcare clearinghouses and their business associates (“Covered Entities”) to take adequate, documented steps to ensure the defensibility of their own safeguards and other compliance with the HIPAA Security Rule including those from their own current and former workers and service providers.
HIPAA Security Rule
The HIPAA Privacy, Security, and Breach Notification Rules require health plans, health car clearinghouses, and most health care providers, and their business associates (“Covered Entities”) to meet requirements to protect the privacy and security of protected health information (“PHI”). The HIPAA Security Rule included in these rules requires Covered Entities to conduct and maintain documented risk assessments to prove their efforts to comply with detailed national administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI (“ePHI”).
Violation of HIPAA can trigger either civil monetary penalties or criminal penalties under HIPAA. As amended by the the HITECH Act, HIPAA provides for the following civil monetary penalties for HIPAA violations:
A minimum of $100 for each violation where the covered entity or business associate did not know and, by exercising reasonable diligence, would not have known that the covered entity or business associate violated such provision, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000
A minimum of $1,000 for each violation due to reasonable cause and not to willful neglect, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $100,000. Reasonable cause means an act or omission in which a covered entity or business associate knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the covered entity or business associate did not act with willful neglect.
A minimum of $10,000 for each violation due to willful neglect and corrected within 30 days, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $250,000.
Aminimum of $50,000 for each violation due to willful neglect and uncorrected within 30 days, except that the total amount imposed on the covered entity or business associate for all violations of an identical requirement or prohibition during a calendar year may not exceed $1,500,000.
As required by law, OCR adjusts the CMP ranges for each penalty tier for inflation3 for violations after November 2, 2015.
Along with these potentially substantial civil penalty exposures, HIPAA’s potential criminal penalties make HIPAA compliance a required element of the Federal Sentencing Guideline Compliance programs Covered Entities and their leaders need to mitigate their exposures to organizational liability under the Guidelines.
Additionally HIPAA breaches also may expose Covered Entities and their leaders to potential liability for breach liability under securities, electronic crimes, and other data breach and security laws; Federal Sentencing Guideline and other liability for misappropriation of funds, health care or other fraud and other crimes enabled by inadequate compliance or response; trigger fiduciary and other duties and liabilities under the Employee Retirement Income Security Act of 1974 (“ERISA”) for those acting as named or functional fiduciaries; I create licensing or ethical sanctions; create shareholder, tort or contractual liabilities; trigger public company disclosure and executive compensation clawback responsibilities; and a host of other legal, operational and business partner and public relations headaches.
New $1.19 Million Settlement
The $1.19 million penalty against Pain Clinic for Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute (“Gulf Coast Pain Consultants”) announced December 4, 2024 by the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) shows how quickly a Covered Entity found in violation of these rules can rack up substantial civil monetary penalties. Although specifically involving a health care provider, health plans are exposed to the same risks.
The Gulf Coast Pain Management civil monetary penalty arose from OCR’s finding of “systematic” HIPAA Security Rule violations while investigating a breach report that a former contractor for the company impermissibly accessed their electronic record system.
OCR initiated the investigation following the receipt of a breach report filed by Gulf Coast Pain Consultants, which reported that a former contractor impermissibly accessed Gulf Coast’s electronic medical record system to retrieve PHI for use in potential fraudulent Medicare claims.
OCR’s investigation revealed the breach was accomplished by a business consultant independent contractor hired to provide business consulting in 2018, whose contract was terminated prematurely a several months later before the end of the contract term.
After the contract terminated, Gulf Coast did not immediately terminate the former contractor’s system access.
Months later on February 20, 2019, Gulf Coast discovered that on three occasions, between September 7, 2018, and February 3, 2019, the Contractor impermissibly used its access to Gulf Coast’s electronic medical record (“EMR”) system to access the ePHI of approximately 34,310 individuals. On February 21, 2019, Gulf Coast terminated the independent contractor’s access to its systems.
It was later discovered that the Contractor generated medical claims for services that were not actually rendered, resulting in approximately 6,500 false Medicare claims. The Contractor was indicted under 18 U.S.C. §1347 and §1028(a)(1) and was ultimately found not guilty.
On April 5, 2019, Gulf Coast filed a breach report with OCR concerning this incident. The report described that the compromised PHI included names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, chart numbers, insurance information, and primary care information.
OCR’s investigation determined that the impermissible access occurred on three occasions, affecting approximately 34,310 individuals. The compromised PHI included patient names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, chart numbers, insurance information, and primary care information.
Based on the investigation, OCR found four violations by Gulf Coast Pain Consultant of the HIPAA Security Rule, including failures to:
Conduct an accurate and thorough risk analysis to determine the potential risks and vulnerabilities to ePHI in its systems;
Implement procedures to regularly review records of activity in information systems;
Implement procedures to terminate former workforce members’ access to ePHI; and
Implement procedures for establishing and modifying workforce members’ access to information systems.
As often happens, the investigation and other processes leading to the settlement were protracted and expensive.
More than four years after the breach and its report, OCR issued a Notice of Proposed Determination in August 2024 seeking to impose a civil money penalty. After Gulf Coast waived its right to a hearing and did not contest OCR’s findings, OCR issued its Notice of Final Determination imposing the $1,190,000 civil money penalty.
Take Aways
Aside from demonstrating the significant penalties that Covered Entities can face for failing to satisfy HIPAA, the settlement also highlights the need for health plans, their fiduciaries, service providers and other HiIPAA_regulated entities to manage data security threats from contractors and other current and former service providers with access to ePHI and other Security Rule compliance.
“Current and former workforce can present threats to health care privacy and security—risking continuity of care and trust in our health care system,” said OCR Director Melanie Fontes Rainer in its announcement of the penalty. “Effective cybersecurity and compliance with the HIPAA Security Rule means being proactive in reviewing who has access to health information and responding quickly to suspected security incidents.”
OCR recommends that Covered Entities take a number of steps to mitigate or prevent cyber threats including
Integrate risk analysis and risk management into business processes.
Implement regular review of information system activity.
Implement procedures for terminating access to ePHI when the employment of, or other arrangement with, a workforce member ends.
Implement procedures for modifying a user’s right of access to a workstation, transaction, program or process, or an alternative equivalent measure.
A multitude of other risk assessment and mitigation actions required in response to existing and emerging threats arising from time to time as identified and evaluated pursuant to the ongoing conduct of documented risk assessments required by the Security Rule.
Because the Employee Benefit Security Administration views ensuring proper data security and HIPAA compliance an ERISA fiduciary responsibility and includes cybersecurity in its ERISA compliance audits, health plan fiduciaries also face breach of fiduciary duty and other exposures under ERISA.
The author of this update, Cynthia Marcotte Stamer has worked extensively with health plans and insurers, their sponsors and fiduciaries on covered entities and business associates on HIPAA and other compliance and risk management. If you have questions or need advice or help evaluating or addressing your HIPAA or other compliance, risk management, or other concerns, contact her.
For More Information
We hope this update is helpful. For more information about the or other health or other employee benefits, human resources, or health care developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452-8297.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for her more than 35 years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications including leading edge work on PBM, pharmacy and pharmaceutical and other health care, managed care, insurance, and insured and self-insured contracting, design, administration and regulation..
Author of numerous highly regarded works on PBM and other health plan contracting and design, Immediate Past Chair of the ABA International Section Life Sciences Committee and the Tort Trial and Insurance Practice Section Medicine and Law Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and past Group Chair and current Welfare Benefit Committee Co-Chair of the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is most widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with HIPAA and other legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns.
As a part of this work, she has continuously and extensively worked with domestic and international health plans, their sponsors, fiduciaries, administrators, and insurers; managed care and insurance organizations; third party administrators and other health benefit service providers; hospitals, health care systems and other health care providers, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.
Author of many highly regarded compliance, training and other resources on HIPAA and other risk management and compliance, Ms. Stamer is widely recognized for her thought leadership on HIPAA and many other health care, health plan and other health industry matters.
In addition, Ms. Stamer serves as a Scribe for the American Bar Association (“ABA”) Joint Committee on Employee Benefits annual agency meetings with OCR and shares her thought leadership as International Section Life Sciences Committee Vice Chair, and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general information and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation considering the specific facts and circumstances presented in their unique circumstance at the particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law constantly and often rapidly evolves, subsequent developments that could impact the currency and completeness of this discussion are likely. The author and Solutions Law Press, Inc. disclaim and have no responsibility to provide any update or otherwise notify anyone of any fact or law specific nuance, change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Public support and appreciation for employer-sponsored healthcare continues to run high, according to the results of a national online survey of 1,000 people with employer-provided coverage conducted by the research firm LSG on AHIPA from July 10-19, 2024. The survey results reflect employer-provided health coverage remains an important tool for employee recruitment and retention and widespread opposition to public policy changes that would replace employer-provided coverage with government-provided benefits or tax employer-provided coverage or benefits.
AHIP commissioned the survey to understand the perceptions, priorities, and expectations of consumers with employer-provided coverage about their current coverage and benefits, employers, and public policy impacting their coverage and compare their attitudes against results of a survey conducted in April 2023. LSG reports the survey has a margin of error of +/- 3% and was balanced to national demographics for gender, age, and region. AHIP announced the results of the survey on November 13, 2024.
According to AHIP, 50% of Americans received their health coverage from employer-provided plans. The survey responses revealed:
A growing majority of consumers (75%,+12% since April 2023) are satisfied with their current employer-provided coverage.
66% (+12%) are satisfied with the current health insurance system overall
Comprehensive coverage, affordability, and choice of providers their plans provide are key factors in creating this satisfaction
71% (+12%) feel the quality of their current health plan is high
74% (+6%) prefer to get their coverage through their employer over a federal or state government program
Costs remain a top consumer concern and a leading source of plan dissatisfaction, 66% (+13%) of respondents reported that what they currently pay for their coverage overall is reasonable and helps to lower their health care costs
While unhappy with coverage costs, 63% of respondents identified the comprehensiveness of coverage as a greater priority than affordability (31%).
Benefits most valued by respondents were emergency care (65%), prescription drugs (63%), and preventive care (57%).
88% of respondents reported their health plan covers preventive
services (88%), provides access to top providers (78%), and gives them financial peace of mind if something bad were to happen (75%).
53% of respondents reported feeling employer-provided coverage is effectively meeting children’s mental health needs and 61% reported believing the need for mental health care for children will increase.
67% of respondents reported considering it important for health insurance plans to cover telehealth services
76% of respondents reported believing it’s important for the federal government to maintain the COVID-19 telehealth flexibilities for patients
The survey also reflects the continued value of employer-provided health coverage in attracting and retaining employees. Sixty-one percent of respondents said health coverage plays an impactful role in employee recruitment and 80% reported health coverage was a reason for staying in their current position. Once informed that the average company pays 70-80% of the cost of coverage, a majority of respondents (71%) reported having a more favorable impression of companies that provide their employees with health insurance benefits.
The satisfaction and support from the study reflect likely opposition by workers to changes proposed by some politicians to change the current tax treatment of employer-provided coverage to tax employee health benefits. The survey found a growing majority oppose taxing employee health benefits (58%, +6%), and an even greater majority would be less likely to vote for a lawmaker who supports taxing them (63%).
Review the complete report of survey results here.
If you have questions about health plan design, administration or defense, contact the author of this update, Cynthia Marcotte Stamer.
More Information
We hope this update is helpful. For more information about the these or other legal, management or regulatory concerns, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Management attorney and operations consultant Cynthia Marcotte Stamer uses a client objective oriented approach to help businesses, governments, associations and their leaders manage people, performance, risk, legislative and regulatory affairs, data, and other essential elements of their operations.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35+ years of workforce and other management work, public policy leadership and advocacy, coaching, teachings, scholarship and thought leadership. As a part of this experience, Miss Stamer has experience assisting clients with auditing, compliance, investigation and defense SCA, Davis-Bacon, Fair Labor Standards Act and other pay, benefits, compensation and fringe benefit concerns.
A Fellow in the American College of Employee Benefit Counsel, Vice Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, Ms. Stamer’s work throughout her 35 year career has focused heavily on working with government contractors, health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As an ongoing component of this work, she regularly advises, represents and defends businesses on Guideline Program and other compliance, risk management and other internal and external controls in a wide range of areas and has published and spoken extensively on these concerns.
Ms. Stamer also is widely recognized for her decades of pragmatic, leading edge work, scholarship and thought leadership on workforce, compensation, and other operations, risk management, compliance and regulatory and public affairs concerns.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE ABOUT THIS COMMUNICATION
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving, and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The $2.7 million settlement government contractor Insight Global LLC, (“Insight”) is paying to settle a Justice Department (“DOJ”) False Claims Act civil suit for lax cybersecurity shows government contractors now must add possible False Claims Act prosecution to the already substantial and ever-widening potential consequences all organizations and leaders when their organizations experience a cyber incident.
Supplementing the strength and reach of existing cybersecurity laws by using the False Claims Act, federal securities, employee benefit fiduciary responsibility. and other laws as tools to pressure organizations and their leaders to strengthen their cybersecurity compliance and defenses is a key component of the National Cybersecurity Strategy the Administration announced in March, 2023 to battling the ongoing pandemic of cyber incidents. As National Cybersecurity Strategy states, “Continued disruptions of critical infrastructure and thefts of personal data make clear that market forces alone have not been enough to drive broad adoption of best practices in cybersecurity and resilience. … We must hold the stewards of our data accountable for the protection of personal data; drive the development of more secure connected devices; and reshape laws that govern liability for data losses and harm caused by cybersecurity errors, software vulnerabilities, and other risks created by software and digital technologies.
The National Cyber Security Strategy goes on to warn, “We will use Federal purchasing power and grant-making to incentivize security.”
With holding businesses and their leaders accountable a key component of the Federal government’s National Cybersecurity Strategy, government contractors specifically and all businesses and their leaders generally should heed the use of the DOJ’s use of the False Claims Act as another tool in its expanding arsenal for holding businesses experiencing cyber breaches accountable as proof of their own growing imperative to manage their own cyber security and liability in response to exploding strains of cyber threats and liabilities.
Government Contractor False Claims Act Cyber Risk
DOJ’s adoption of the False Claims Act as a tool for imposing liability against government contractors experiencing a cyber breach is part of a broader effort to persuade organizations and their leaders to tighten their cyber security defenses and responses by ratcheting up the liability and other consequences organizations and their leaders face when their organizations experience a cyber incident. The False Claims Act imposes treble damages and penalties on those who knowingly and falsely claim money from the United States or knowingly fail to pay money owed to the United States.
A Civil Cyber-Fraud Initiative announced by DOJ on October 6, 2021 adds potential False Claims Act civil lawsuits by DOJ or private whistleblowers to the already significant and expanding consequences government contractors and grant holders can face for failing to fulfill requirements to properly secure protected health information or other sensitive data as required in their government contracts.
According to DOJ’s May 1, 2024 announcement, Insight will pay $2.7 million to resolve DOJ False Claims Act charges for failing to have adequate cybersecurity measures to protect health information obtained during COVID-19 contact tracing under the new of the Settlement shows DOJ is following through on its promise.
$2.7 Million Insight FCA Cyber Settlement
The $2.7 million Settlement settles a whistleblower lawsuit, United States ex rel. Seilkop v. Insight Global LLC, No. 1:21-cv-1335 (M.D. Pa.). Filed under the whistleblower provisions of the False Claims Act that permit private parties to sue on behalf of the government when they believe that defendants submitted false claims for government funds and to receive a share of any recovery, DOJ intervened in the suit. Whistleblower, Terralyn Williams Seilkop, a former Insight Global staff member who worked on the contact tracing at issue, will receive a $499,500 share of the $2.7 million settlement amount.
The lawsuit alleged the Pennsylvania Department of Health hired Insight to provide staffing for COVID-19 contact tracing and paid Insight using federal funds from the U.S. Centers for Disease Control and Prevention. Although keeping personal health information of contact tracing subjects confidential and secure was part on its contractual duties, Insight failed to secure the protected health information. Instead, DOJ claimed, for example, Insight transmitted certain personal health information and/or personally identifiable information of contact tracing subjects in the body of unencrypted emails, stored and transmitted the information using Google files not password protected, making them potentially accessible to the public via internet links and allowed staff to use shared passwords to access that information.
DOJ additionally alleged that from November 2020 through January 2021, Insight managers received complaints from Insight staff that protected health information was unsecure and potentially accessible to the public, but failed to start remediating the issue until April 2021 after deficiencies came to light.
When Insight eventually began remediating these cybersecurity breaches and deficiencies in 2021, the announcement states Insight cooperated with the DOJ investigation of the cause and scope of the incident. It also took steps to remedy cybersecurity deficiencies by strengthening internal controls and procedures, adding more data-security resources and issuing a public notice regarding the scope of the potential exposure and offering free credit monitoring and identity protection services to those affected. FOJ also reports Insight also cooperated with the United States’ investigation.
DOJ’s Insight settlement announcement warns other government contractors of DOJ’s “continuing commitment to ensure that government contractors fulfill their cybersecurity obligations.” Its announcement quotes Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division as stating, “The Justice Department will hold accountable those contractors who knowingly fail to satisfy cybersecurity requirements.”
Meanwhile, Special Agent in Charge Maureen R. Dixon of the Department of Health and Human Services Office of Inspector General (HHS-OIG) is quoted as stating “Contractors for the government who do not follow procedures to safeguard individuals’ personal health information will be held accountable.”
Cyber Risk Implications For Government Contractor & Other Organizations
Potential False Claims Act liability under the DOJ False Claims Act Civil Cyber-Fraud Initiative add additional liability risks for government contractors to already substantial and growing federal and state regulatory, contractual, and civil and criminal liabilities and other consequences that cyber breaches and other cybersecurity weaknesses create for business and other organizations, their health plans and their leaders. Examples of these other exposures that lax privacy, data security, data breach and other cybersecurity practice may create include:
Business operating losses from resulting operational disruptions and damages to customer, business partner, shareholder and public trust;
Federal Sentencing Guidelines organizational criminal liability arising from violations of electronic crime and other federal criminal data privacy and security laws;
Federal Trade Commission Act and state unfair business practices liability for deceiving customers about privacy practices;
Security and Exchange Commission (“SEC”) criminal and civil actions and shareholder lawsuits under the Security and Exchange Act;
Health Insurance Portability & Accountability Act civil monetary penalty and criminal exposures for health plans, health care providers, health care clearinghouses and their business associates;
Employee Benefit Security Act fiduciary liability for health fiduciaries;
Liability for violation of Fair and Accurate Transaction Act, Internal Revenue Code, or other federal privacy or confidentiality laws;
damages and other penalties and judgments arising under state identity theft, data security, privacy and other state statutory, contractual and tort laws; and
More.
These and other constantly emerging exposures show the imperative for government contractors and all other organizations and their leaders to ensure their organizations take adequate, well-documented efforts to protect their systems and data and fulfill all otherwise applicable cybersecurity rules.
With new cyber attacks and strains of cyber liability, emerging constantly, organizations, and their leaders increasingly must change the way they think about and address their own cyber security and other technology, budgets and management. The escalation of cyber incidents and risks necessitates that organizations and their leaders to treat cybersecurity as critical components of their operational and business plans and priorities.
Amid the pandemic of constantly evolving cyber threats, even the most diligent efforts to secure systems and data cannot guarantee the prevention of a breach or other cyber incident. Given this challenge, organizations and their leaders must focus both on taking meaningful steps to adequately secure their systems and data against a cyber breach or incident as well as position their organizations and leaders to defend their actions and mitigate exposures through appropriate strategic planning, documented oversight and risk assessment, monitoring and response of threats and safeguards; preparation and timely response to cyber events using attorney-client privilege and other evidentiary tools to promote the defensibility of pre-breach, breach investigation and post-breach investigation and decision-making.
As the availability of funding can radically impact the effectiveness of these and other risk mitigation efforts when a cyber incident occurs, these preparations also should incorporate insurance and other arrangements to provide for breach investigation funding and response.
If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters, contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
About the Author
Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of cybersecurity, workforce, technology and other compliance, risk management and mitigation, incident and other investigations,regulatory and government affairs, and other strategic, operational, regulatory and legal and consulting management work for government contractors and other public and private businesses; managed care and other health and life science, insurance, technology, and other performance and data dependent organizations,
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership with healthcare and life sciences, employment and employee benefits, managed care and insurance, data and technology and other related industries and organizations. Known for her skill combined use of her extensive legal and operational knowledge to help these and other clients develop, operationalize and defend employment, employee benefits, compensation and other staffing and workforce; data, systems and other technology; heath benefit and other healthcare and life science, managed care and insurance; employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational actions and practices. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Laws Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here.
IMPORTANT NOTICE
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
What Health Plans, Their Fiduciaries, Vendors & Sponsors Should Be Doing Now
Health plans, their fiduciaries, health plan sponsors and insurers, and their administrative and other service providers should move quickly to understand and act to mitigate the exposures likely to arise under the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the claims, notice and fiduciary responsibilities under the Employee Retirement Income Security Act of 1974 (ERISA), state contract, prompt pay and other duties to health care providers or other responsibilities in response to disruptions created by the Blackcat1234 ransomware attack (CH/UHG Attack) experienced by UnitedHealthcare Group (UHG) subsidiary Change Healthcare.
Change Healthcare Ransomware Attack
On February 21, 2024, a ransomware attack executed by the Blackcat1234 ransomware group took control of and shut down the payment, revenue cycle management and related tools and systems of UHG Subsidiary Change Healthcare. Well-known for stealing sensitive data and demanding ransom for not publishing it, and other public and private cybersecurity monitoring and tracking organizations have warned heath care and other system operators to guard against Blackcat1234 and related ransomware attack risks since at least 2022. See, e.g., #StopRansomware: ALPHV Blackcat | CISA.
The Change Health shutdown resulting from the Blackcat1234 ransomware attack has created widespread disruptions to key care authorization, billing and other pharmacy, provider and other plan and provider transactions within health care and health benefit systems nationwide due to the widespread use of the Change Health tools.
Due to the widespread use of the Change Healthcare tools and systems as a financial clearinghouse for connecting pharmacy benefit managers, health care providers, and other key plays and health plans throughout the health care and health benefits industry, the attack has and continues to disrupt key billing, care-authorization, payment and other transactions between health plans, health care payers and pharmacies, physicians and other health care providers and health care payers and their partners across the health care industry.
As UHG has worked to recover from the Change Health attack, the resulting shutdown and disruption to electronic payment and medical claims systems incorporating the compromised Change Healthcare tools create various legal and operational headaches for many health plans and other health care payers by preventing or obstructing the submission and processing of health care claims and other transactions between health care providers and health plans. While UHG works to remediate and restore the operability and security of the Choice Health tools and systems, health plans, and insurers, their fiduciaries, plan sponsors, and fiduciaries should take timely and prudent steps in response to the breach and resulting disruptions to mitigate the exposure of their health plans, and themselves under HIPAA and ERISA.
While most health care providers and health plans expect Change Health and other UHG entities to face potential data breach and breach notification responsibilities and liabilities under HIPAA and other federal and state data privacy and cybersecurity laws, many health plan fiduciaries, sponsors, insurers, and administrative or other service providers have given limited consideration to how the February 21, 2024, cyber event impacted their HIPAA responsibilities and exposures. Guidance published by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) on March 13, 2023, alerts health plans and health insurers, their fiduciaries and plan sponsors, health care providers, health care clearinghouses, and their business associates (covered entities) against overlooking their own potential HIPAA responsibilities arising from the February 21 Choice Health attack or other similar events.
HIPAA requires covered entities and their business associates to protect the privacy and security of protected health information, to have and enforce HIPAA-compliant business associate agreements, to conduct timely documented risk assessments in response to known or foreseeable security threats, and to provide notice of a breach to OCR, affected individuals and for breaches affecting more than 500 individuals.
Under the HIPAA Security Rule, covered entities must conduct documented risk assessments to evaluate and monitor their electronic personal health information (EPHI) and associated systems for potential breaches and other threats that expose EPHA to unauthorized use, access, disclosure, destruction or other compromise.
To fulfill this requirement, the Security Rule requires covered entities and business associates to conduct documented risk assessments impacting their EPHI and to update these risk assessments in response to internal or external events impacting the adequacy of their risk assessments or security safeguards.
While the responsibility of covered entities and business associates to protect EPHI against unauthorized use, access and disclosure from cybercriminals and others receives the most attention, the Security Rule also includes often less discussed responsibility to protect EPHI and related operating systems against destruction or other disruptions from a wide range of threats including ransomware attacks.
OCR guidance makes clear that OCR views safeguarding EPHI against ransomware and other cybersecurity threats as encompassed in this duty. As part of these efforts, OCR and other cybersecurity agencies have recommended among other things that covered entities and business associates:
Routinely take inventory of assets and data to identify authorized and unauthorized devices and software;
Prioritize remediation of known exploited vulnerabilities’
Enable and enforce multifactor authentication with strong passwords;
Close unused ports and remove applications not deemed necessary for day-to-day operations.
Furthermore, when a breach of results in an unauthorized use, access, disclosure or destruction of EPHI, the HIPAA Breach Notification Rule requires covered entities and their business associates to provide timely notification of the breach to subjects of the breached EPHI and OCR, and if the breach affects more than 500 subjects, to the media. Concurrently, the HIPAA Security Rule requires health plans and other covered entities to evaluate through documented risk assessments and take appropriate timely action to update their EPHI security as necessary to respond to breaches, potential breaches and other evolving threats to their EPHI and related systems.
On March 13, 2024, the Office of Civil Rights (OCR) released a “Dear Colleague letter” that warns the February 21, 2024 CH/UHG data breach is likely to trigger HIPAA obligations and investigations for Choice Health and UHG as well as other HIPAA-covered health plans, heath care providers, heath care clearinghouses and business associates. While stating the investigation currently focuses on Change Healthcare and UHC, for instance, the Dear Colleague Letter warns that OCR anticipates that its response to the February 21, 2024 CH/UHG Attack eventually also will include “secondary” investigations of other health plans, health care providers, health care clearinghouses and business associates “tied to or impacted by this attack.”
In light of these anticipated secondary investigations, OCR’s Dear Colleague letter warns health plans, health care providers, health care clearinghouses, business associates to ensure they timely and properly handle their own potential HIPAA responsibilities arising from the CH/UHG Attack. The Dear Colleague letter expressly alerts health plans, health care providers and other covered entities and business associates “that have partnered with Change Healthcare and UHG” in anticipation of OCR’s expected secondary investigations to ensure that their own ability to demonstrate their organization meet all required HIPAA responsibilities including that:
All required “business associate agreements are in place;
All required breach notifications are provided to HHS, affected persons and in the event of a large breach affecting more than 500 individuals, to the media; and
All security and other HIPAA responsibilities are met.
The Dear Colleague Letter also directed covered entities and their business associates to the following previously released OCR resources for assistance in understanding their responsibilities for guarding EPHI against ransomware and other cybersecurity threats:
The OCR HIPAA Security Rule Guidance Material webpage;
OCR Video on How the HIPAA Security Rule Protects Against Cyberattacks;
OCR Webinar on HIPAA Security Rule Risk Analysis Requirement;
HHS Security Risk Assessment Tool;
Factsheet: Ransomware and HIPAA; and
Healthcare and Public Health (HPH) Cybersecurity Performance Goals.
Standing alone, the Dear Colleague Letter makes clear that all covered entities partnered with or impacted by disruptions from the CH/UHG attack need to take documented steps to reevaluate and tighten the adequacy of their existing security safeguards as well as their processes for monitoring and responding to evolving ransomware and other cybersecurity threats in anticipation of becoming the target of potential “secondary” OCR investigations arising from the CH/UHG Attack.
While the Dear Colleague Letter specifically references covered entities and business associates “partnered” with Choice Health, OCR’s previously issued guidance warning all covered entities and their business associates to safeguard their EPHI against ransomware and other cybersecurity threats, strongly suggest that all covered entities and business associates should consider the advisability of reevaluating the adequacy of their own EPHI safeguards in light of the heightened ransomware and other cyber threat illustrated by the CH/UHG Attack. Consequently, all covered entities and business associates partnered with or impacted by the CH/UHG Attack or its resulting distributions specifically, as well as covered entities and business associates generally should work with experienced legal counsel to conduct documented risk assessments of their systems, exposures, responsibilities and risks taking into account these developments as soon as possible in anticipation of complaint or audit driven investigations arising from the Choice Health and other malware events and threats.
ERISA-Covered Health Plan Data Security & Breach Related Fiduciary Duties
In addition to any applicable HIPAA responsibilities, fiduciaries and sponsors of employer or union sponsored health plans subject to the Employee Retirement Income Security Act (ERISA) also should consider whether the CH/UHG Attack or the heightened ransomware and other cyber security threats any additional actions are prudently necessary to protect the health plan data, assets or operations.
ERISA generally requires individuals or entities named as fiduciaries or otherwise possessing functional discretionary authority or responsibility or authority over a plan or its assets (fiduciaries) to act prudently to protect and administer the plan and its assets. Department of Labor Employee Benefit Security Administration (EBSA) guidance published in April, 2021 first officially confirmed its interpretation of ERISA’s duty of prudence as including a duty to utilize prudent cybersecurity safeguards. Since EBSA published this cybersecurity guidance EBSA also has also added cybersecurity inquiries to its plan fiduciary audits. As a result, in addition to complying with HIPAA, ERISA-covered health plan fiduciaries and sponsors also should be prepared to demonstrate plan fiduciaries acted prudently to comply with HIPAA as well as the following actions to safeguard health and other employee benefit plan data and systems against cybersecurity threats:
Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with strong cybersecurity practices and monitor their activities, as ERISA requires.
Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts online basic rules to reduce the risk of fraud and loss.
In light of this OCR and EBSA guidance, health plan sponsors, fiduciaries and vendors and other HIPAA covered entities and business associates are urged to take documented steps to audit and strengthen as needed their safeguards against hacking and other cybersecurity threats including:
In the case of any health plan or health plan vendor, taking well documented steps to assess and tighten as necessary their health plan systems and data security to meet or exceed the recommendation outlined in the EBSA cybersecurity guidance or otherwise necessary to prudently guard their plans and plan data and systems against cybersecurity threats.
Reviewing and monitoring on a documented, ongoing basis the adequacy and susceptibilities of existing practices, policies, safeguards of their own organizations, as well as their business associates and their vendors within the scope of attorney-client privilege taking into consideration data available from OCR, data regarding known or potential susceptibilities within their own operations as well as in the media, and other developments to determine if additional steps are necessary or advisable.
Updating policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility.
Renegotiating and enhancing service provider agreements to detail the specific compliance, audit, oversight and reporting rights, workforce and vendor credentialing and access control, indemnification, insurance, cooperation and other rights and responsibilities of all entities and individuals that use, access or disclose, or provide systems, software or other services or tools that could impact on security; to clarify the respective rights, procedures and responsibilities of each party in regards to compliance audits, investigation, breach reporting, and mitigation; and other relevant matters.
Verifying and tightening technological and other tracking, documentation and safeguards and controls to the use, access and disclosure of protected health information and systems.
Conducting well-documented training as necessary to ensure that members of the workforce of each covered entity and business associate understand and are prepared to comply with the expanded requirements of HIPAA, understand their responsibilities and appropriate procedures for reporting and investigating potential breaches or other compliance concerns, and understand as well as are prepared to follow appropriate procedures for reporting and responding to suspected violations or other indicia of potential security concerns.
Tracking and reviewing on a systemized, well-documented basis actual and near miss security threats to evaluate, document decision-making and make timely adjustments to policies, practices, training, safeguards and other compliance components as necessary to identify and resolve risks.
Establishing and providing well-documented monitoring of compliance that includes board level oversight and reporting at least quarterly and sooner in response to potential threat indicators.
Establishing and providing well-documented timely investigation and redress of reported violations or other compliance concerns.
Establishing contingency plans for responding in the event of a breach.
Establishing a well-documented process for monitoring and updating policies, practices and other efforts in response to changes in risks, practices and requirements.
Preparing and maintaining a well-documented record of compliance, risk, investigation and other security activities.
Pursuing other appropriate strategies to enhance the covered entity’s ability to demonstrate its compliance commitment both on paper and in operation.
Because susceptibilities in systems, software and other vendors of business associates, covered entities and their business associates should use care to assess and manage business associate and other vendor associated risks and compliance as well as tighten business associate and other service agreements to promote the improved cooperation, coordination, management and oversight required to comply with the new breach notification and other HIPAA requirements by specifically mapping out these details.
Furthermore, while the preemption provisions of ERISA generally insulate health plans and their sponsors from responsibility or liability for complying with state insurance, data security, breach notification or other state law cybersecurity and cyber breach and breach notification laws and rules, health insurers and other health plan service providers generally remain subject to these state law requirements. Consequently, health insurers, administrative service providers and other health plan vendors also should act promptly to evaluate and ensure their fulfillment of all applicable cybersecurity and data breach mandates under relevant state law.
Leaders of covered entities or their business associates also are cautioned that while HIPAA itself does not generally create any private right of action for victims of breach under HIPAA, breaches may create substantial liability for their organizations or increasingly, organizational leaders under state data privacy and breach, negligence or other statutory or common laws. In addition, physicians and other licensed parties may face professional discipline or other professional liability for breaches violating statutory or ethical standards. Meanwhile, the Securities and Exchange Commission has indicated that it plans to pursue enforcement against leaders of public health care or other companies that fail to use appropriate care to ensure their organizations comply with privacy and data security obligations and the Employee Benefit Security Administration recently has issued guidance recognizing prudent data security practices as part of the fiduciary obligations of health plans and their fiduciaries.
Finally, health plans and other covered entities are reminded that appropriate strategic planning and use of attorney-client privilege and other evidentiary tools can critically impact the defensibility of pre-breach, breach investigation and post-breach investigation and decision-making. Because HIPAA, EBSA and other rules typically require prompt investigation and response to known or suspected hacking or other cybersecurity threats, health plans and other covered entities or business associates should seek the assistance of experienced legal counsel to advise and assist in these activities to understand the potential availability and proper use of these and other evidentiary rules as part of the compliance planning process as well as to prepare for appropriate use in the event of a known or suspected incident to avoid unintentional compromise of these protections.
ERISA & Other Risks From Untimely Timely Acceptance & Processing of Health Plan Eligibility & Benefit Provisions
Since Change Health shut down its tools and systems CH/UHG Attack has created and continues to cause nationwide disruptions in the ability of pharmacy, physician and other health care providers to submit, and health plans and insurers to receive and process a wide range of health care billing, claims and other transactions because of the widespread integration and use of Choice Health tools in systems health care providers and payers use for the submission, receipt, and processing of health care provider eligibility, billing and other health benefits.
Along with the liabilities and headaches that the ransomware attack and resulting disruptions create for Choice Healthcare and UHG, delays and other disruptions in the handling of health benefit eligibility, claims processing, notifications and payment by health plans and their administrative services providers arising from can create a host of additional liability headaches health plans, health insurers, their fiduciaries and administrative services providers in addition to those arising directly from the HIPAA and other cybersecurity breach itself.
For ERISA-covered health plans, ERISA generally holds health plans and their fiduciaries accountable for the prudent, timely administration of health plan eligibility, claims and other administrative functions in accordance with the terms of the plan and within the applicable time frames and other requirements of ERISA’s reasonable claims procedure and adverse benefit determination rules. Health plans and their ERISA plan administrators generally must receive and process claims transactions required by the adverse claim determination regulations and provide participants or beneficiaries with detailed written notifications for any claims not processed and paid within the relevant 72-hour, 15-day or 30-day time period specified by the adverse claim determination rules. Noncompliance with these requirements both undermines the defensibility of the health plan’s denial of coverage and subjects the plan administrator to liability for EBSA penalties and/or discretionary awards of penalties plus attorneys’ fees and other costs of enforcement to plan participants or beneficiaries for failures to deliver timely notification of the denial. To the extent that EBSA or a court determines that the failure to timely and appropriately process and pay benefits resulted from a lack of prudence or other breach of ERISA fiduciary duties, fiduciaries are at risk for incurring personal liability for actual damages to the plan or its participants plus attorneys’ fees and other costs of enforcement; EBSA penalties for engaging in a breach of fiduciary duty under ERISA section 502(l); or both.
Beyond these ERISA-related risks, delays in processing and payment of health care provider claims also create potential additional liability for health insurers, health plans and their administrators to the extent the disruptions prevent the timely payment and processing of health benefit claims in violation of health care provider rights under managed care or other provider contracts, prompt pay and surprise billing or other provider legal rights. Unlike member claims assigned to providers, ERISA generally does not preempt these nonderivative provider rights and claims or the additional state law damages, penalties or other remedies arising under state law against health insurers, health plans and plan administrators found to violate these rules. Consequently, delays in payments to providers also could substantially increase the costs and liabilities that health insurers, health plans, their fiduciaries, administrators, and employers and other sponsors obligated under the plan terms or vendor contracts to pay these costs.
In light of these and other potential risks, health insurers and health plans, their employer, union and other sponsors, fiduciaries, administrative services providers and other vendors should act quickly to investigate and ensure proper management of the fallout from the CH/UHG Attack and the heightened ransomware and other cybersecurity threats it represents.
Along with working with qualified legal counsel to address the potential HIPAA, ERISA and other responsibilities the health plan or insurer, its fiduciaries, service providers and sponsor bear from the CH/UHG Attack and other cyber risks, most parties also will want to evaluate obligations to notify cybersecurity and other liability insurers, seek indemnification from Choice Healthcare, UHG or other potentially culpable parties and evaluate other sensitive data and strategies for mitigation of their health plan and their own resulting liabilities, costs and other consequences.
If you need have questions or need assistance with this or other cybersecurity, health, benefit, payroll, investment or other data, systems or other privacy or security related risk management, compliance, enforcement or management concerns, to inquire about arranging for compliance audit or training, or need legal representation on other matters, contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
About the Author
Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Laws Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Health plans, health care providers and health care clearinghouses (“Covered Entities”) treat the Department of Health and Human Service Office of Civil Right (“OCR”) announcement of its 46th enforcement action under the Health Insurance Portability & Accountability Act (“HIPAA”) Right of Access Rule as a warning to confirm their own organization’s timely delivery of records and other compliance with the Rule. Coupled with OCR’s Right of Access Rule settlement agreement with United Health Insurance Group last August, the latest settlement agreement sends a strong message to health plans and other Covered Entities about the risks of failing to deliver protected health information as required by the Right of Access Rule.
HIPAA Right of Access Rule
The HIPAA Right of Access Rule guarantees individuals the right to access a broad array of health information about themselves maintained by or for health plans and other Covered Entities. Under the Right of Access Rule, Covered Entities generally must provide individuals or their personal representatives copies or other acceptable access to the individual’s protected health information in a Covered Entity’s “designated record set” for a reasonable cost as soon as possible and within 30 days of receiving a request for a reasonable cost. However, the Right of Access Rule does not grant any right for an individual to access protected health information that is not part of a designated record set because the information is not used to make decisions about individuals.
The request for protected health information triggering the duty for a Covered Entity to provide access to the protected health information may come from the individual who is the subject of the protected health information or from the “personal representative” of that individual. When considering a request for protected health information from an individual other than the subject of the protected health information, health plans and other Covered Entities also must use care to verify that the requesting party, in fact, qualifies as the individual’s “personal representative” as defined for purposes of HIPAA.
Once a health plan or other Covered Entity receives a request protected health information from the individual or his personal representative, the Right of Access Rule requires the Covered Entity to provide access to all requested protected health information within any “designated record set” within 30 days unless the requested information falls within one of two exceptions to the Rule.
For this purpose, a “designated record set” generally is defined at 45 CFR 164.501 as any item, collection, or grouping of information that includes protected health information that is maintained, collected, used, or disseminated by or for a Covered Entity that comprises the:
Medical records and billing records about individuals maintained by or for a covered health care provider;
Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
Other records that are used, in whole or in part, by or for the covered entity to make decisions about individuals. This last category includes records that are used to make decisions about any individuals, whether or not the records have been used to make a decision about the particular individual requesting access.
However, the Right of Access Rule only requires the delivery of protected health information that is part of a designated record set. It does not require health plans or other Covered Entities to provide protected health information that the Covered Entity does not use to make decisions about the individual, since this information is not considered part of a designated record set. Examples of such records of protected health information might include protected health information in certain quality assessment or improvement records, patient safety activity records, or business planning, development, and management records the Covered Entity uses for business decisions more generally rather than to make decisions about the subject individual. Before refusing to provide information not part of a designated record set, however, the health plan or other Covered Entity does not also use or possess that information for making decisions about the subject individual or that disclosure is not otherwise required under another law. For example, even if the Right of Access Rule does not require disclosure of protected health information because it is not considered part of a designated record set, a health plan still be required to disclose the record if required by the adverse benefit determination rules of the Patient Protection and Affordable Care Act (“ACA”), claims and appeals rules of the Employee Retirement Income Security Act or other applicable law, regulation or another law.
Even where the information falls within the definition of a designated record set, however, HIPAA expressly excludes two categories of information from the Right of Access right:
Psychotherapy notes, which are the personal notes of a mental health care provider documenting or analyzing the contents of a counseling session maintained separately from the rest of the patient’s medical record as described in 45 CFR 164.524(a)(1)(i) and 164.501.
Information complied in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding described under 45 CFR 164.524(a)(1)(ii).
However, it is critical that Covered Entities not overestimate the reach of either of these two exceptions. The exception only applies to the narrow range of records meeting the requirements of the exception. The underlying protected health information from the individual’s medical or payment records or other records used to generate the above types of excluded records or information remains part of the designated record set and is subject to access by the individual under the Right of Access Rule. Providers and other Covered Entities should use care to comply with the Right of Access Rule without providing more information than allowed as HIPAA liability can arise from failing to timely deliver access to all protected health information required by the Right of Access Rule or from sharing protected health information with an individual who is not either the individual or personal representative when the disclosure otherwise is not allowed by HIPAA To help negotiate these requirements, Covered Entities should become familiar with and process all requests for protected health information following the latest Right of Access Rule guidance. When in doubt, Covered Entities should seek the advice of experienced legal counsel within the scope of attorney-client privilege about proper fulfillment of their obligations under the Right of Access Rule in coordination with any other applicable responsibilities the Covered Entities has to provide access, disclose, or prevent disclosure of the requested information under otherwise applicable federal or states laws and regulations, ethical or other professional standards, contractual or other medical, insurance, financial, employee benefit or other rules relating to the requested records.
Optum Settlement 46th Right Of Access Enforcement Settlement
The Optum settlement resulted from OCR’s investigation of six complaints in the Fall of 2021 that Optum violated the Right of Access Rule by failing to provide timely access to medical records when requested by an adult patient or by the parents of minor patients.
In February 2022, OCR initiated investigations of these Right of Access complaints. The investigation revealed that patients received their requested records between 84 and 231 days after submitting their respective requests. Since the Right of Access Rule requires that Covered Entities deliver the records no later than 30 days from receiving the individual’s requests, those timeframes fell well outside of the deadline for delivery required by the HIPAA Right of Access Rule. Accordingly, OCR concluded that Optum’s failure to provide timely access to the requested medical records was a potential violation of HIPAA.
Under the Resolution Agreement reached with Optum, Optum agreed to pay $160,000 to OCR as well as implement a corrective action plan that requires workforce training, reporting records requests to OCR, and reviewing and revising as necessary its right of access policies and procedures to provide timely responses to requests. Under the plan, OCR will monitor Optum Medical Care for one year.
Right Of Access Remains OCR Investigation & Enforcement Priority
While health care providers are the most common target of OCR’s Right Of Access complaints and enforcement, OCR’s August, 2023 Right of Access settlement against United Health Insurance Group (“UHIG”) confirms health plans also are targets. That settlement arose from OCR’s investigation of a March 2021 complaint alleging that UHIC did not respond to an individual’s request for a copy of their medical record. The investigation showed the individual first requested a copy of their records on January 7, 2021, but did not receive the records until July 2021, after OCR initiated its investigation. Movrover, the March, 2021 complaint was the third complaint OCR received from the complainant against UHIC alleging failures to respond to his right of access. These findings led OCR to conclude UHIC’s failure to provide timely access to the requested medical records was a potential violation of the HIPAA right of access provision. In OCR’s announcement of UHIG’s agreement to pay $80,000 to resolve these potential charges, OCR Director, Melanie Fontes Rainer warned, “Health insurers are not exempt from the right of access and must ensure that they are taking steps to train their workforce to ensure that they are doing all they can to help members’ access to health information.” See, UnitedHealthcare Pays $80,000 Settlement to HHS to Resolve HIPAA Matter over Patient Medical Records Request.
Manage Right of Access Rule Exposure
Despite OCR’s warnings about the responsibility to comply with the Right of Access Rule, many health plans and other Covered Entities continue to violate the Rule. OCR has and continues to receive thousands of Right of Access Rule complaints each year. In response to these persistent compliance issues, OCR continues to make enforcement of the Right of Access Rule a key enforcement priority through its Right Of Access Initiative.
In light of OCR’s commitment to continue to investigate and enforce compliance with the Right of Access Rule, health care providers and other Covered Entities and their business associates are urged to review their existing practices for receiving and processing patient record requests to confirm their own organizations’ compliance with the Right of Access Rule and other applicable federal and state statutory regulatory and contractual requirements. To reduce risks of violations, all health care providers and other Covered Entities should seek assistance from experienced legal counsel within the scope of attorney-client privilege to audit their past and current Right of Access Rule compliance for any necessary or advisable steps to prevent future violations and mitigate potential liabilities arising from potential past or future violations of the Right of Access Rule. Aside from confirming documented timely responses to past requests for protected health information, among other things, most Covered Entities will want to consider:
Verifying that their current policies, privacy practices notices, training and other materials are updated to comply with all applicable policies and properly identify and provide current contact information for the Privacy Officer or other party responsible for receiving and responding to protected health information requests;
Appropriate procedures are in place to ensure that the Covered Entity can produce required documentation showing the individuals are appropriately notified of the Right of Access and other HIPAA rules, and that the Covered Entity captures the necessary documentation to show its receipt of all requests, and timely investigation and response to such requests;
Appropriate and documented processes for collecting, investigating, or resolving any potential concerns, complaints, or other issues, their evaluation, and resolution;
Appropriate workforce, business associates, and other policies, training, oversight, and enforcement to require and enforce compliance with applicable laws and policies; and
Appropriate processes, procedures, and training to ensure that staff fully understands and complies with both the specific processes and procedures of the Covered Entity for complying with the Right of Access Rule, as well as related procedures necessary to manage risks and responsibilities arising under verification of identity, personal representative, disclosure, recordkeeping or other HIPAA’ rules; medical, insurance, financial, or other data or privacy; licensure and market conduct; civil rights and nondiscrimination; fiduciary; licensure; marketing or other rules.
Aside from the direct exposures for these and other HIPAA violations arising under HIPAA, health plans, their fiduciaries, insurers, plan sponsors and administrators should keep in mind that the Employee Benefit Security Administration views potential data breaches and other HIPAA violations as a potential source of fiduciary liability under the Employee Retirement Income Security Act.
While involving outside consultants or other service providers generally is valuable if not required to conduct some of these tasks, Covered Entities are encouraged to use experienced outside legal counsel to help plan, conduct, evaluate and decide, and implement responses to findings from these compliance and risk management activities both to benefit from legal counsel’s substantive legal expertise and experience and to take advantage of the opportunity to conduct sensitive discussions within the protection of attorney-client privilege or other evidentiary rules. Experienced outside legal counsel can guide Covered Entities about the best way to work with consulting and other vendors to maximize these benefits. Where legal advice is provided to health plan fiduciaries, health plans, their fiduciaries, insurers, sponsors, and service providers also should keep in mind that advice and work product performed on behalf of a health plan or plan fiduciary may not enjoy the same protection against discovery under attorney-client privilege and work product rules.
For More Information
We hope this update is helpful. For more information about these or other health or other legal, management, or public policy developments, please get in touch with the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Author of a multitude of highly regarded publications on HIPAA and other medical record and data privacy and scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here, such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
$115 is the fee that health plans participating in the Independent Dispute Resolution (“IDR”) process required by the No Surprises Act (the “NSA”) to resolve disputes with health care providers, facilities, and providers of air ambulance services (“providers”) over the amount the health plan will pay the provider for out-of-network health care or items for because the health plan and provider cannot reach agreement about the appropriate amount outside the IDR process will be required to pay disputes initiated on or after February 21, 2023 under a new final rule scheduled for publication by the of Health and Human Services (“HHS”), Labor (“DOL”) and Treasury (“Treasury”) (collectively the “Departments”) on December 21, 2023.
The Departments establishment of the IDR fee for post-February 20, 2025 disputes and their previous December 15, 2023 announcement of the full reopening of the IDR portal for all dispute categories are part of the Departments’ ongoing response to the August 3, 2023 Federal District court ruling in Texas Medical Association, et al. v. U.S. Department of Health & Human Services, et al., No. 6:23-cv-00059-JDK (TMA IV), which vacated portions of the previous guidance that the Departments previously adopted to establish the IDR process and the administrative fee amount for the Federal IDR process for disputes initiated during the calendar year beginning January 1, 2023.
Post February 22, 2024 IDR Fees
On December 18, 2023, the Departments released an advance copy of the final rule (the “Rule”) setting the fees the NSA requires both the health plan or issuer and a health care provider, facility, or air ambulance services provider (the “parties”) when the parties must use the NSA Federal Independent Dispute Resolution (IDR) process to set the amount a health plan must pay the provider for out-of-network medical care or items because the plan and provider cannot agree on an appropriate payment amount for disputes initiated on or after the date the Rule is published in the Federal Register. Since the Rule is scheduled for publication in the Federal Register on December 21, 2023, the new fee will apply to disputes initiated after February 20, 2023.
In response to the TMA IV ruling, the Rule amends existing regulations to provide that the Departments going forward will determine the administrative fee charged by the Departments to participate in the Federal IDR process, and the ranges for certified IDR entity fees for single and batched determinations, through annual notice and comment rulemaking, rather than in guidance published annually. The preamble to the final rule also sets forth the methodology used to calculate the administrative fee and the considerations used to develop the certified IDR entity fee ranges.
Following this new process, the Rule also finalizes an administrative fee amount of $115 per party and finalizes a certified IDR entity fee range of $200-$840 for single determinations and $268-$1,173 for batched determinations for disputes initiated on or after February 21, 2023.
Interested parties can review the Rule here and the Departments Fact Sheet on the Rule here.
IDR Portal Reopened December 15, 2023
The Rule establishing the IDR fee for disputes initiated after February 20, 2024 follows the Departments’ December 15, 2023 announcement of their reopening of the IDR portal for processing all health benefit disputes covered by the NSA between providers and payers.
As part of its provisions to protect patients from “surprise bills” or out-of-network services covered by the NSA, the NSA establishes rules and procedures for providers and payers to determine the appropriate out-of-network payment rate for out-of-network services received by patients enrolled in covered payer programs. Where payers and providers cannot agree about the appropriate payment rate using other NSA procedures, the IDR portal is the online system established under the NSA for disputing payers and health care providers arrange for a certified IDR entity to resolve disagreements about the appropriate out-of-network payment rate for items and services subject to the surprise billing protections in the NSA through a process in which the certified IDR entity reviews offers made by each disputing party along with supporting information about the dispute. Once established under the NSA, payers are required to pay providers the appropriate payment rate for the covered out-of-network services provided to the member patient and the provider is prohibited from balance billing charges in excess of the appropriate payment rate for those services. The Departments previously suspended the operation of the IDR portal earlier this year after a federal court ruled that rules adopted by the Departments implementing the NSA violated the NSA.
In connection with the reopening of the IDR Portal, the Departments also announced the following extensions of the applicable IDR deadlines for the initiation of new batched disputes and new single disputes involving air ambulance services, resubmission of disputes determined by certified IDR entities to be improperly batched, and selection or reselection of a certified IDR entity.
Parties for whom the IDR initiation deadline under applicable regulations fell on any date between August 3, 2023 and December 15, 2023 will have until the 20th business day after the Federal IDR portal reopens, which is January 16, 2024, to initiate a new batched dispute or a new single dispute involving air ambulance services. Parties for whom the IDR initiation deadline falls between December 16, 2023 and January 15, 2024 will also have until January 16, 2024 to initiate a batched or air ambulance dispute. Parties whose initiation deadline falls on January 16, 2024 or after will have the usual 4 business days after the end of the Open Negotiation Period, or if the dispute is subject to the 90-calendar-day suspension period following a payment determination, the usual 30 business day period, to initiate a batched or air ambulance dispute in the Federal IDR portal.
For batched disputes and single disputes involving air ambulance services initiated under extensions of deadlines after the Federal IDR portal reopens, the deadline for the parties to jointly select a certified IDR entity will be 10 business days after initiation.
For disputing parties that were engaged in certified IDR entity selection for batched disputes when the Federal IDR portal temporarily closed, the deadline for parties to jointly select a certified IDR entity will be 10 business days after the Federal IDR portal reopens, which is December 29, 2023.
An initiating party that has received a notification from a certified IDR entity that a dispute initiated before August 3, 2023 was improperly batched will have one opportunity to resubmit the improperly batched items and services for reconsideration within 10 business days of being notified by the certified IDR entity, provided that the initiating party’s 4-business-day period to resubmit the batched dispute expired between August 3 and August 9, 2023.
The deadline to submit fees and offers will remain 10 business days after certified IDR entity selection.
Disputing parties with batched disputes that were impacted by the temporary suspension of use of the notice of offer form will be granted an additional 10 business days to submit offers, as communicated to impacted disputing parties by email from the Federal IDR Inbox.
The deadline extensions announced December 15, 2023 supplement extensions the Departments previously announced in November, 2023. On November 22, 2023, the Departments used their statutory authority (Internal Revenue Code Section 9816(c)(9), ERISA Section 716(c)(9), and PHS Act Section 2799A-1(c)(9)) to grant extensions in the following circumstances:
Disputing parties may request additional time, beyond the current business day deadline, to respond to the certified IDR entity’s requests for additional information. The Departments instructed certified IDR entities to grant such requests through January 16, 2024.
Certified IDR entities may provide parties, upon request, an additional 10 business days after the original offer deadline to submit an offer. Certified IDR entities may provide parties this additional time, as needed, through January 16, 2024.
On November 29, 2023, the Departments also announced another extension of the timeline for disputing parties to select a certified IDR entity. Under this extension, disputing parties will have 10 business days to select a certified IDR entity for all disputes through January 16, 2024. This extension will be provided automatically and does not require a request by disputing parties.
The Departments already announced the November 22, 2023 and November 29, 2023 extensions until January 16, 2023 for new single and bundled disputes and these extensions will persist for all disputes until January 16, 2023.
In connection with their full reopening of the IDR portal, the Departments renewed prior reminders to parties accessing or using the IDR portal to clear their computer’s cache or open the Federal IDR initiation web forms in a private or incognito window to see all the new features at least once a week to ensure access to the most up-to-date version of the initiation form as the Departments continue to implement Federal IDR web forms to accommodate guidance-related and system enhancements. Users failing to follow this recommendation risk additional follow-up with certified IDR entities or system errors.
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and Vice-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on heath benefit and other healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and educational purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstances at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author and Solutions Law Press, Inc.™ reserve the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules make it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc.™ disclaim, and have no responsibility to provide any update or otherwise notify anyone of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication. Readers acknowledge and agree to the conditions of this Notice as a condition of their access to this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
A newly-announced settlement agreement and corrective action plan (the “Settlement”) between a prominent New York academic medical center and the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (“OCR”) arising from disclosures and access allowed a reporter covering the COVID-19 pandemic warns health care providers, health plans, healthcare clearinghouses (“covered entities”), their business associates and workforce members (collectively, “HIPAA entities”) to prevent their organizations and workforce members not to share protected health information (“PHI”) or allow reporters or other media to access patients or PHI without first obtaining the legally required patient authorizations as well as evaluate their own organization’s potential exposure to OCR enforcement from known or suspected unauthorized disclosures of PHI by their own organizations or workforce during the COVID-19 pandemic or other events over the past two years.
While the Settlement involved a health care providers, health plans and other HIPAA entities also are subject to the same HIPAA requirements to prevent unauthorized photography, videos, or other sharing or disclosure of participant or other PHI to media in interviews or other media interactions or by workforce members, business associates or other third parties. Furthermore, since the Employee Benefit Security Administration now views HIPAA compliance and other prudent steps to protect PHI and other sensitive health information as part of fiduciaries and plan administrator’s ERISA compliance obligations, the management of these and other HIPAA obligations also is critical to ERISA compliance. Accordingly, health plans and their fiduciaries, administrators, and sponsors should confirm their continued compliance in light of the insights provided by the Settlement and related OCR guidance.
HIPAA-Compliant Authorization Required Before Media Access To Patients Or Patient Information
The HIPAA Privacy Rule prohibits SJMC and other HIPAA entities from disclosing any patient’s PHI unless::
The individual who is the subject of the information (or the individual’s personal representative) authorizes the disclosure in writing in the form required by the Privacy Rule; or
The Privacy Rule otherwise expressly permits or requires the disclosure.
OCR guidance makes clear that these prohibitions continue to apply when health care providers or other HIPAA entities are dealing with have print, television, or other media reporters.
SJMC Settlement
The Settlement between OCR and St. Joseph’s Medical Center (“SJMC”) resolves potential OCR charges that SJMC violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule by allowing an Associated Press (“AP”) reporter to access, photograph, and review clinical information of three COVID-19 patients without appropriate HIPAA authorization. Although the dated documents governing the Settlement reflect the parties reached the Settlement Agreement in August, OCR only made the Settlement public on November 20, 2023.
The OCR investigation that prompted the settlement began shortly an AP article about SJMC’s response to the COVID-19 public health emergency containing photographs and information about three COVID-19 patients came to OCR’s attention. The nationally distributed article included pictures of the three patients as well as details about the patients’ COVID-19 diagnoses, current medical statuses and medical prognoses, vital signs, treatment plans, and other PHI.
OCR determined from the investigation that SJMC allowed the AP reporter to observe and access clinical information of three patients receiving treatment for COVID on April 20, 2020 without first obtaining the necessary patient authorization required by HIPAA and that the disclosures were not otherwise allowed by any other exception to the Privacy Rule.
To avoid potentially much larger civil monetary penalties authorized by HIPAA, SHMC entered into the Settlement under which it agreed to pay $80,000 to OCR and agreed to develop written policies and procedures and train its workforce to comply with the HIPAA Privacy Rule. Under the Settlement, OCR also will monitor SHMC’s HIPAA compliance for two years.
Prior OCR Enforcement & Guidance Warned HIPAA Entities About Media Disclosures
OCR guidance and enforcement actions alerted SJMC and other HIPAA entities of their HIPAA responsibility not to disclose or allow access by the media or other third parties long before SJMC allowed the media access and disclosures that resulted in the new Settlement.
2013 Shasta Regional Medical Center Enforcement
Shasta Regional Medical Center (“SRMC”) holds the distinction of being the first covered entity punished for wrongfully disclosing PHI to the media. Under a resolution agreement OCR announced on June 14, 2013, OCR required SRMC to pay OCR $275,000 and implement a series of corrective actions for using and disclosing to the media PHI of a patient while trying to perform public relations damage control against accusations reported in the media that SRMC had engaged in fraud or other misconduct when dealing with the patient. That SRMC resolution Agreement followed an OCR investigating a January 4, 2012 Los Angeles Times article report that two SRMC senior leaders had met with media to discuss medical services provided to a patient. OCR’s investigation indicated that SRMC failed to safeguard the patient’s PHI from impermissible disclosure by intentionally disclosing PHI to multiple media outlets on at least three separate occasions, without a valid written authorization. OCR’s review also revealed senior management at SRMC impermissibly shared details about the patient’s medical condition, diagnosis and treatment in an email to the entire workforce. Further, SRMC failed to sanction its workforce members for impermissibly disclosing the patient’s records pursuant to its internal sanctions policy.
2016 NY-Presby Resolution Agreement & OCR Media Guidance
OCR’s next warnings to covered entities about their HIPAA responsibilities when dealing with the media came in 2016, when OCR concurrently announced a $2.2 million settlement with New York-Presbyterian Hospital and published its 2016 Frequently Asked Question (“Media FAQ”) addressing the obligation to comply with HI)PAA when dealing with the media.
According to the NY-Presby Resolution Agreement, OCR’s investigation revealed that NY-Presbyterian “blatantly” violated HIPAA when it allowed ABC film crews and staff virtually unfettered access to its health care facility. OCR says the access NY-Presbyterian allowed ABC effectively created an environment where patients PHI could not be protected from impermissible disclosure to the ABC film crew and staff filming the episode. While the Resolution Agreement reflects allowing the filming and other access to ABC without prior HIPAA-compliant authorization from patients in the facility itself violated HIPAA, OCR also particularly found “egregious” the facility allowing ABC film crews and staff to film a dying patient and another patient in significant distress without first obtaining a HIPAA-compliant authorization from each of those patients and even more so that NY-Presbyterian failed stop the filming even after a medical professional urged the crew to stop.
Based on its investigation, OCR charged NY-Presbyterian with violating 45 C.F.R. §§ 164.502(a) and 164.530(c) by:
Impermissibly disclosing the PHI of two identified patients to the film crew and other staff of “NY Med;”
Failing appropriately and reasonably to safeguard its patients’ PHI from disclosure during the filming of “NY Med” on its premises; and
Failing to implement policies, procedures, and practices to protect the privacy of the filming of the television show.
OCR collected $2.2 million from New York-Presbyterian Hospital as the required settlement payment under that resolution agreement.
2016 Media FAQ Guidance
Coincident with its announcement of the NYPH Settlement, OCR published the 2016 Media FAQ addressing HIPAA entities’ responsibilities when dealing with the media that outlined its interpretation of HIPAA as requiring HIPAA entities to protect patients and their PHI against unauthorized filming, photography, observation, and other access by news or other media or even other staff, patients or visitors.
Among other things, the Media FAQ states that HIPAA prohibits health care providers and other HIPAA entities from inviting or allowing media personnel into treatment or other areas where patients or patient PHI will be accessible in written, electronic, oral, or other visual or audio form, or otherwise making PHI accessible to the media without prior written authorization from each patient or other subject of the PHI who is or will be in the area or whose PHI otherwise will be accessible to the media except in a very limited set of circumstances set forth in the Media FAQ.
The Media FAQ also states, “It is not sufficient for a health care provider to request or require media personnel to mask the identities of patients (using techniques such as blurring, pixelation, or voice alteration software) for whom authorization was not obtained, because the HIPAA Privacy Rule does not allow media access to the patient’s PHI, absent an authorization, in the first place.
In addition, the Media FAQ states that a health care provider also must ensure that reasonable safeguards are in place to protect against impermissible disclosures or to limit incidental disclosures of other PHI that may be in the area but for which authorization has not been obtained.
Concerning the limited circumstances when a health care provider or other HIPAA entity or business associate may disclose to the media or allow unconsented filming, photographing or use of PHI to the media or other film crews, the Media FAQ also clarifies that the HIPAA Privacy Rule does not require health care providers to prevent members of the media from entering areas of their facilities that are otherwise generally accessible to the public like public waiting areas or areas where the public enters or exits the facility.
In addition, the Media FAQ states a health care provider or other HIPAA entity may:
Disclose limited PHI about the incapacitated patient to the media in accordance with the requirements of 45 C.F.R. 164.510(b)(1)(ii) when, in the hospital’s professional judgment, doing so is in the patient’s best interest; or
Disclose a patient’s location in the facility and condition in general terms that do not communicate specific medical information about the individual to any person, including the media, without obtaining a HIPAA authorization where the individual has not objected to his information being included in the facility directory, and the media representative or other person asks for the individual by name as specified in 45 C.F.R. 164.510(a).
The Media FAQ also discusses circumstances where a healthcare provider or other HIPAA entity may use the services of a contract film crew to produce training videos or public relations materials on the provider’s behalf if the provider ensures that the film crew acting as a business associate enters into a HIPAA compliant business associate agreement with the HIPAA entity which among other things ensures that the film crew will safeguard the PHI it obtains, only use or disclose the PHI for the purposes provided in the agreement, and return or destroy any PHI after the work for the health care provider has been completed as required by 45 C.F.R. 164.504(e)(2). The Media FAQ also states that as a business associate, the film crew must comply with the HIPAA Security Rule and a number of provisions in the Privacy Rule, including the Rule’s restrictions on the use and disclosure of PHI. In addition, the Media FAQ reminds HIPAA entities and business associates of the need to obtain prior authorizations from patients whose PHI is included in any materials before any of those materials are posted online, printed in brochures for the public, or otherwise publicly disseminated.
Finally, the Media FAQ states HIPAA entities can continue to inform the media of their treatment services and programs so that the media can better inform the public, provided that, in doing so, the covered entity does not share PHI with the media.
Memorial Herrman Health System Resolution Agreement
OCR’s next media coverage-related enforcement action involved the largest not-for-profit health system in Southeast Texas, Memorial Hermann Health System (MHHS). The 2017 MHHS Resolution Agreement and Corrective Action Plan resulted from HHHS issuing a press release with the name and other PHI about a patient arrested and charged with fraudulently obtaining health care by presenting an allegedly fraudulent identification card to MHHS office staff without first obtaining authorization from the patient. MHHS paid OCR a $2.4 million resolution payment as well as agreed to implement a detailed corrective action plan. See $2.4M HIPAA Settlement Warns Providers About Media Disclosures Of PHI.
Three Resolution Agreements Following Disclosures ForBoston Trauma Reality Series
OCR followed up the next year with a concurrent announcement of resolution agreements against three unrelated hospitals for allowing ABC film crews to film in patient treatment and other areas for the ABC medical documentary “Save My Life: Boston Trauma” series. Under three separate settlement agreements, OCR collected a total of $999,000 from Boston Medical Center, Brigham and Women’s Hospital, and Massachusetts General Hospital for putting publicity before patient privacy by allowing ABC News documentary film crews to film patients and access other patient information for a news documentary without obtaining prior patient authorization under three separate settlement agreements with the hospitals.
The circumstances that resulted in the three resolution agreements announced on September 20, 2018 were strikingly similar to those underlying the NY-Presby Resolution Agreement. Notably, the investigations that resulted in the three settlement agreements all arose out of each of the respective hospital’s permitting an ABC documentary film crew filming a medical documentary to access patient areas of their hospitals.
OCR’s investigation of MGH arose in response to an announcement about the impending filming on its website while OCR’s investigations of BMC and BWH started in response to a January 12, 2015 Boston Globe article that reported the Hospitals each separately had allowed ABC film crews filming a documentary to access PHI and film patients without obtaining patient authorization. See Boston Medical Center Resolution Agreement (BMC Settlement Agreement); Brigham and Women’s Hospital Resolution Agreement (BWH Settlement Agreement); and Massachusetts General Hospital Resolution Agreement (MGH Resolution Agreement)
The MGH Resolution Agreement reflects that OCR’s investigations began with an investigation of MGH on December 17, 2014 based on a news story posted to MGH’s website on October 3, 2014, indicating that ABC News would be filming a medical documentary program at MGH. The MGH Resolution Reports that the investigation revealed that before allowing the filming between October 2014 to January 2015, MGH reviewed and assessed patient privacy issues related to the filming and implemented various protections regarding patient privacy, including providing the ABC film crew with the same HIPAA privacy training received by MGH’s workforce.
Information contained in the respective settlement agreements reflect that OCR’s investigations of BMC and BWH began about a month later on January 25 and 26, 2015 respectively in response to the Boston Globe article. The BWH Settlement Agreement states that the BWH investigation revealed that like MGH, BWH reviewed and assessed patient privacy issues related to the filming and implemented various protections regarding patient privacy, including providing the ABC film crew with the same HIPAA privacy training received by BWH’s workforce before allowing the filming by the ABC film crew that occurred between October 2014 to January 2015. The BMC Settlement Agreement does not state that OCR found BMC engaged in similar deliberations or undertook the same or other efforts to safeguard patients and their PHI.
The BMC Settlement Agreement reports that the OCR concluded based on the BMC investigation showed that BMC impermissibly disclosed PHI of patients to ABC employees during the production and filming of a television program at BMC in violation of HIPAA. Meanwhile, while acknowledging the privacy deliberations and efforts undertaken at MGH and BWH, OCR also concluded that each of those organizations also violated HIPAA because in allowing the film crew access and to film patients and patient areas:
The timing at which they obtained patient authorizations showed MGH and BWH impermissibly disclosed the PHI of patients to ABC employees during the production and filming of a television program at BWH; and
Despite the various patient privacy protections in place, MGH and BWH failed to safeguard its patients’ PHI appropriately and reasonably from disclosure during a filming project conducted by ABC on its premises in 2014 and January 2015.
To resolve potential HIPAA violations, BMC has paid OCR $100,000, BWH has paid OCR $384,000, and MGH has paid OCR $515,000. In addition, each Hospital agreed to provide workforce training as part of a corrective action plan that will include OCR’s guidance on disclosures to film and media in the 2016 Media FAQ.
Allergy Associates of Hartford, P.C.Resolution Agreement
Large institutional health care organizations are not the only HIPAA entities subjected to OCR investigation or enforcement for inappropriate sharing of PHI with the media. In its November 2018
On November 26, 2018, OCR announced that Allergy Associates, the three doctor health care practice Allergy Associates of Hartford, P.C. would pay OCR $125,000 and take corrective action under a Resolution Agreement and Corrective Action Plan resolving charges stemming from comments a physician made to a reporter on a patient dispute with the practice in 2015 violated HIPAA.
According to OCR, the disclosure of patient information that prompted OCR’s HIPAA charges resulted from a physician associated with the practice commenting to a local television station reporter for a story about a disabled patient’s complaint to the station that Allergy Associates turned her away from a scheduled appointment because of her use of a service animal. After the patient contacted the television statement to complain about being turned away by the practice when accompanied by her service animal, the station contacted the doctor for comment about the dispute between the Allergy Associates’ doctor and the patient. Although OCR reports its investigation revealed that Allergy Associates’ Privacy Officer instructed the doctor to either not respond to the media or respond with “no comment,” the doctor nevertheless accepted the television station reporter’s invitation to comment and discussed the dispute with the reporter.
OCR learned of the physician’s unauthorized comments to the reporter when it received a copy of an October 6, 2015, HHS civil rights complaint filed on behalf of the patient with the Department of Justice, Connecticut, U.S. Attorney’s Office (DOJ) by the Connecticut Office of Protection and Advocacy for Persons with Disabilities (OPA). In response to this complaint, OCR initiated a joint investigation with DOJ into the civil rights allegations against Allergy Associates. The complaint also alleged that Allergy Associates impermissibly disclosed the patient’s PHI in violation of HIPAA.
OCR found the physician’s discussion of the patient’s complaint without first obtaining a HIPAA-complaint authorization from the patient both violated HIPAA and demonstrated a reckless disregard for the patient’s HIPAA privacy rights. Additionally, Resolution Agreement also states that OCR’s investigation revealed that Allergy Associates did not take any disciplinary or other corrective action against the doctor after learning of his impermissible disclosure to the media.
To resolve the HIPAA charges, Allergy Associates agrees in the Resolution Agreement and Corrective Action Plan to pay $125,000 as well as to undertake a corrective action plan that includes two years of monitoring their compliance with the HIPAA Rules.
OCR COVID-19 HIPAA Guidance & Warnings About Media-Related HIPAA Responsibilities
With the COVID-19 pandemic fueling a torrent of media inquiries and coverage of patient, workforce and other aspects of the pandemic, OCR reminded health care providers and other HIPAA entities of HIPAA’s requirement of prior authorization before sharing PHI or allowing media to access patients or areas where media could observe patients or their PHI throughout the COVID-19 pandemic.
In its May 5, 2020 Guidance on Covered Health Care Providers and Restrictions on Media Access to Protected Health Information about Individuals in Their Facilities (“5/5 Guidance”), OCR warned covered health care providers and other HIPAA entities that the Privacy Rule prohibits HIPAA entities from giving media or film crews access to PHI including access to facilities where patients’ PHI could be accessible without the patients’ prior authorization and cautioned testing facilities and other health care providers to prevent unauthorized use, access or disclosure of test results and other PHI except as specifically allowed in the applicable HIPAA Law. In this respect, the 5/5 Guidance quoted then OCR Director Roger Severino, as unequivocally stating “Hospitals and health care providers must get authorization from patients before giving the media access to their medical information; obscuring faces after the fact just doesn’t cut it.”
Consistent with this warning, the 5/5 Guidance described reasonable guidelines and safeguards that HIPAA entities should use to protect the privacy of patients whenever the media is granted access to facilities. Additionally, the 5/5 Guidance specifically warned HIPAA entities among other things that:
HIPAA does not permit covered health care providers to give the media, including film crews, access to any areas of their facilities where patients’ PHI will be accessible in any form (e.g., written, electronic, oral, or other visual or audio form), without first obtaining a written HIPAA authorization from each patient whose PHI would be accessible to the media;
Covered health care providers may not require a patient to sign a HIPAA authorization as a condition of receiving treatment; and
Masking or obscuring patients’ faces or identifying information before broadcasting a recording of a patient does not sufficiently deidentify patient information to allow unauthorized disclosure. A valid HIPAA authorization is still required before giving the media such access.
Despite these warnings, throughout the COVID-19 health care emergency videos and other media reports often incorporated videos or other images of patients and other descriptions or details about patients containing PHI reporters or media outlets obtained from accessing facilities, interviewing workforce members, or shared with the media or others allowed to access patients or facilities, often without a HIPAA-compliant patient authorization and often by workforce members without authorization or otherwise in violation of their employing HIPAA entity’s policies. See e.g. Ezekiel Elliott COVID-Test Disclosure Highlights Health Care Provider & Plan HIPAA & Other Privacy Risks From Medical Testing & Other Medical Information;, Health care workers express overwhelming fatigue as COVID-19 cases surge across the country; Pandemic takes its toll on health care workers; ABC News Special Coverage: Coronavirus Pandemic. Since the widespread media coverage makes clear SJMC was not the only health care provider or other HIPAA entity where the entity or members of its workforce allowed media access to facilities, shared or allowed the media or other third-parties to take patient photos, videos, or shared or allowed media access to other PHI, additional OCR enforcement actions or settlements arising from COVID-19 related media disclosures against other HIPAA-entities are likely.
To mitigate their own organizational exposure to potential HIPAA and other privacy-related exposures from known or as-of-yet unidentified past or future media-related HIPAA violations, all HIPAA entities should consult qualified legal counsel for advice and assistance within the scope of attorney-client privilege on investigating their organizations potential risks from any past media disclosures and opportunities for mitigating any known or uncovered HIPAA exposures by acting proactively as well as for guidance on best practices to prevent or mitigate liability from future dealings with the media.
To promote their compliance and the defensibility of their practices and efforts when compliance issues arise, HIPAA entities need conduct a well-documented assessment of their current and past compliance, policies, practices and workforce training on allowing media or others to enter, film, photograph or record within their facilities or otherwise disclosing or allowing media access to their facilities as well as their policies about when parties not involved in care of a particular patient can film, photograph, or otherwise record, observe or access areas where patients or patient PHI is or might be present without prior written consent of the patient.
Going forward, all HIPAA entities should ensure their policies clearly prohibit their entities, their business associates and their workforce from allowing film or media to film, photograph or even access areas where patients or their PHI are accessible or otherwise disclosing PHI to members of the media without first obtaining a HIPAA-compliant authorization from each patient whose presence or PHI could be observed, recorded or otherwise accessed. Adopting the policy alone is insufficient, however, HIPAA entities also need to implement and enforce appropriate procedures and training to promote compliance with those policies and processes to monitor and respond to any violations of HIPAA’s requirements.
When considering the adequacy of their current policies, practices and training concerning filming, photography and other access and disclosure to patients, patient treatment areas and other PHI, HIPAA entities should keep in mind that the obligation to prevent unauthorized filming, photography or any other PHI access or disclosure PHI extends to “any third party not involved in patient care,” not merely those to media or film crews. Consequently, HIPAA entities should address potential risks from filming, photographs or other access and disclosure to patients, patient treatment or recordkeeping areas, or PHI by all parties within or with access to their facilities or records including but not limited to staff, business associates, contractors, other patients as well as media or other visitors.
Recognizing that the NY-Presbyterian corrective action plan included a requirement that NY-Presbyterian require “all photography, video recording and audio recording conducted on NY-Presbyterian premises” be reviewed, preapproved and actively monitored for compliance with the Privacy Rule and NY-Presbyterian’s policies, HIPAA entities also should take steps to monitor and properly restrict and protect any filming, photography or other observations, records or other PHI by individuals within their workforce, as well as to regulate the access and activities of unrelated third parties. In this respect, HIPAA entities are cautioned about the need to prohibit and enforce suitable prohibitions against members of their workforce and others using their own personal devices or other equipment to film, photograph, and copy or disseminate photographs, film, recordings or other records or data that qualifies as or contains PHI without authorization in accordance with established protocols.
HIPAA entities also should take steps to ensure their policies and training make clear that these prohibitions apply whether or not the workforce member believes that identity of the patient or patient information is concealed or otherwise not discoverable.
Moreover, even with respect to photographs, films or other recordings or records legitimately created for treatment, payment or operations purposes, HIPAA entities generally need to take steps to restrict use, access and disclosure of the photographs or other recordings to individuals legitimately involved in patient treatment, operations, payment or other activities allowed by the Privacy Rule and to safeguard those materials against use, access or disclosure to others within or outside their workforce except as allowed by HIPAA and other applicable law. .
Since HIPAA entities also are likely to be subject to other statutory, ethical, contractual or other privacy or confidentiality requirements beyond those imposed by the Privacy Rule, most HIPAA entities also will want to consider and take steps to identify and address these other potential legal or ethical responsibilities such as medical confidentiality duties applicable to physicians and other health care providers under medical ethics, professional licensure or other similar rules, contractual responsibilities, as well as common law privacy or other related exposures when conducting this review. Additionally, most HIPAA entities also will want to take into account and manage their potential exposure to privacy, theft of likeness or other intellectual property, or other statutory or common law tort or contractual claims that might attached to the unauthorized filming, photographing, or surveillance of individuals under federal or state common or statutory laws.
Since this analysis and review in most cases will result in the uncovering or discussion of potentially legally or politically sensitive information, HIPAA entities should consider consulting with or engaging experienced legal counsel for assistance in structuring and executing these activities to maximize their ability to claim attorney-client privilege or other evidentiary protections against discovery or disclosure of certain aspects of these activities.
Finally, HIPAA entities should keep in mind that HIPAA compliance and risk management is an ongoing process requiring constant awareness and diligence. Consequently, HIPAA entities should both monitor OCR and other regulatory and enforcement developments as well as exercise ongoing vigilance to monitor and maintain compliance within their organizations.
For More Information
We hope this update is helpful. For more information about these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 35 plus years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
A Fellow in the American College of Employee Benefit Counsel, Co-Chair of the American Bar Association (“ABA”) International Section Life Sciences and Health Committee and VIce-Chair Elect of its International Employment Law Committee, Chair-Elect of the ABA TIPS Section Medicine & Law Committee, Past Chair of the ABA Managed Care & Insurance Interest Group, Scribe for the ABA JCEB Annual Agency Meeting with HHS-OCR, past chair of the ABA RPTE Employee Benefits & Other Compensation Group and current co-Chair of its Welfare Benefit Committee, and Chair of the ABA Intellectual Property Section Law Practice Management Committee, Ms. Stamer is most widely recognized for her decades of pragmatic, leading-edge work, scholarship and thought leadership on healthcare and life science, managed care and insurance and other workforce and staffing, employee benefits, safety, contracting, quality assurance, compliance and risk management, and other legal, public policy and operational concerns in the healthcare and life sciences, employee benefits, managed care and insurance, technology and other related industries. She speaks and publishes extensively on these and other related compliance issues.
Ms. Stamer’s work throughout her career has focused heavily on working with health care and managed care, life sciences, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. Scribe for the ABA JCEB Annual Meeting with the HHS Office of Civil Rights, her experience includes extensive involvement throughout her career in advising health care and life sciences and other clients about preventing, investigating and defending EEOC, DOJ, OFCCP and other Civil Rights Act, Section 1557 and other HHS, HUD, banking, and other federal and state discrimination investigations, audits, lawsuits and other enforcement actions as well as advocacy before Congress and regulators regarding federal and state equal opportunity, equity and other laws.
For more information about Ms. Stamer or her labor and employment, employee benefit, health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested in reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
January 30 Deadline To Comment On HHS’ Proposed Changes To Substance Use Confidentiality Rules
Employers, their health plans and issuers, substance abuse, mental health and other healthcare providers, health care professional associations, consumer advocates, community organizations, state and local government entities, patients and caregivers and others concerned with mental health and substance abuse treatment and management should review and comment by January 30, 2023 on proposed changes to rules on unauthorized disclosures the Confidentiality of Substance Use Disorder (SUD) Patient Records under 42 CFR part 2 (“Part 2”) proposed by the U.S. Health and Human Services Department Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA) in a Notice of Proposed Rulemaking (NPRM) made public November 28, 2022 here and scheduled for publication in the December 2, 2022 Federal Register. In addition to obvious implications for health care providers and health plans, the proposed changes are likely to impact both the confidentiality requirements for employer-sponsored and other health benefit programs, as well as the ability and responsibilities of businesses seeking to access or use information about prior substance use and abuse in their workplaces or for other legitimate purposes.
Proposed Changes To Substance Abuse Confidentiality Rules
On November 28, 2022, OCR and SAMHSA issued the NPRM to revise the Confidentiality of Substance Use Disorder Patient Records regulations at 42 CFR part 2 (“Part 2”), which seek to address concerns that concerns about discrimination or prosecution might deter people from entering treatment for SUD by protecting “records of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance abuse education prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States.”(“SUD Records”).
Currently, the Part 2 protections of patient privacy and records concerning treatment related to substance use challenges from unauthorized disclosures differ from the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Breach Notification, and Enforcement Rules (“HIPAA”) rules. These distinctions reportedly create barriers to information sharing by patients and among health care providers and create dual obligations and compliance challenges for regulated entities. To address this concern, Congress mandated in Section 3221 of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act) that HHS to bring Part 2 into greater alignment with certain aspects of the HIPAA Privacy rule.
Amid these challenges, the NPRM proposes to implement this CARES Act mandate through the following changes to Part 2 that HHS says will help safeguard the health and outcomes of individuals with SUD while creating greater flexibility for information sharing envisioned by Congress in its passage of Section 3221 of the CARES Act:
Permit Part 2 programs to use and disclose Part 2 records based on a single prior consent signed by the patient for all future uses and disclosures for treatment, payment, and health care operations;
Permit the redisclosure of Part 2 records as permitted by the HIPAA Privacy Rule by recipients that are Part 2 programs, HIPAA covered entities, and business associates, with certain exceptions;
Expand prohibitions on the use and disclosure of Part 2 records in civil, criminal, administrative, or legislative proceedings conducted by a federal, state, or local authority against a patient, absent a court order or the consent of the patient;
Create two patient rights under Part 2 that align with individual rights under the HIPAA Privacy Rule:
Right to an accounting of disclosures; and
Right to request restrictions on disclosures for treatment, payment, and health care operations;
Require disclosures to the Secretary for enforcement;
Apply HIPAA and HITECH Act civil and criminal penalties to Part 2 violations;
Require Part 2 programs to establish a process to receive complaints of Part 2 violations;
Prohibit Part 2 programs from taking adverse action against patients who file complaints;
Prohibit Part 2 programs from requiring patients to waive the right to file a complaint as a condition of providing treatment, enrollment, payment, or eligibility for services;
Apply the standards in the HITECH Act and the HIPAA Breach Notification Rule to breaches of Part 2 records by Part 2 programs;
Modify the Part 2 confidentiality notice requirements (“Patient Notice”) to align with the HIPAA Notice of Privacy Practices;
Modify the HIPAA Notice of Privacy Practices requirements for covered entities who receive or maintain Part 2 records to include a provision limiting redisclosure of Part 2 records for legal proceedings according to the Part 2 standards; and
Permit investigative agencies to apply for a court order to use or disclose Part 2 records after they unknowingly receive Part 2 records while investigating or prosecuting a Part 2 program, when certain preconditions are met.
While the Department is undertaking this rulemaking, the current Part 2 regulations remain in effect. However, once the comment period ends, the Biden Administration-led HHS is expected to finalize the proposed changes quickly. Consequently, in addition to sharing any concerns or other input about the proposed changes during the comment period, health care providers, health plans, health care clearinghouses, employers, community agencies, state and local governments, patients and other caregivers and other concerned parties also should begin planning and preparing to respond to the anticipated changes in the requirements.
Implications For Businesses & Their Health Plans
Businesses should carefully assess the potential implications of the proposed changes on their worker and vendor credentialing and workplace safety practices as well as their health and other benefit programs. Assuming the changes are adopted in their current form, businesses sponsoring health benefit programs generally, and health care organizations and providers specifically should prepare to modify their HIPAA required notices of privacy practices and associated practices to comply with the proposed updates.
Businesses required to comply with Department of Transportation Drug Free Workplace or other alcohol and substance abuse requirements also should consider the potential implications of the proposed changes on their ability to secure relevant substance abuse treatment and related history. In assessing these implications, businesses also should be cognizant of a new proactivity on behalf of certain uses of drugs by workers in the workplace under the Americans With Disabilities Act (“ADA”). For instance, the EEOC recently has sued Eagle Marine Services Electrical & Refrigeration, LLC for allegedly violating the ADA by refusing to hire or accommodate a worker because he used medication prescribed by his doctor to treat attention deficit hyperactivity disorder (“ADHD”) without making any individual assessment of the worker’s medication use or whether it would affect his ability to safely perform the marine electrician position, and instead relied on general stereotypes about disability and medication use to justify its decision not to hire him. Businesses seeking to investigate or deny employment opportunities to workers based on the worker’s past or current medication use will want to use care to ensure that their practices are tailored to defend against similar challenges.
Health plan sponsors and insurers also should assure their mental health and substance abuse treatment coverage documents and practices are defensible under the latest mental health and substance abuse parity mandates of the Mental Health Parity and Addiction Equity Act (MHPAEA) and coverage requirements of the Patient Protection and Affordable Care Act (“ACA”). Along with a host of statutory changes since the original parity mandates took effect, implementing regulations and guidance about non-qualitative limitations and exclusions and heightened agency enforcement are ramping up enforcement and liability risks. In addition to exposing the health plan administrators and other fiduciaries to potential claims denial or fiduciary responsibility claims brought by participants or beneficiaries, the Department of Labor or both, administrative penalties by the EBSA, or both, the MHPAEA mental health and substance abuse parity rules are among 40 federal mandates that when violated can trigger the automatic $100 per violation per day employer excise tax penalty under Internal Revenue Code Section 6039D. As a consequence, violations of the MHPAEA are particularly risky and potentially expensive for private employers, their health plans and the plan administrators and fiduciaries that administer it.
For Help With Comments, Investigations Or Other Needs
If your organization would like to learn more about the concerns discussed in this update or seeks assistance auditing, updating, administering or defending its human resources, compensation, benefits, corporate ethics and compliance practices, or other performance related concerns, please contact management attorney and consultant Cynthia Marcotte Stamer.
An attorney Board Certified in Labor & Employment Law by Texas Board of Legal Specialization, Ms. Stamer is recognized for work helping organizations management people, operations and risk as a Fellow in the American College of Employee Benefit Counsel, a “Top Woman Lawyer,” “Top Rated Lawyer,” and “LEGAL LEADER™” in Labor and Employment Law and Health Care Law; a “Best Lawyers” in “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law.”
For 35 years, Ms. Stamer’s work has focused on advising and assisting businesses and business leaders with these and other employment and other staffing, employee benefit, compensation, risk, performance and compliance management and other operational solutions and concerns. Her experience includes helping management both manage performance and manage legal risk and compliance. While helping businesses define and manage the conduct and performance of their employees, contractors and vendors, she also assists employers and others about compliance with federal and state equal employment opportunity, compensation, health and other employee benefit, workplace safety, leave, and other labor and employment laws, advises and defends businesses against labor and employment, employee benefit, compensation, fraud and other regulatory compliance and other related audits, investigations and litigation, charges, audits, claims and investigations by the IRS, Department of Labor, Department of Justice, SEC, Federal Trade Commission, HUD, HHS, DOD, Departments of Insurance, and other federal and state regulators. Ms. Stamer also speaks, coaches management and publishes extensively on these and other related matters. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see hereor contact Ms. Stamer directly.
Other Helpful Resources & Information
If you found this article of interest, you also may be interested in reviewing other Breaking News, articles and other resources available including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, unsubscribe by updating your profile here.
Section 2202 of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), enacted on March 27, 2020, provides for special distribution options and rollover rules for retirement plans and IRAs and expands permissible loans from certain retirement plans.
While it anticipates issuing further guidance, the Internal Revenue Service (“IRS”) on May 4 provided preliminary guidance in question and answer format titled Coronavirus-related relief for retirement plans and IRAs questions and answers.
More Information
We hope this update is helpful. For more information about the these or other health or other legal, management or public policy developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Solutions Law Press, Inc. invites you receive future updates by registering on our Solutions Law Press, Inc. Website and participating and contributing to the discussions in our Solutions Law Press, Inc. LinkedIn SLP Health Care Risk Management & Operations Group, HR & Benefits Update Compliance Group, and/or Coalition for Responsible Health Care Policy.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years legal and operational management work, coaching, public policy and regulatory affairs leadership and advocacy, training and public speaking and publications. As a significant part of her work, Ms. Stamer has worked extensively domestically and internationally on an demand, special project and ongoing basis with business, government and community organizations and their leaders, spoken and published extensively on human resources, employee benefits and other workforce and services, tax, health care and health benefits, insurance, workers’ compensation and occupational disease, business disaster and distress and many other management topics, As a key focus of this work, Ms. Stamer has worked with public and private employers of all sizes, employee benefit plans, insurance and financial services, health industry and a broad range of public and private domestic and international business, community and government organizations and leaders on pandemic and other health and safety, workforce and performance preparedness, risks and change management, disaster preparedness and response and other operational and tactical concerns throughout her adult life. A former lead advisor to the Government of Bolivia on its pension project, Ms. Stamer also has worked internationally as an advisor to business, community and government leaders on crisis preparedness and response, workforce, health care and other reform, as well as regularly advises and defends organizations about the design, administration and defense of their organizations workforce, employee benefit and compensation, safety, discipline and other management practices and actions.
Board Certified in Labor and Employment Law By the Texas Board of Legal Specialization, Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, and the ABA RPTE Employee Benefits & Other Compensation Group and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also serves in leadership of a broad range of professional and civic organizations and shares insights and thought leadership through her extensive publications and public speaking. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
A civil health care fraud lawsuit filed by the Department of Justice (“DOJ”) in the U.S. District Court for the Southern District of New York today (December 17, 2019) against the nation’s largest long term care pharmacy provider, Omnicare, and its parent, CVS Healthcare Corporation may signal the advisability for insurers, fiduciaries, administrators and sponsors of insured and self-insured health and other benefit plans providing pharmacy benefits to tighten claims and audit past claims payments for prescription drug claims submitted by Omnicare and other CVS pharmacy providers as well as other pharmacy claims to the pharmacy possessed a valid, current prescription to dispense the drug.
Omnicare Complaint Highlights Potential Prescription Drug Fraud By Billing For Filling Expired Prescriptions
In its U.S. ex rel Bassan complaint in intervention (Omnicare and CVS) complaint DOJ joined by 29 states and the District of Colombia filed suit against Omnicare, and its parent company, CVS Healthcare Corporation for damages and civil penalties under the False Claims Act for fraudulently billing federal healthcare programs for hundreds of thousands of non-controlled prescription drugs that DOJ claims Omnicare illegally dispensed to elderly and disabled individuals in assisted living facilities, group homes, independent living communities, and other non-skilled residential long-term care facilities (“LTC facilities”) without a valid, current prescription.. The States of California, Colorado, Connecticut, Delaware, Florida, Georgia, Hawaii, Illinois, Indiana, Iowa, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nevada, New Jersey, New Mexico, New York, North Carolina, Oklahoma, Rhode Island, Tennessee, Texas, Vermont, Virginia, Washington, Wisconsin, and the District Of Columbia are joining the DOJ in the complaint as co-plaintiffs.
Omnicare is the country’s largest provider of pharmacy services to LTC facilities. It currently operates approximately 160 pharmacies in 47 states across the United States, which dispense tens of millions of prescription drugs to LTC facilities that serve elderly and disabled individuals. CVS acquired Omnicare in May 2015, and shortly thereafter assumed an active role in overseeing Omnicare’s operations, including pharmacy dispensing practices and systems.
The DOJ complaint in the Federal District Court in Manhattan, New York charges that Omnicare illegally dispensed and billed the federal government and patients for antipsychotics, anticonvulsants, and antidepressants Omnicare dispensed to elderly and disabled residents in LTC facilities without proper prescriptions. According to the DOJ complaint from 2010 until 2018, Omnicare and CVS allowed Omnicare pharmacies to dispense non-controlled prescription drugs to tens of thousands of elderly and disabled individuals living in LTC facilities based on prescriptions that had expired, were out of refills, or were otherwise invalid. Omnicare repeatedly disregarded prescription refill limitations and expiration dates that required doctor visits to reevaluate whether the drug should be renewed. Instead of requesting new prescriptions when old ones expired, Omnicare allowed prescriptions to “roll over.” At Omnicare, “rolling over” a prescription meant that when a prescription expired, Omnicare’s computer systems would assign the old prescription a new number and the pharmacy would continue to dispense the drug indefinitely without the need for a prescription renewal. Depending on the computer system used, DOJ claims Omnicare also sometimes assigned a fake number of authorized refills to a prescription – usually 99 allowable refills for Medicare patients – to allow for continuous refilling. DOJ claims that Omnicare pharmacies “rolled over” prescriptions for elderly and disabled individuals living in more than 3,000 residential long-term care facilities, including assisted living facilities operated by the largest long-term care providers in the country, such as Brookdale Senior Living, Atria Senior Living, Sunrise Senior Living Services, and Five Star Senior Living. DOJ charges that Omnicare used these practices to refill prescriptions for patients after the required prescription for refill expired for months, and sometimes years, after the prescriptions expired. The complaint alleged that Omnicare internally referred to these renumbered expired prescriptions as “rollover” prescriptions.
Many of the prescription drugs dispensed by Omnicare without valid prescriptions treat serious, chronic conditions, such as dementia, depression, and heart disease. They include antipsychotics, anticonvulsants, cardiovascular medications, anti-depressants, and other drugs that can have dangerous side effects and need to be closely monitored by doctors, particularly when taken in combination with other drugs by elderly patients.
DOJ says these Omnicare practices of illegally dispensing drugs to elderly and disabled individuals living in LTC facilities exposed these vulnerable individuals to a significant risk of harm. In contrast to traditional skilled nursing homes, where residents have access to 24-hour medical care supervised by doctors, assisted living and other non-skilled residential facilities offer more limited medical care, or none at all. In particular, these LTC facilities generally do not have doctors on staff to oversee and monitor residents’ drug therapy. By repeatedly dispensing potent drugs without current and valid prescriptions, Omnicare jeopardized the health and safety of tens of thousands of individuals who continued to take the same drugs for months, and sometimes years, without consulting their doctors to determine whether the medications were still clinically appropriate.
A large percentage of the long-term care residents served by Omnicare are beneficiaries of federal healthcare programs. The complaint charges that along with illegally filling the expired prescriptions, Omnicare knowingly transmitted false information to these federal healthcare programs that made it appear that drug dispensations were supported by current, valid prescriptions from physicians when in fact they were not. By dispensing drugs without valid prescriptions, Omnicare presented, or caused to be presented, hundreds of thousands of false claims to Medicare, Medicaid, and TRICARE that were ineligible for payment in violation of the False Claims Act. In fact, the complaint charges that Omnicare managers exerted pressure on overwhelmed pharmacy staff to fill prescriptions quickly so that Omnicare could submit claims and collect payments on these rollover claims.
Moreover, DOJ says that it possesses evidence that senior management at Omnicare and CVS knew of the practices. The DOJ complaint charges among other things that the Omnicare’s Compliance Department succinctly acknowledged the problem in an internal April 2015 email in which one Regional Compliance Officer stated: “An issue that I am running into more and more in multiple states concerns the ability of our systems to allow prescriptions to continue to roll after a year to a new prescription number without any documentation or pharmacist intervention.” A compliance officer then forwarded the email to the head of Omnicare’s Third Party Audit group, who responded that she had a “potential solution (programmed last year) but no one is rolling it out now.”
In today’s announcement of the lawsuit, Manhattan U.S. Attorney Geoffrey S. Berman said: “As alleged, Omnicare put at risk the health of tens of thousands of elderly and disabled individuals living in assisted living and other residential long-term care facilities by dispensing drugs for months, and sometimes years, without obtaining current, valid prescriptions from doctors. A pharmacy’s fundamental obligation is to ensure that drugs are dispensed only under the supervision of treating doctors who monitor patients’ drug therapies. Omnicare blatantly ignored this obligation in favor of pushing drugs out the door as quickly as possible to make more money. This Office will continue to hold accountable those who put at risk people’s health and safety just to turn a profit.”
Meanwhile, HHS-OIG Special Agent in Charge Scott J. Lampert said: “Failing to consult doctors as to whether prescriptions should be refilled places patients’ health and medical care at serious risk. These automatic rollover refills could have significant consequences for vulnerable people in long term-care facilities. We will continue working with law enforcement partners to protect people depending on these taxpayer-funded government health programs.”
Charges Suggest Potential Advisability For Plan Audit of Prescription Drug Charges To Confirm Supported By Valid Prescription For Dispensed Drugs
The charges made in the complaint filed against Omnicare highlight an area of claims payment eligibility not regularly verified by many pharmacy benefit and other health claims administrators when administering pharmacy benefit claims- the existence of a current valid prescription to support the dispensation of the billed prescription medication. Except for pain management and certain other medications flagged by regulators or benefit systems as subject to heightened abuse risks, many plan administrators regularly take for granted existence of a current, valid script for many common, frequently issued and renewed, low cost prescriptions issued within frequency and other guidelines based upon the assumption that legal and ethical obligations of pharmacists and pharmacies under licensing, Drug Enforcement Agency and other rules generally provides adequate deterrence against abuses like those the DOJ accuses Omnicare of engaging in its complaint. However, growing corporate or other nonprofessional ownership or management of pharmacies and their management coupled with very limited, virtually all complaint driven oversight of federal and state regulatory and ethical agencies is diminishing the frequency and effectiveness of such oversight. As evidenced by the Omnicare complaint, scrupulous pharmacies may leverage opportunities allowed by this limited oversight to dispense and bill for commonly renewed prescription medication without proper orders in a manner that potentially places patients at risk at the expense of plans and their participants, beneficiaries, sponsors and insurers. Plans, insurers, fiduciaries, plan sponsors and administrators concerned about these risks may want to use the Omnicare lawsuit announcement as an opportunity to educate plan members and their caregivers about the importance of monitoring prescriptions, their refills and claims for abuse; audit and encourage plan members and their caregivers of members with claims paid with respect to Omnicare and other pharmacy claims’ and take other steps to assess the adequacy and tighten as appropriate their existing pharmacy benefit review procedures for verification of the existence of a current, valid prescription to mitigate these exposures. These exposures are further heightened by the widespread practice of outsourcing of pharmacy claims to prescription benefit management or other speciality pharmacy claims providers in many health plan designs including vendoirsand service providers owned or managed by parents or related companies of the pharmacy filling and billing for the scripts.
Health plan fiduciaries, administrators and sponsors that discover potential deficiencies in the validity of a prescription or other elements of a received or previously paid prescription benefit or other claim are cautioned to review and follow the applicable ERISA and for insured plans, state insurance, Patient Protection and Affordable Care Act (“ACA”) and contractual claims and appeals timelines and processes. Failure to follow these requirements can undermine the enforceability of plan remedies as well as expose the plan, its insurer or fiduciary to administrative penalties and other liabilities. Additionally, violations of the ACA mandated procedures also in the case of employment based plans also could expose the sponsoring employer or ubnion to liability for self reporting, self-assessment and payment of penalties under Internal Revenue Code Section 6039D. Where relevant regulatory or contractual time periods for denial have already expired either because the claim already was paid or the analysis otherwise was not timely completed in time to meet the deadline, plans may need to rely upon filing health care fraud or other avenues of relief in lieu of attempting to retroactively deny and recoup the questioned amounts in order to avoid violating the ACA and other rules. Plan fiduciaries and administrators also may need to consider the applicability of offering review by an independent medical review organization to fulfill ACA or other similar mandatesfor medical judgement based determinations.
More Information
We hope this update is helpful. For more information about this or other labor and employment developments, please contact the author Cynthia Marcotte Stamer via e-mail or via telephone at (214) 452 -8297.
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of health industry and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
Scribe for the ABA JCEB Annual Agency Meeting with OCR, Vice Chair of the ABA International Section Life Sciences Committee, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the ABA RPTE Employee Benefits & Other Compensation Group, Ms. Stamer’s work throughout her 30 plus year career has focused heavily on working with health care and managed care, health and other employee benefit plan, insurance and financial services and other public and private organizations and their technology, data, and other service providers and advisors domestically and internationally with legal and operational compliance and risk management, performance and workforce management, regulatory and public policy and other legal and operational concerns. As a part of this work, she has continuously and extensively worked with domestic and international hospitals, health care systems, clinics, skilled nursing, long term care, rehabilitation and other health care providers and facilities; medical staff, accreditation, peer review and quality committees and organizations; billing, utilization management, management services organizations, group purchasing organizations; pharmaceutical, pharmacy, and prescription benefit management and organizations; consultants; investors; EMR, claims, payroll and other technology, billing and reimbursement and other services and product vendors; products and solutions consultants and developers; investors; managed care organizations, self-insured health and other employee benefit plans, their sponsors, fiduciaries, administrators and service providers, insurers and other payers, health industry advocacy and other service providers and groups and other health and managed care industry clients as well as federal and state legislative, regulatory, investigatory and enforcement bodies and agencies.
Ms. Stamer is most widely recognized for her decades-long leading edge work, scholarship and thought leadership on health and other privacy and data security and other health industry legal, public policy and operational concerns. This involvement encompasses helping health care systems and organizations, group and individual health care providers, health plans and insurers, health IT, life sciences and other health industry clients prevent, investigate, manage and resolve sexual assault, abuse, harassment and other organizational, provider and employee misconduct and other performance and behavior; manage Section 1557, Civil Rights Act and other discrimination and accommodation, and other regulatory, contractual and other compliance; vendors and suppliers; contracting and other terms of participation, medical billing, reimbursement, claims administration and coordination, Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA and other payers and other provider-payer relations, contracting, compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, ant kickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns. to establish, administer and defend workforce and staffing, quality, and other compliance, risk management and operational practices, policies and actions; comply with requirements; investigate and respond to Board of Medicine, Health, Nursing, Pharmacy, Chiropractic, and other licensing agencies, Department of Aging & Disability, FDA, Drug Enforcement Agency, OCR Privacy and Civil Rights, Department of Labor, IRS, HHS, DOD, FTC, SEC, CDC and other public health, Department of Justice and state attorneys’ general and other federal and state agencies; JCHO and other accreditation and quality organizations; private litigation and other federal and state health care industry actions: regulatory and public policy advocacy; training and discipline; enforcement; and other strategic and operational concerns.
Author of leading works on HIPAA and a multitude of other health care, health plan and other health industry matters, the American Bar Association (ABA) International Section Life Sciences Committee Vice Chair, a Scribe for the ABA Joint Committee on Employee Benefits (JCEB) Annual OCR Agency Meeting and a former Council Representative, Past Chair of the ABA Managed Care & Insurance Interest Group, former Vice President and Executive Director of the North Texas Health Care Compliance Professionals Association, past Board President of Richardson Development Center (now Warren Center) for Children Early Childhood Intervention Agency, past North Texas United Way Long Range Planning Committee Member, and past Board Member and Compliance Chair of the National Kidney Foundation of North Texas, and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her extensive publications and thought leadership as well as leadership involvement in a broad range of other professional and civic organizations. For more information about Ms. Stamer or her health industry and other experience and involvements, see www.cynthiastamer.com or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources available here such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advice or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The author and Solutions Law Press, Inc. disclaim, and have no responsibility to provide any update or otherwise notify anyone any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
The Pension Benefit Guarantee Corporation on July 15, 2019 corrected an example in the Preamble to its September 14, 2018,final rule on mergers of multiemployer pension plans which a significantly lowerprobability of insolvancy than originally indicated could support merger .The clarification addresses a second example in the Preamble about how a plan can demonstrate that financial assistance is necessary to mitigate the adverse effects of the merger on the merged plan’s ability to remain solvent. This example in the preamble states that, “while not a threshold, a possible demonstration may be based on stochastic modeling showing that the merged plan’s probability of insolvency within 30 years of the merger exceeds 65% without the requested financial assistance.” (See 83 FR 46642, at 46647 column 3). The new clarification states the percentage in this example should be 35% (not 65%).
The new clarification is one of a multitude of steps the PBGC has taken to adjust its rules and enforcement practices to allow PBGC to work with distressed multiemployer and other pension plans and their sponsors. For additional information about these evolving rules, contact the author or go to PBGC.gov.
About the Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: ERISA & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for 30+ years of management focused employment, employee benefit and insurance, workforce and other management work, public policy leadership and advocacy, coaching, teachings, and publications.
Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer’s clients include employers and other workforce management organizations; employer, union, association, government and other insured and self-insured health and other employee benefit plan sponsors, benefit plans, fiduciaries, administrators, and other plan vendors; domestic and international public and private health care, education and other community service and care organizations; managed care organizations; insurers, third-party administrative services organizations and other payer organizations; and other private and government organizations and their management leaders.
Throughout her 30 plus year career, Ms. Stamer has continuously worked with these and other management clients to design, implement, document, administer and defend hiring, performance management, compensation, promotion, demotion, discipline, reduction in force and other workforce, employee benefit, insurance and risk management, health and safety, and other programs, products and solutions, and practices; establish and administer compliance and risk management policies; manage labor-management relations, comply with requirements, investigate and respond to government, accreditation and quality organizations, regulatory and contractual audits, private litigation and other federal and state reviews, investigations and enforcement actions; evaluate and influence legislative and regulatory reforms and other regulatory and public policy advocacy; prepare and present training and discipline; handle workforce and related change management associated with mergers, acquisitions, reductions in force, re-engineering, and other change management; and a host of other workforce related concerns. Ms. Stamer’s experience in these matters includes supporting these organizations and their leaders on both a real-time, “on demand” basis with crisis preparedness, intervention and response as well as consulting and representing clients on ongoing compliance and risk management; plan and program design; vendor and employee credentialing, selection, contracting, performance management and other dealings; strategic planning; policy, program, product and services development and innovation; mergers, acquisitions, bankruptcy and other crisis and change management; management, and other opportunities and challenges arising in the course of workforce and other operations management to improve performance while managing workforce, compensation and benefits and other legal and operational liability and performance.
Past Chair of the ABA Managed Care & Insurance Interest Group and, a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, heavily involved in health benefit, health care, health, financial and other information technology, data and related process and systems development, policy and operations throughout her career, and scribe of the ABA JCEB annual Office of Civil Rights agency meeting, Ms. Stamer also is widely recognized for her extensive work and leadership on leading edge health care and benefit policy and operational issues. She regularly helps employer and other health benefit plan sponsors and vendors, health industry, insurers, health IT, life sciences and other health and insurance industry clients design, document and enforce plans, practices, policies, systems and solutions; manage regulatory, contractual and other legal and operational compliance; vendors and suppliers; deal with Medicare, Medicaid, CHIP, Medicare/Medicaid Advantage, ERISA, state insurance law and other private payer rules and requirements; contracting; licensing; terms of participation; medical billing, reimbursement, claims administration and coordination, and other provider-payer relations; reporting and disclosure, government investigations and enforcement, privacy and data security; and other compliance and enforcement; Form 990 and other nonprofit and tax-exemption; fundraising, investors, joint venture, and other business partners; quality and other performance measurement, management, discipline and reporting; physician and other workforce recruiting, performance management, peer review and other investigations and discipline, wage and hour, payroll, gain-sharing and other pay-for performance and other compensation, training, outsourcing and other human resources and workforce matters; board, medical staff and other governance; strategic planning, process and quality improvement; HIPAA administrative simplification, meaningful use, EMR, HIPAA and other technology, data security and breach and other health IT and data; STARK, antikickback, insurance, and other fraud prevention, investigation, defense and enforcement; audits, investigations, and enforcement actions; trade secrets and other intellectual property; crisis preparedness and response; internal, government and third-party licensure, credentialing, accreditation, HCQIA, HEDIS and other peer review and quality reporting, audits, investigations, enforcement and defense; patient relations and care; internal controls and regulatory compliance; payer-provider, provider-provider, vendor, patient, governmental and community relations; facilities, practice, products and other sales, mergers, acquisitions and other business and commercial transactions; government procurement and contracting; grants; tax-exemption and not-for-profit; 1557 and other Civil Rights; privacy and data security; training; risk and change management; regulatory affairs and public policy; process, product and service improvement, development and innovation, and other legal and operational compliance and risk management, government and regulatory affairs and operations concerns.
A former lead consultant to the Government of Bolivia on its Pension Privatization Project with extensive domestic and international public policy concerns in pensions, healthcare, workforce, immigration, tax, education and other areas, Ms. Stamer has been extensively involved in U.S. federal, state and local health care and other legislative and regulatory reform impacting these concerns throughout her career. Her public policy and regulatory affairs experience encompasses advising and representing domestic and multinational private sector health, insurance, employee benefit, employer, staffing and other outsourced service providers, and other clients in dealings with Congress, state legislatures, and federal, state and local regulators and government entities, as well as providing advice and input to U.S. and foreign government leaders on these and other policy concerns.
Author of leading works on a multitude of labor and employment, compensation and benefits, internal controls and compliance, and risk management matters and a Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other related concerns by her service in the leadership of the Solutions Law Press, Inc. Coalition for Responsible Health Policy, its PROJECT COPE: Coalition on Patient Empowerment, and a broad range of other professional and civic organizations including North Texas Healthcare Compliance Association, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children (now Warren Center For Children); current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, past Representative and chair of various committees of ABA Joint Committee on Employee Benefits; an ABA Health Law Coordinating Council representative, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
For more information about Ms. Stamer or her health industry and other experience and involvements, see here or contact Ms. Stamer via telephone at (214) 452-8297 or via e-mail here.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources here such as the following:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating your profile here. We also invite you to join the discussion of these and other human resources, health and other employee benefit and patient empowerment concerns by participating and contributing to the discussions in our Health Plan Compliance Group or COPE: Coalition On Patient Empowerment Groupon LinkedIn or Project COPE: Coalition on Patient Empowerment Facebook Page.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice or an offer or commitment to provide legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as legal advise or an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Employer and other sponsors, fiduciaries, administrators and insurers of the Employee Retirement Income Security Act (ERISA)-covered employee benefit plans making disability-based benefit determinations should confirm that their plan documents, summary plan descriptions, procedures and claims and appeals notices are updated and ready to meet tightened new federal rules on disability-based benefit determinations applicable to all post December 31, 2017 claims under the restated Final Rule on Claims Procedure for Plans Providing Disability Benefits (“Disability Claims Rule”). Given the nature and scope of these new requirements, most covered plans will require specific action be taken before the new rules take effect to update plan documents, summary plan descriptions, notices, contracts, processes and procedures to meet the January 1, 2018 deadline.
The Disability Claims Rule published by the Department of Labor Employee Benefit Security Administration (“EBSA”) on December 19, 2016 generally require all ERISA-covered employee benefit plans making any disability benefit or other determination conditioned upon a finding of disability to comply with the new Disability Claims Rule for any claim received after December 31, 2017.
The new Final Disability Claims Rule will apply to all disability determinations made under any ERISA-covered plan after December 31, 2017, regardless of how the plan characterizes the benefit or whether the plan is a health or other welfare, pension, 401(k) plan or other savings plan.
Significant affirmative action is likely required to prepare covered plans to meet these requirements since most plans historically have not followed the detailed claims and appeals notification, independent and impartial decision-making, rescission, deemed exhaustion, “culturally and linguistically appropriate” and other procedural protections and safeguards based on EBSA’s previously adopted Patient Protection and Affordable Care Act (“ACA”) group health plan claims and appeals rules, which the Disability Claims Rules extend and make applicable to all ERISA-covered plans making benefit determinations based on disability. Covered plans making disability-based benefit or other covered determinations are likely to require updates to plan documents, insurance or administrative services contracts, summary plan descriptions and other plan communications, claims and appeals notices, and other related processes, procedures and documentation to meet these new requirements. Since certain requirements of the Disability Claims Rules like the summary plan description advance disclosure requirements are required to be provided before the claim is received, plans and their sponsors risk being accused of violating these requirements by waiting to update plans, their processes and materials until after claim involving a disability based determination arises.
Ensuring that impacted plans are updated before the January 1, 2018 deadline is important because the Disability Claims Rule, like the group health plan claims and appeals rules upon which it is based, also states that noncompliance with any of its requirements empowers a participant to immediately sue the plan for enforcement if his rights without further complying the the plan’s administrative procedures. Moreover, failing to comply with summary plan disclosure or claims or appeal adverse benefit determination notification requirements also may subject the plan administrator to administrative penalties under ERISA section 514(c). Consequently, employers and other plan sponsors, fiduciaries, administrators and insurers will want to act quickly to ensure that their plans, their summary plan descriptions and other communications, notices, processes, contracts and procedures are updated appropriately before January 1, 2018.
About The Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well-known for her extensive work with health, insurance, financial services, technology, energy, manufacturing, retail, hospitality, governmental and other highly regulated employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediatepast RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.
Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, BenefitsMagazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.
Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com such as the following:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
President Trump today (October 12, 2017) issued the following that he promised to be the first in a series of executive orders and other administrative actions that his administration will roll out to provide Obamacare relief for consumers, employers and others by promoting healthcare choice and competition given the continued difficulty by the Republican-led Congress to pass legislation repealing or replacing the health care law.
On the heels of his announcement of the Executive Order, President Trump moved forward on his promise to take other action on Obamacare by announcing that the Administration will not continue funding for individual subsidies that currently are continued under an Obama Administration action in the absence of Congressional action funding those subsidies.
Concerned parties should monitor and inform themselves about proposed changes in the Executive Order and other actions as they are proposed and develop, and provide timely comments and other input to help influence the shape and content of any changes proposed or adopted in response to the Executive Order. Solutions Law Press, Inc. will be monitoring developments. Stay tuned for updates.
Language of Executive Order
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
Section 1. Policy.
(a) It shall be the policy of the executive branch, to the extent consistent with law, to facilitate the purchase of insurance across State lines and the development and operation of a healthcare system that provides high-quality care at affordable prices for the American people. The Patient Protection and Affordable Care Act (PPACA), however, has severely limited the choice of healthcare options available to many Americans and has produced large premium increases in many State individual markets for health insurance. The average exchange premium in the 39 States that are using http://www.healthcare.gov in 2017 is more than double the average overall individual market premium recorded in 2013. The PPACA has also largely failed to provide meaningful choice or competition between insurers, resulting in one-third of America’s counties having only one insurer offering coverage on their applicable government-run exchange in 2017.
(b) Among the myriad areas where current regulations limit choice and competition, my Administration will prioritize three areas for improvement in the near term: association health plans (AHPs), short-term, limited-duration insurance (STLDI), and health reimbursement arrangements (HRAs).
(i) Large employers often are able to obtain better terms on health insurance for their employees than small employers because of their larger pools of insurable individuals across which they can spread risk and administrative costs. Expanding access to AHPs can help small businesses overcome this competitive disadvantage by allowing them to group together to self-insure or purchase large group health insurance. Expanding access to AHPs will also allow more small businesses to avoid many of the PPACA’s costly requirements. Expanding access to AHPs would provide more affordable health insurance options to many Americans, including hourly wage earners, farmers, and the employees of small businesses and entrepreneurs that fuel economic growth.
(ii) STLDI is exempt from the onerous and expensive insurance mandates and regulations included in title I of the PPACA. This can make it an appealing and affordable alternative to government-run exchanges for many people without coverage available to them through their workplaces. The previous administration took steps to restrict access to this market by reducing the allowable coverage period from less than 12 months to less than 3 months and by preventing any extensions selected by the policyholder beyond 3 months of total coverage.
(iii) HRAs are tax-advantaged, account-based arrangements that employers can establish for employees to give employees more flexibility and choices regarding their healthcare. Expanding the flexibility and use of HRAs would provide many Americans, including employees who work at small businesses, with more options for financing their healthcare.
(c) My Administration will also continue to focus on promoting competition in healthcare markets and limiting excessive consolidation throughout the healthcare system. To the extent consistent with law, government rules and guidelines affecting the United States healthcare system should:
(i) expand the availability of and access to alternatives to expensive, mandate-laden PPACA insurance, including AHPs, STLDI, and HRAs;
(ii) re-inject competition into healthcare markets by lowering barriers to entry, limiting excessive consolidation, and preventing abuses of market power; and
(iii) improve access to and the quality of information that Americans need to make informed healthcare decisions, including data about healthcare prices and outcomes, while minimizing reporting burdens on affected plans, providers, or payers.
Sec. 2. Expanded Access to Association Health Plans.
Within 60 days of the date of this order, the Secretary of Labor shall consider proposing regulations or revising guidance, consistent with law, to expand access to health coverage by allowing more employers to form AHPs. To the extent permitted by law and supported by sound policy, the Secretary should consider expanding the conditions that satisfy the commonality‑of-interest requirements under current Department of Labor advisory opinions interpreting the definition of an “employer” under section 3(5) of the Employee Retirement Income Security Act of 1974. The Secretary of Labor should also consider ways to promote AHP formation on the basis of common geography or industry.
Sec. 3. Expanded Availability of Short-Term, Limited‑Duration Insurance.
Within 60 days of the date of this order, the Secretaries of the Treasury, Labor, and Health and Human Services shall consider proposing regulations or revising guidance, consistent with law, to expand the availability of STLDI. To the extent permitted by law and supported by sound policy, the Secretaries should consider allowing such insurance to cover longer periods and be renewed by the consumer.
Sec. 4. Expanded Availability and Permitted Use of Health Reimbursement Arrangements.
Within 120 days of the date of this order, the Secretaries of the Treasury, Labor, and Health and Human Services shall consider proposing regulations or revising guidance, to the extent permitted by law and supported by sound policy, to increase the usability of HRAs, to expand employers’ ability to offer HRAs to their employees, and to allow HRAs to be used in conjunction with nongroup coverage.
Sec. 5. Public Comment.
The Secretaries shall consider and evaluate public comments on any regulations proposed under sections 2 through 4 of this order.
Within 180 days of the date of this order, and every 2 years thereafter, the Secretary of Health and Human Services, in consultation with the Secretaries of the Treasury and Labor and the Federal Trade Commission, shall provide a report to the President that:
(a) details the extent to which existing State and Federal laws, regulations, guidance, requirements, and policies fail to conform to the policies set forth in section 1 of this order; and
(b) identifies actions that States or the Federal Government could take in furtherance of the policies set forth in section 1 of this order.
Sec. 7. General Provisions.
(a) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to an executive department or agency, or the head thereof; or
(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.
(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.
(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
DONALD J. TRUMP
THE WHITE HOUSE,
October 12, 2017
Implications & Actions
The impact of this and other Executive Orders and other Presidential actions depend upon what actions, if any, the agencies determine they are allowed by law to take and how those changes are implemented. Concerned persons and organizations should begin preparing input to the agencies and monitoring and commenting on proposals and other guidance to help shape the outcome.
Solutions Law Press, Inc. is preparing initial analysis of this Executive Order and will be closely monitoring and updating this analysis. Follow up to learn more and stay abreast of new developments.
About The Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well-known for her extensive work with health, insurance, financial services, technology, energy, manufacturing, retail, hospitality, governmental and other highly regulated employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes. Author of numerous works on privacy and data security, Ms. Stamer‘s experience includes involvement in cyber security and other data privacy and security matters for more than 20 years.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.
Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.
Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com such as the following:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
As businesses continue to struggle to comply with the growing plethora of federal and state laws mandating data security, the identity theft and cyber security epidemic keeps growing.
As human resources and other business leaders work to guard their own data and respond to employee demands for assistance in responding to breaches of their personal financial and other data, this weeks’ announcement that embattled credit monitoring giant Equifax has been awarded the exclusive contract to provide taxpayer identification and fraud prevention services to the Internal Revenue Service has many questioning whether these investments are futile.
The IRS’ announcement comes despite the September 7, 2017 announcement by Equifax of a data breach of its records impacting sensitive personal information of millions of consumers including:
The names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers of an estimated 143 million U.S. consumers;
Credit card numbers for approximately 209,000 U.S. consumers,
Certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers,and
Personal information for certain U.K. and Canadian consumers.
The huge breach already was creating many headaches for many businesses and their human resources departments before the IRS announced the award of the contract to Equifax. Due to the massive size of the breach, mist companies have been required to respond to concerns of workers impacted directly by the breach as well as requests of employees and identity theft protection companies that the business consider offering cybersecurity protection for employees or customers.
Beyond helping their workforce understand and cope with the news, many businesses and employee benefit plans also face the added headache of needing to investigate and respond to concerns about their own potential responsibilities to provide breach notification or take other actions. This added headache arises due to their or their plans’ use of Equifax or vendors utilizing Equifax to run employee or vendor background checks or carry out internal employee or employee benefit plan, customer or other business activities. These involvements often give rise to duties to conduct investigations and potentially provide notification or other responses to employees, applicants, benefit plan members, contractors or customers whose data may have been impacted under the Fair and Accurate Credit Transactions Act (FACTA), the Health Insurance Portability and Accountability Act (HIPAA), the Employee Retirement Income Security Act (ERISA) Fiduciary Responsibility rules or various other federal and state laws and regulations, vendor contracts or their own data privacy or security policies.
When notification is recommended or required, human resources and other business leaders also have to consider if modifications should be considered to standard protocols recommended to data breach victims. Notification and registration as an identity theft victim with Equifax long has been a standard part of the federal and state government recommended protocol for recommended to consumers impacted by identity theft or other data breaches. See,e.g., IRS Taxpayer Guide To Identity Theft. Although government agencies as of yet have not changed this recommendation to remove Equifax reporting, many consumers and others view reporting to Equifax as akin to the fox watching the hen house. Consequently, employers and other parties helping consumers respond to the breach often receive push back or questions from consumers about the appropriateness and security reporting to Equifax in light of its breach.
Beyond evaluating and handling their own legal responsibilities to investigate and deal with any breach impacting their data, employers and other business leaders also likely are or should consider what claims against Equifax, other vendors and business partners involved with Equifax and their own liability insurers are available and warranted to help cover the costs and potential liabilities for the business arising from the breach and it’s fall out.
As employers and other businesses work through these issues, They should keep in mind that the fallout is likely to continue for years and be further complicated by past and subsequent breaches impacting other governmental and private organizations. Human resources, employee benefits and other businesses and their leaders can expect to experience challenges dealing with fraudulent uses of misappropriated information as well as demands that they tighten up their background check, data security and usage and other practices and documentation to mitigate risks from the compromised data.
Human resources, employee benefits and other business leaders need to secure the assistance of counsel experienced in guiding their organizations through these and other challenges.
About The Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,” “Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney board certified in labor and employment law by the Texas Board of Legal Specialization and management consultant, author, public policy advocate and lecturer widely known for management work, coaching, teachings, and publications.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. Her day-to-day work encompasses both labor and employment issues, as well as independent contractor, outsourcing, employee leasing, management services and other nontraditional service relationships. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with all aspects for workforce and human resources management, including, recruitment, hiring, firing, compensation and benefits, promotion, discipline, compliance, trade secret and confidentiality, noncompetition, privacy and data security, safety, daily performance and operations management, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well-known for her extensive work with health, insurance, financial services, technology, energy, manufacturing, retail, hospitality, governmental and other highly regulated employers, her nearly 30 years’ of experience encompasses domestic and international businesses of all types and sizes. Author of numerous works on privacy and data security, Ms. Stamer‘s experience includes involvement in cyber security and other data privacy and security matters for more than 20 years.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares her thought leadership, experience and advocacy on these and other concerns by her service as a management consultant, business coach and consultant and policy strategist as well through her leadership participation in professional and civic organizations such her involvement as the Vice Chair of the North Texas Healthcare Compliance Association; Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Gulf Coast TEGE Council Exempt Organization Coordinator; a founding Board Member and past President of the Alliance for Healthcare Excellence; former board member and Vice President of the Managed Care Association; past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; a member and policy adviser to the National Physicians’ Council for Healthcare Policy; current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee; current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section; Past Chair of the ABA Health Law Section Managed Care & Insurance Section; ABA Real Property Probate and Trust (RPTE) Section former Employee Benefits Group Chair, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative, and Defined Contribution Committee Co-Chair, past Welfare Benefit Committee Chair and current Employee Benefits Group Fiduciary Responsibility Committee Co-Chair, Substantive and Group Committee member, Membership Committee member and RPTE Representative to the ABA Health Law Coordinating Council; past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former member of the Board of Directors, Treasurer, Member and Continuing Education Chair of the Southwest Benefits Association and others.
Ms. Stamer also is a widely published author, highly popular lecturer, and serial symposia chair, who publishes and speaks extensively on human resources, labor and employment, employee benefits, compensation, occupational safety and health, and other leadership, performance, regulatory and operational risk management, public policy and community service concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clients on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications.
Want to know more? See here for details about the author of this update, attorney Cynthia Marcotte Stamer, e-mail her here or telephone Ms. Stamer at (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at SolutionsLawPress.com such as the following:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please provide your current contact information and preferences including your preferred e-mail by creating or updating your profile here.
NOTICE: These statements and materials are for general informational and purposes only. They do not establish an attorney-client relationship, are not legal advice, and do not serve as a substitute for legal advice. Readers are urged to engage competent legal counsel for consultation and representation in light of the specific facts and circumstances presented in their unique circumstance at any particular time. No comment or statement in this publication is to be construed as an admission. The author reserves the right to qualify or retract any of these statements at any time. Likewise, the content is not tailored to any particular situation and does not necessarily address all relevant issues. Because the law is rapidly evolving and rapidly evolving rules makes it highly likely that subsequent developments could impact the currency and completeness of this discussion. The presenter and the program sponsor disclaim, and have no responsibility to provide any update or otherwise notify any participant of any such change, limitation, or other condition that might affect the suitability of reliance upon these materials or information otherwise conveyed in connection with this program. Readers may not rely upon, are solely responsible for, and assume the risk and all liabilities resulting from their use of this publication.
Circular 230 Compliance. The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. Any statements contained herein are not intended or written by the writer to be used, and nothing contained herein can be used by you or any other person, for the purpose of (1) avoiding penalties that may be imposed under federal tax law, or (2) promoting, marketing or recommending to another party any tax-related transaction or matter addressed herein.
Compliance with the Privacy and Security Rules of the Health Insurance Portability & Accountability Act (HIPAA) is a living process that requires employer and other health plans, health insurers, health care providers and healthcare clearinghouses to recurrently reevaluate their HIPAA enterprise risk and timely act to mitigate security threats to electronic (ePHI) and other protected health information and other HIPAA compliance concerns on an ongoing basis. That’s the clear take away applicable to all HIPAA-Covered Entities and business associates from the St. Joseph Health Resolution Agreement and Corrective Action Plan (SJH Settlement) and the Oregon Health & Science University Resolution Agreement and Corrective Action Plan (OHSU Settlement) announced by the Department of Health & Human Services Office of Civil Rights (OCR) in the past 30 days. Health plans, their sponsors, fiduciaries and vendors, health care providers and health care clearinghouses should carefully heed this message and in response take documented steps to ensure
Their existing policies, practices and procedures properly are updated in response to changing guidance and events;
They in place the current, comprehensive enterprise risk assessment along with a mitigation plan documenting actions taken to address these risks;
Ensure that the organization has and is administering appropriate, documented processes and procedures to ensure that the organization reassesses its enterprise risk assessment and compliance on a timely basis as warranted by changes or other events that could impact ePHI, regulatory developments or other events that might impact its compliance; and
Have an appropriate, documented process for oversight by C-level management.
OHSU Charges & Settlement
The OHSU Settlement Agreement announced by OCR on September 23, 2016 requires OHSU to pay a $2.7 million settlement payment and adopt and implement a comprehensive three-year corrective action plan to address “widespread and diverse” HIPAA compliance problems OCR reports uncovering while investigating multiple HIPAA breach reports the large public academic health center and research university centered in Portland, Oregon.
OCR began investigating OHSU after the large public academic health center and research university centered in Portland, Oregon, submitted three HIPAA breach reports affecting thousands of individuals, including two reports involving unencrypted laptops and another large breach involving a stolen unencrypted thumb drive:
On March 23, 2013, HHS received notification from OHSU regarding a breach of its unsecured electronic protected health information (“ePHI”) resulting from a stolen laptop computer;
On July 28, 2013, HHS received notification from OHSU regarding a breach of its ePHI resulting from storing ePHI at an internet-based service provider without a business associate agreement; and.
These incidents each garnered significant local and national press coverage. OCR’s investigation uncovered evidence of widespread vulnerabilities within OHSU’s HIPAA compliance program, including the storage of the ePHI of more than 3,000 individuals on a cloud-based server without a business associate agreement. OCR found significant risk of harm to 1,361 of these individuals due to the sensitive nature of their diagnoses.
OCR’s investigation showed the reported breaches resulted from widespread, long-term, systematic and unresolved HIPAA violations by OHSU that OCR attributed to an inadequate commitment to and oversight of HIPAA compliance by OHSU C-level management which resulted in the failure by OHSU to appropriately monitor the adequacy of its ongoing compliance and to assess and address changes in its enterprise-wide risk and compliance obligations on an ongoing basis. OHSU performed risk analyses in 2003, 2005, 2006, 2008, 2010, and 2013, but OCR’s investigation found that these analyses did not cover all ePHI in OHSU’s enterprise, as required by the Security Rule. While the analyses identified vulnerabilities and risks to ePHI located in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these documented risks and vulnerabilities to a reasonable and appropriate level. OHSU also lacked policies and procedures to prevent, detect, contain, and correct security violations and failed to implement a mechanism to encrypt and decrypt ePHI or an equivalent alternative measure for ePHI maintained on its workstations, despite having identified this lack of encryption as a risk.
OCR concluded that the reported breaches were the result of long-standing, systematic deficiences in OHSU’s processes and procedures for HIPAA compliance, including the following:
While OHSU reportedly performed risk analyses in 2003, 2005, 2006, 2008, 2010, and 2013, OCR says its investigation found that these analyses did not cover all ePHI in OHSU’s enterprise, as required by the Security Rule;
While the analyses identified vulnerabilities and risks to ePHI located in many areas of the organization, OHSU did not act in a timely manner to implement measures to address these documented risks and vulnerabilities to a reasonable and appropriate level;
OHSU also lacked policies and procedures to prevent, detect, contain, and correct security violations and failed to implement a mechanism to encrypt and decrypt ePHI or an equivalent alternative measure for ePHI maintained on its workstations, despite having identified this lack of encryption as a risk;
OHSU failed to comply with its duty under HIPAA to enter into a business associate agreement with a vendor before allowing a vendor business associate to store ePHI; and
The absence of meaningful C-suite leadership oversight and commitment to HIPAA compliance.
Based on these investigations, OCR concluded that while OHSU initially adopted HIPAA Policies, the reported breaches were the result of a series of widespread and ongoing breaches of HIPAA resulted including the following:
From January 5, 2011, until July 3, 2013, OHSU disclosed the ePHI of 3,044 individuals in violation of Privacy Rules §§160.103 and 164.502(a) when workforce members disclosed the ePHI to a third party internet-based service provider without obtaining a business associate agreement or other satisfactory assurance that the internet-based service provider would safeguard the ePHI;
From January 5, 2011 until July 3, 2013 OHSU failed to obtain a business associate agreement from an internet-based service provider that was storing ePHI on its behalf as a business associate as required by 45 C.F.R. § 164.308(b);
From January 5, 2011 until July 3, 2013 OHSU failed to implement policies and procedures to prevent, detect, contain, and correct security violations as required under Privacy Rule § 164.308(a)(1)(i);
From July 12, 2010 to present, OHSU failed to implement a mechanism to encrypt and decrypt ePHI or an equivalent alternative measure for all ePHI maintained in OHSU’s enterprise as required by Privacy Rules §§ 164.312(a)(2)(iv) and 164.306(d)(3)); and
From May 29, 2013 until July 3, 2013, OHSU failed to implement policies and procedures to address security incidents in violation of Privacy Rule § 164.308(a)(6)(i).
According to statements made by OCR Director Jocelyn Samuels in OCR’s announcement of the OHSU Settlement, the breaches should not have happened. “From well-publicized large scale breaches and findings in their own risk analyses, OHSU had every opportunity to address security management processes that were insufficient,” said OCR Director Jocelyn Samuels. OCR’s announcement also signals that OCR views inadequate commitment and oversight by OHSU’s senior management to have played a key role in the creation and perpetuation of the OHSU violations. It quotes OCR Director Jocelyn Samuels as stating, “This settlement underscores the importance of leadership engagement and why it is so critical for the C-suite to take HIPAA compliance seriously.”
OCR’s announcement of the OHSU Settlement emphasizes its determination that a lack of commitment and oversight by C-level management resulted in the failure by OHSU to periodically perform a comprehensive enterprise risk analysis and to reevaluate and update that analysis and its policies, practices, procedures and training as warranted by changing events and guidance.
To resolve the HIPAA charges, the OHSU Settlement requires OHSU to pay OCR $2,700,000 as well as take a long series of corrective actions detailed in the Corrective Action Plan incorporated into the Settlement Agreement. The requirements of the Corrective Action Plan both seek to address the specific weaknesses that lead to the breaches of unsecured ePHI reported by OHSU in its breach notifications as well as the broader deficiencies in OHSU’s overall HIPAA compliance practice by requiring among other things that OHSU:
Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI at all OHSU facilities and on all systems, networks, and devices that create, receive, maintain, or transmit ePHI;.
Develop and present to OCR for approval a comprehensive written risk management plan that explains OHSU’s strategy for implementing security measures sufficient to reduce the risks and vulnerabilities identified in the risk analysis to a reasonable and appropriate level based on OHSU’s circumstances as well as a comprehensive, enterprise-wide plan to implement effective oversight of OHSU workforce members to ensure their adherence to HIPAA Rules and OHSU’s internal privacy and security policies and procedures with specific timelines for their expected completion and compensating controls identified in the interim to safeguard OHSU’s ePHI;
Implement and administer the written risk management plan and other safeguards as approved by OCR;
Provide updates to OCR about OHSU’s implementation of required encryption including a Mobile Device Management (MDM) solution that ensures all OHSU- owned and personally-owned mobile devices (tablets, smart phones, and other mobile devices) that access ePHI on OHSU’s secure network are encrypted other than mobile devices for which OHSU has granted exceptions based on documented evidence of the implementation of alternative reasonable compensating controls to protect the ePHI on such devices;
Report to OCR on OHSU’s efforts to a solution to enforce encryption of ePHI on OHSU-owned and personally- owned devices (laptops, desktops, and medical equipment) connecting to OHSU’s secure wired and wireless networks except for any devices for which OHSU has granted exceptions to the encryption requirement;
Report to OCR about its implementation of policies that prohibit the transfer of data containing ePHI from OHSU-owned and personally-owned devices to unencrypted removable storage devices (USB drives and portable hard drives) and implementation of a technical solution that enforces the policies prohibiting transfers of this type when attached to the OHSU secure network, except for any removable storage devices for which OHSU has granted exceptions based on documented evidence of reasonable compensating controls that have been implemented to protect the ePHI on such devices;
Send a communication to all members of the OHSU community describing its commitment to enterprise encryption;
Prepare to the satisfaction of OCR security awareness training materials needed to implement its security management processing including specific privacy and security awareness related to a) use of internet-based information storage services; b) disclosures to third party entities that require a business associate agreement or other reasonable assurance in place to ensure that the business associate will safeguard the protected health information (PHI) and/or ePHI; c) regarding managers, effective oversight of workforce members’ uses and disclosures of PHI, including ePHI, to ensure the workforce members’ compliance with the Privacy and Security Rules and OHSU’s internal policies and procedures; d) security incident reporting; and e) password management;
Initially train all workforce members with access to PHI and/or ePHI with 120 days of OCR’s approval of the training and thereafter ensure that new workforce members are trained with 15 days of hire and that all workforce members subsequently continue to receive training on an on-going basis;
Review the security awareness training materials annually, and, where appropriate, update the training to reflect changes in Federal law or HHS guidance, any issues discovered during audits or reviews, and any other relevant developments;
Management oversight and supervision of the implementation and administration of the corrective actions required by the Corrective Action Plan and HIPAA compliance; and
Management reporting to OCR on its actions and compliance with the Corrective Action Plan.
SJH Settlement
Similarly, the SJH Settlement OCR announced on October 18, 2016 with St. Joseph Health (SJH) requires SJH to pay a $2.4 million plus settlement payment, conduct an enterprise-wide risk analysis and implement and administer a comprehensive correction plan to settle OCR charges that SJH violated HIPAA by allowing files containing ePHI of 31,800 individuals that SJH created for its participation in the Medicare meaningful use program to be publicly accessible on the internet from February 1, 2011, until February 13, 2012.
A nonprofit integrated Catholic health care delivery system sponsored by the St. Joseph Health Ministry, who through its 24,000 employees and 6,000 physicians provides a range of health care services to more than 137,000 inpatients and 3.6 million outpatients each year at SHS’ 4 acute care hospitals, home health agencies, hospice care, outpatient services, skilled nursing facilities, community clinics and physician organizations located throughout California and in parts of Texas and New Mexico.
OCR’s charges against SJH arose out of OCR’s investigation into a 2012 breach notification report SJS filed with OCR. On February 14, 2012, SJH reported to OCR that files containing electronic protected health information (ePHI) of 31,800 individuals from five of the SJH hospitals-St. Jude Medical Center, Mission Hospital, Queen of the Valley Medical Center, Santa Rosa Memorial Hospital, and Petaluma Valley Hospital that SJH created for its participation in the meaningful use program were publicly accessible on the internet from February 1, 2011, until February 13, 2012, via Google and possibly other internet search engines.
SJH’s report to OCR indicated that this public access resulted from a configuration within its network server in which PDF files containing following patient information were uploaded: patient names; BMI; blood pressure; lab results; smoking status; diagnoses lists; medication allergies; advance directive status and demographic information (language, ethnicity, race, sex, and birth date). The server SJH purchased to store the files included a file sharing application whose default settings allowed anyone with an internet connection to access them. Upon implementation of this server and the file sharing application, SJH did not examine or modify it. As a result, the public had unrestricted access to PDF files containing the ePHI of 31,800 individuals, including patient names, health statuses, diagnoses, and demographic information from February 14, 2012 until SJH blocked external access to the ePHI when it shut down the application February 13, 2012.
OCR’s investigation indicated the following potential violations of the HIPAA Rules:
From February 1, 2011 to February 13, 2012, SJH potentially disclosed the PHI of 31,800 individuals;
Evidence indicated that SJH failed to conduct an evaluation in response to the environmental and operational changes presented by implementation of a new server for its meaningful use project, thereby compromising the security of ePHI;
Although SJH hired a number of contractors to assess the risks and vulnerabilities to the confidentiality, integrity and availability of ePHI held by SJH, evidence indicated that this was conducted in a patchwork fashion and did not result in an enterprise-wide risk analysis, as required by the HIPAA Security Rule.
To resolve charges resulting from these findings, the SJH Resolution Agreement requires SJH to pay OCR a $2,140,500 settlement payment and adopt a comprehensive corrective action plan which among other things, requires SJH to conduct an enterprise-wide risk analysis, develop and implement a risk management plan, revise its policies and procedures, and train its staff on these policies and procedures. SJH’s Chief Executive Officer, Annette M. Walker, is named in the Corrective Action Plan as the SJH authorized representative and contact person responsible for overseeing the CAP implementation.
Among other things, the Corrective Action Plan specifically requires that SJH:
Within 240 days, conduct an enterprise-wide analysis and provide a report to OCR which includes a complete inventory of all electronic equipment, data systems, and applications that contain or store ePHI, and prepare and deliver to OCR for review an enterprise-wide risk analysis that identifies all security risks and vulnerabilities that incorporates all electronic equipment, data systems, and applications controlled, administered, or owned by SJH, its workforce members, and affiliated staff that contains, stores, transmits, or receives electronic protected health information (ePHJ);
Revise this risk analysis plan as directed by OCR based on its review of the presented risk analysis;
Develop and implement to the satisfaction of OCR an organization-wide risk management plan to address and mitigate any security risks and vulnerabilities identified in the risk analysis;
Distribute the risk management plan as finally approved by OCR to to workforce members involved with implementation of the plan within 30 days of OCR approval;
Revise to OCR’s satisfaction, adopt and implement within 30 days of OCR’s approval compliant HIPAA policies and procedures;
Prepare for review of OCR training materials and once approved by OCR, provide initial training to required workforce members, and obtain certification of completion of that training from each required workforce member within 60 days of OCR’s approval of the training and thereafter at least annually as long as the Corrective Action Plan remains in force;
Promptly conduct a documented investigation of any information indicating a potential workforce member violation of the new HIPAA policies in the manner required by OCR and if the investigation confirms a violation (Reportable Event), notify OCR of the relevant facts, findings, corrective actions and sanctions imposed against the violating workforce member in the manner required by the Corrective Action Plan;
Submit annual report to OCR signed and attested to by an SJH officer, which contains the information and attestations of compliance with the requirements of the Corrective Action Plan in accordance with the Corrective Action Plan;
Retain for inspection and copying and provide to OCR upon request all documents and records relating to compliance with this Corrective Action Plan for six (6) years from the Effective Date of the SJH Settlement Agreement.
Take Away For Other Covered Entities & Business Associates
The OHSU and SJH Settlement Agreements send a clear message to all Covered Entities and business associates that they must be prepared to demonstrate not only that their initial adoption and implementation of required HIPAA Privacy and Security policies and safeguards, but also that their organization’s leadership needs to be prepared to demonstrate their commitment to HIPAA compliance by making adequate provision for HIPAA compliance, and appropriately monitoring developments that could impact the adequacy of their existing measures and timely update their systems and security, policies, procedures, training and other relevant safeguards.
The Settlements make clear that Covered Entities and their business associates should ensure that their organization possesses a well-documented current enterprise-wide risk assessment, as well as has in place and is administering as necessary to maintain the currency and adequacy of its risk assessment strong practices for conducting documented evaluations of their own HIPAA security, policies, practices, audits and investigations and other procedures necessary to comply with HIPAA, taking into account recent OCR guidance, its initiation of its Phase II audit program, the insights offered by OCR’s ever growing list of enforcement actions and compliance tools, as well as changes in systems, documentation, software, equipment or other occurrences within the operations of the Covered Entity or business associate’s operations that could impact the currency and adequacy of its risk assessment or otherwise raise compliance risks.
In this respect, Covered Entities and business associates are encouraged to take special note of the advisability of specifically reviewing and updating their HIPAA policies, practices, business associate agreements, training, oversight and documentation to in response to the guidance and insight that OCR provides, including:
Guidance On HIPAA & Cloud Computing released October 6, 2016, which provides guidance for Covered Entities and business associates about contracting and other procedures that HIPAA-regulated Covered Entities and their business associates should implement when contracting for and using Cloud Computing Services;
Joint Guidance published October 21, 2016 by the Federal Trade Commission and OCR reminding Covered Entities and their business associates of the need to ensure that in addition to fulfilling the technical content requirements of HIPAA, their HIPAA authorizations, privacy practices notices and other HIPAA notices and communications are written and presented in plan language, include required specific terms and descriptions and in a manner that does not mislead individuals about their rights or about what is happening with their PHI. Furthermore, where Covered Entities and their business associates contemplate that businesses associates may request that individuals sign HIPAA authorizations, Covered Entities and their business associates should the Covered Entity and business associate have in place a current, signed HIPAA-compliant business associate agreement that that expressly authorizes the business associate to request the HIPAA authorization in light of statements in the Joint Guidance indicating that OCR views the Privacy Rules as prohibiting a business associate from asking a consumer to sign a HIPAA authorization unless its business associate contract expressly permits the business associate to do so; and
Employer and other health plan sponsors, health plan fiduciaries and business associates, and their service providers also generally will want to consider their responsibilities to provide and enforce employer certifications, as well as the fiduciary obligations health plan fiduciaries under the fiduciary responsibility rules of the Employee Retirement Income Security Act (ERISA). Among other things, wrongful disclosure of PHI to a sponsoring employer or others could violate HIPAA or other plan terms. Furthermore, Department of Labor officials have indicated stated that a fiduciary’s general fiduciary responsibilities can apply to the protection and administration of PHI and other health plan information as well as create a duty by a responsible fiduciary to prudently investigate and take steps to address breaches or other potential concerns that place PHI at risk. See, HIPAA Settlement Warns Health Plans, Sponsoring Employers & Business Associates To Manage HIPAA Risks.
Furthermore, as breaches of PHI and other violations of HIPAA also frequently give rise to responsibilities or risks under a broad range of other federal and state laws medical and financial privacy and data security, Medicare and other terms of federal program participation, medical credentialing, licensure and ethics, insurance and Employee Retirement Income Security Act fiduciary responsibilities in the case of health plans, contractual, tort and other exposures, Covered Entities and their business associates also generally are best served to take into account these other responsibilities and exposures in conjunction with the design and administration of their HIPAA compliance and risk management policies and practices.
Covered Entities and their business associates also should seek advice from legal counsel regarding the adequacy of their compliance, investigatory, training, management oversight, training, reporting, documentation, document retention and other processes and procedures that could reduce risks of HIPAA violations and position the organization to effectively and more efficiently respond to a potential breach, audit, investigation or enforcement action and mitigate the costs and potential liability exposures that increasingly attends these events. In addition, given the typically high financial, operational and legal costs typically incurred to conduct investigations, report and redress breaches, and respond to OCR audits or investigations, much less make any payments and implement any corrective actions required to settle OCR changes, most Covered Entities and their business associations will want to consider the advisability and adequacy of insurance and other sources of funding or indemnification for the often substantial costs that often attend a HIPAA breach, audit or enforcement event. Since HIPAA violations under certain circumstances also can give rise to felony criminal liability, boards of directors and other leaders of Covered Entities and business associates also will want to ensure that their HIPAA compliance policies and practices also are incorporated and monitored by management as part of their organization’s overall Federal Sentencing Guideline Compliance programs and practices.
About The Author
Recognized by her peers as a Martindale-Hubble “AV-Preeminent” (Top 1%) and “Top Rated Lawyer” with special recognition LexisNexis® Martindale-Hubbell® as “LEGAL LEADER™ Texas Top Rated Lawyer” in Health Care Law and Labor and Employment Law; as among the “Best Lawyers In Dallas” for her work in the fields of “Labor & Employment,”“Tax: Erisa & Employee Benefits,” “Health Care” and “Business and Commercial Law” by D Magazine, Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely known for work, teachings and publications on HIPAA and other privacy and data security concerns earned in connection with her more than 28 years’ of involvement advising and representing business and government clients domestically and internationally about workforce and human resources, employee benefits; health care; insurance and financial; privacy and data security and other performance management, regulatory, internal controls and other compliance, risk management, public policy and operational other key concerns.
Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Group Chair and current Defined Contribution Plans Committee Co-Chair, Groups and Substantive Committee and Membership Committee Members, past Welfare Plans Committee Chair and Co-Chair, and former Fiduciary Responsibility Vice Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current ABA International Section Life Sciences Committee Vice Chair, past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, former ABA Joint Committee on Employee Benefits Council Representative and Marketing Committee Chair and a prolific author and highly popular speaker and consultant, Ms. Stamer helps management manage.
Ms. Stamer’s legal and management consulting work throughout her nearly 30-year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
As a core component of her work, Ms. Stamer has worked extensively throughout her career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.
Beyond her extensive involvement advising and representing clients on privacy and data security concerns and other health industry matters, Ms. Stamer also has served for several years as a scrivener for the ABA JCEB’s meeting with OCR, the Chair of the Southern California ISSA Health Care Privacy & Security Summit, and an editorial advisory board member, author, program chair or steering committee member, and faculties for a multitude of other programs and publications regarding privacy, data security, technology and other compliance, risk management and operational concerns in the health care, health and other insurance, employee benefits and human resources, retail, financial services and other arenas.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE: Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Council, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at http://www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
The U.S. Department of Labor’s just announced successful whistleblower prosecution in Perez v. Scott Brain, et al of an employee benefit plan trustee, and an individual lawyer and her law firm that served as the employee benefit plan’s outside legal counsel of violating the fiduciary responsibility and whistleblower rules of the Employee Retirement Income Security Act of 1974 (ERISA) illustrates why employee benefit plan sponsors, trustees or other fiduciaries, their management, legal counsel, auditors and other service providers must both prudently investigate whistleblower allegations or other evidence of potential wrongdoing involving their employee benefit plans and resist the temptation to retaliate against employees or others for reporting or cooperating in the investigation of alleged improprieties involving an employee benefit plan.
The Brain decision highlights the care that employee benefit plan sponsors, fiduciaries, advisors and service providers and their management must use when responding to allegations or other evidence of wrongdoing relating to an employee benefit plan or its administration, investigating and addressing alleged misconduct or other performance or disciplinary concerns involving parties whose report or involvement in investigations of ERISA or other misconduct could form the basis of a potential ERISA 510 or other retaliation complaint.
The decision also makes clear that outside legal counsel advising an employee benefit plan or its fiduciaries in relation to the investigation or response to charges of ERISA misconduct involving an employee benefit plan must use care to avoid actions that could render them liable for participation in acts of illegal retaliation, violating their duty of loyalty to the plan by allowing themselves to become involved in a conflict of interest when investigating or defending potential wrongdoing involving an employee benefit plan, or engaging in other discretionary actions that could constitute a breach of fiduciary duty in violation of ERISA.
In Perez v. Scott Brain, et al., the U.S. District Court for the Central District of California ruled that Cement Masons Southern California Trust Fund’s trustee and Cement Masons Local 600 business manager, Scott Brain (Brain) and outside trust fund legal counsel, Melissa Cook, violated sections 510 and 404 of ERISA by causing the firing a trust fund employee Cheryle Robbins (Robbins) and an employee of the plan’s third party administrator, Cory Rice (Rice), in retaliation for their involvement in filing an internal complaint about and cooperating with the Labor Department’s Employee Benefit Security Administration’s federal criminal investigation of reports of Brain’s wrongful interference as a trustee with collections and contributions from unionized employers.
In 2011, Robbins, director of the trust funds’ audit and collections department, responded to a federal criminal investigation into Brain’s activities with contractors. The same year, she and Rice, who worked for the third-party administrator to the trust fund, American Benefit Plan Administrators, now, Zenith American Solutions (Zenith), participated in an effort to complain about Brain’s interference with efforts to collect delinquent contributions from contractors. Within weeks of this conduct, Robbins was suspended from her employment with the trust fund. Less than six months later, both Robbins and Rice were fired.
The court’s 71-page decision chronicles the coordinated retaliatory campaign orchestrated by Brain and Cook that led to Robbins’ suspension and firing by the employee benefit plan as well as the termination of Cook by his employer, Zenith..
With respect to Robbins’ suspension, the court found that the evidence showed Brain and Cook “were very upset with Robbins due to her contact with the [Department of Labor],” and that Brain and Cook “used their positions and influence to cause the other trustees to vote in favor of” suspending Robbins. To do so, the court explained, Brain and Cook “took the lead at the . . . [b]oard meeting with respect to the discussion of Robbins’ contact with the [Department of Labor]” and “created an environment that was hostile to her,” which “caused the trustees to vote to place her on leave.” The court noted that the two “‘set in motion’ the decision by the Joint Board to put Robbins on leave [.]”
As for Rice’s firing, the court explained how Brain and Cook retaliated against Rice by pressuring his employer, Zenith, into firing Rice and manipulating the Zenith relationship to deter Zenith from rehiring Rice in retaliation for his involvement in efforts to make an internal complaint about Brain.
Based upon evidence introduced during a five-day trial, the District Court ruled that Brain, Cook and Cook’s law firm violated ERISA section 510 by suspending and then discharging Robbins, and causing Zenith to refuse to hire Robbins and to discharge Rice in retaliation for their participation in reporting Brian’s misconduct to the General President of the Operative Plasterers’ and Cement Masons’ International Association and because Robbins participated in a federal criminal investigation of Brain. Specifically, the District Court ruled:
Brain, Cook and Cook’s law firm wrongfully retaliated against Robbins in violation of ERISA 510 for her communications with the DOL by placing her on administrative leave; causing the work performed by the department that Robbins previously managed to be outsourced to Zenith and by causing Zenith not to hire Robbins to participate in its work;
Brain, Cook and Cook’s law firm wrongfully retaliated against Rice in violation of ERISA 510 by causing Zenith to terminate Cook;
Brain breached his fiduciary duty under ERISA 404 by retaliating against Robbins and causing her to be placed on administrative leave and that Cook knowingly participated in that breach.
The court held that Brain and Cook’s retaliatory conduct violated section 510 of ERISA, which prohibits retaliation against whistleblowers for complaining of ERISA violations or cooperating with a governmental investigation of such violations. The court also held that the couple’s retaliation against Robbins breached Brain’s fiduciary duties under ERISA section 404 to the trust funds and that Cook participated knowingly in that breach.
In reaching its decision, the court rejected attorney Cook’s argument that she was somehow immunized from her unlawful conduct because she was an attorney to the trust funds. Among other things, the court noted the “apparent conflict of interest” Cook had in representing the trust funds while being in an undisclosed “romantic relationship” with Brain, which existed as defendants carried out their retaliatory scheme. Reminding lawyers of their ethical duties in California, the court cited California Rule of Professional Conduct 3-310(B), which the court explained “requires that an attorney disclose to a client any personal relationship or interest that he or she knows, or with the exercise of reasonable diligence should know, could substantially affect her his or her professional judgment in advising the client.”
As punishing for these criminal violations of ERISA, the District Court ordered the permanent removal of Brain as a trustee. It also ordered the permanent barring of Brain, Cook and her law firm from serving the Cement Masons Southern California Trust Funds. In addition, the court ordered Cook and her law firm to repay all attorneys’ fees she billed the trust funds for the actions she took in retaliating against whistleblowers Robbins and Rice. These criminal sanctions were in addition to the $630,000 civil damage award that the Labor Department previously secured in lost wages and damages for Robbins, Rice and another worker victimized by Brain and Cook in August 2015.
In addition to its successful prosecution of Brain, Cook and Cook’s law firm on these charges, the DOL also had sought, but failed to convince the District Court based on the evidence presented at trial to find Brain, Cook, Cook’s law firm and Brain’s fellow trust fund trustee Local 600 business agent and Joint Board of Trustees member Jaime Briceno guilty of wrongful retaliation against another alleged whistleblower or Briceno of breaching his fiduciary duties under ERISA by failing to prudently investigate Robbins’ allegations against Brain; or by voting to use assets of the Trust Funds to pay the cost of the settlement of the civil action brought by Robbins. The District Court also refused to consider a newly raised charge that Brain breached his fiduciary duty by failing to collect all monies owed to the Trust Funds on the grounds that the Labor Department had failed to timely raise the charge. While the court refused to convict Briceno, Brain, Cook or Cook’s law firm on the additional charges, the Labor Department’s prosecution of these claims illustrates that along with abstaining from retaliating against ERISA whistleblowers, employee benefit plan fiduciaries also should position themselves to defend against potential breach of fiduciary duty claims based on alleged inadequacies in their investigation or response to reports or other evidence of misconduct involving the plan by prudently investigating and acting to redress allegations or other evidence of potential wrongdoing in the administration of employee benefit plans or their assets.
About The Author
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, the author of this update, attorney Cynthia Marcotte Stamer, is AV-Preeminent (the highest) rated attorney repeatedly recognized as a Martindale-Hubble as a “LEGAL LEADER™” and “Texas Top Rated Lawyer” in Health Care Law, Labor and Employment Law, and Business & Commercial Law and among the “Best Lawyers In Dallas” in ERISA, Labor and Employment and Healthcare Law by D Magazine for her nearly 30 years of experience and knowledge representing and advising employers, employee benefit plans, their sponsors, fiduciaries, service providers and vendors and others on these and other planning, business transaction and contracting, administration, compliance, risk management, audits, investigations, government and private litigation and other enforcement and other related matters.
past Chair and current committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, a former ABA Joint Committee on Employee Benefits Council Representative ,
Ms. Stamer’s legal and management consulting work throughout her nearly 30-year career has focused on helping management manage. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, she de[;pus jer her extensive legal and operational knowledge and experience to help organizations and their management use the law and process to manage people, process, compliance, operations and risk.
As a key part of this work, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce, internal controls and regulatory compliance, change management and other performance and operations management and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.
Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, expat and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
A former lead consultant to the Government of Bolivia on its Social Security reform law Ms. Stamer also is well-known for her leadership on U.S. health and pension, wage and hour, tax, workforce, tax, education, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer for many years acted as the scribe responsible for leading the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights annual agency meeting and regularly participates in the OCR and other JCEB annual agency meetings, and participates in the development and submission of comments and other input to the agencies on regulatory, enforcement and other concerns. She also works as a policy advisor and advocate to many business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer serves on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and as an editorial advisor and contributing author of many other publications. Her leadership involvements with the American Bar Association (ABA) include year’s serving many years as a Joint Committee on Employee Benefits Council representative; ABA RPTE Section current Practice Management Vice Chair and Substantive Groups & Committees Committee Member, RPTE Employee Benefits & Other Compensation Committee Past Group Chair and Diversity Award Recipient, current Defined Contribution Plans Committee Co-Chair, and past Welfare Benefit Plans Committee Chair Co-Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; International Section Life Sciences Committee Policy Vice Chair; and a speaker, contributing author, comment chair and contributor to numerous Labor, Tax, RPTE, Health Law, TIPS, International and other Section publications, programs and task forces. Other selected service involvements of note include Vice President of the North Texas Healthcare Compliance Professionals Association; past EO Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a former Southwest Benefits Association Board of Directors member, Continuing Education Chair and Treasurer; former Texas Association of Business BACPAC Committee Member, Executive Committee member, Regional Chair and Dallas Chapter Chair; former Society of Human Resources Region 4 Chair and Consultants Forum Board Member and Dallas HR Public Policy Committee Chair; former National Board Member and Dallas Chapter President of Web Network of Benefit Professionals; former Dallas Business League President and others. For additional information about Ms. Stamer, see CynthiaStamer.com or contact Ms. Stamer via email here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
If you found these updates of interest, you may be interested in other recent Solutions Law Press, Inc. updates like the following:
Go hereto register to receive other Solutions Law Press, Inc. updates and announcements about other upcoming briefings, training or other programs, products, services, and activities or to learn more about Solutions Law Press, Inc., its publications, programs and training, PROJECT COPE: Coalition on Patient Empowerment community service and education projects, event management and other resources and services.
For important information concerning this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Health Plans, Sponsors & Business Associates Should Verify Plan’s HIPAA Compliance
Employers and other health plan sponsors and the health plan fiduciaries and business associates providing services involving dealings on behalf of the plan with protected health information just received another reminder to confirm and be prepared to prove all required business associate agreements are in place and that the health plans otherwise properly are administering all policies, practices, safeguards and procedures for handling, using and disclosing electronic and other protected health information from the April 20, 2016 Department of Health & Human Services Office of Civil Rights (OCR) announcement of its latest resolution agreement settling Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule charges OCR made against a HIPAA-covered entity for violating HIPAA’s business associate agreement rules.
OCR Charges Brought For Business Associate Agreement Violations
HIPAA’s Privacy Rules generally apply to “covered entities,” which under HIPAA are health plans and insurers, health care providers, health care clearinghouses (Covered Entities) and “business associates,” which are individuals or entities that perform services that aid the Covered Entity to perform its duties as a Covered Entity.
The Resolution Agreement and Corrective Action Plan (Resolution Agreement) with Raleigh Orthopaedic Clinic, P.A. of North Carolina (Raleigh Orthopaedic) announced by OCR on April 20th requires Raleigh Orthopaedic to pay $750,000 to settle charges OCR it violated the Privacy Rule by handing over protected health information of approximately 17,300 patients to a potential business partner without first executing a business associate agreement.
Raleigh Orthopaedic is a provider group practice that operates clinics and a surgery center in the Raleigh, North Carolina area. OCR initiated its investigation of Raleigh Orthopaedic after receiving a breach report on April 30, 2013. OCR’s investigation indicated that Raleigh Orthopaedic violated the Privacy Rules by releasing the x-ray films and related protected health information of 17,300 patients to an entity that promised to transfer the images to electronic media in exchange for harvesting the silver from the x-ray films. Raleigh Orthopaedic failed to execute a business associate agreement with this entity before turning over the x-rays and PHI.
OCR says this sharing of the x-ray files and other protected health information by Raleigh Orthopaedic violated the Privacy Rules.
Specifically, the Privacy Rules prohibit Covered Entities and their business associates from using, accessing and disclosing protected health information except as specifically permitted in the Privacy Rules. As part of these rules, the “Business Associate” requirements of the Privacy Rule prohibit Covered Entities from disclosing or allowing business associates to use, and business associates from receiving or using protected health information unless the parties first enter into a written business associate agreement that complies with the requirements of the Privacy Rules.
The Resolution Agreement settles OCR charges that Raleigh Orthopaedic violated this Business Associate Agreement requirement by sharing the x-rays and other protected health information with the service provider without first entering a business associate agreement. Under the Settlement Agreement, Raleigh Orthopaedic must pay a $750,000 payment, as well as revise its policies and procedures to: establish a process for assessing whether entities are business associates; designate a responsible individual to ensure business associate agreements are in place prior to disclosing PHI to a business associate; create a standard template business associate agreement; establish a standard process for maintaining documentation of a business associate agreements for at least six (6) years beyond the date of termination of a business associate relationship; and limit disclosures of PHI to any business associate to the minimum necessary to accomplish the purpose for which the Covered Entity hires the business associate.
Although the Resolution Agreement only addresses charges OCR brought against the Covered Entity, Raleigh Orthopaedic, business associates need to keep in mind that both Covered Entities and business associates now are responsible for ensuring compliance with the business associate agreement requirements of the Privacy Rules since the Stimulus Bill amended HIPAA to make most provisions of the Privacy Rule directly applicable to business associates as well as Covered Entities.
Take Aways For Covered Entities & Their Business Associates
OCR’s announcement of the Resolution Agreement includes a strong message for other Covered Entities and business associates of the importance of taking seriously their responsibility under the Privacy Rule to ensure that the business associate agreement requirements of the Privacy Rule are met before business associates are allowed to receive, access or use protected health information. The announcement quotes Jocelyn Samuels, Director of the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) as stating. “It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected.” and “HIPAA’s obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise.”
In light of the Business Associate Rule and Director Samuels’ comments, Covered Entities and business associates alike should review the adequacy of their documentation, policies and practices regarding dealings with service providers who are or could collect, receive or use electronic or other protected health information to propose or perform services in the capacity as a business associate. Certainly both Covered Entities and business associates to ensure that they possess and are able to produce if needed signed business associate agreements for each current business associate agreement as well as that appropriate policies, practices and procedures are in place to ensure that all required business associate agreements are implemented before any disclosure or use of protected health information to the business associate in the future. As part of these activities, both Covered Entities and business associates also should ensure their policies and practices appropriately provide for the retention of signed copies of all business associate agreements and other records, and the implementation of all other processes and procedures required to position the entity to be able to demonstrate it not only had policies requiring compliance, but appropriately implemented and administered those policies in accordance with the Privacy Rule.
When conducting this review, Covered Entities and business associates also generally should consider the advisability of also reviewing their business associate agreements and the adequacy of these arrangements in light of any other contractual confidentiality and or contractual rights and commitments, regulatory requirements and other operational and risk management concerns that impact or interrelate with the relationship between the business associate and the Covered Entity. It is important to ensure that appropriate steps are taken to evaluate and properly integrate the confidentiality and other commitments that the Privacy Rules mandate a business associate agreement include with audit, performance assessment, and other data access or disclosure, trade secrets, confidentiality, performance standards and guarantees, indemnity and other contractual obligations of other agreements that could impact or be impacted by the business associate agreements. Steps also should be taken to incorporate appropriate processes and procedures for ensuring that the Covered Entity and members of its workforce understand and consistently administer and document their use of appropriate processes to ensure that the business associate agreement and other requirements of the Privacy Rules are fulfilled. In the case of employer sponsored plans subject to the Employee Retirement Income Security Act of 1974, for instance, the selection and proper oversight of business associates and the management of plan data both are subject to the fiduciary responsibility rules of ERISA. Meanwhile, insurers, business associates and other plan vendors also generally should anticipate that beyond HIPAA, they also may be subject to data security, privacy and other mandates and exposures under state HIPAA-like rules for protected health information, as well as other obligations under insurance, data security, identity theft, breach, privacy and other state laws.
The process of evaluating the adequacy of current arrangement and considering the advisability of changes to tighten existing practices in many cases will result in the discovery and discussion of potentially sensitive information about the adequacy of current or past compliance with the Privacy Rules or other matters. For example, it is possible that in the course of review, parties may be unable to locate a signed business associate agreement governing a relationship that the Privacy Rules require be subject to a business associate agreement or in the course of review, information indicating breaches of protected health information or other Privacy Rule violations may have occurred. For this reason, most Covered Entities and their business associates will want to consider arranging for this review and analysis to be conducted within the scope of attorney-client privilege by or under the direction of qualified legal counsel with HIPAA experience that has entered into a business associate agreement with the Covered Entity or business associate.
About The Author
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Cynthia Marcotte Stamer is a noted Texas-based management lawyer and consultant, author, lecturer and policy advocate, recognized as among the “Top Rated Labor & Employment Lawyers in Texas” by LexisNexis® Martindale-Hubbell® and as among the “Best Lawyers In Dallas” for her work in the field of “Tax: Erisa & Employee Benefits” and “Health Care” by D Magazine who works, writes and speaks extensively about HIPAA and other data privacy and security concerns.
Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer helps management manage. Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well-known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.
A Fellow in the American College of Employee Benefit Counsel, Ms. Stamer uses her deep and highly specialized knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
Throughout her career, Ms. Stamer has advised these and other clients about health care, health plan, financial information, trade secret, privacy and other related compliance, data breach response and remediation and related compliance, risk management and related concerns. In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others.
Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns. She will share updates on HIPAA and other health care and data security concerns when returns to speak and chair at the 4th Annual Healthcare Privacy and Security Forum scheduled on May 20, 2016 in Los Angeles.
Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by email here or by telephone at (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.
Employer and other employee benefit plan sponsors, benefit plan committees and fiduciaries, and the broker-dealers, financial advisors, insurance agents and other plan service providers that provide investment-related platforms, advice, recommendations or other services for employee benefit plans need to reevaluate the fiduciary status of their service providers and begin restructuring as necessary their associated relationships, service provider commission or other compensation, service agreements and arrangements or other services in response to a new Regulatory Guidance Package (Rule) that explicitly classifies parties providing “covered investment advice” as fiduciaries subject to the conflict of interest and other fiduciary responsibility rules of the Employee Retirement Income Security Act (ERISA).
Supplementing existing precedent and EBSA’s already existing broad, functional definition of “fiduciary,” the Rule clarifies when individuals and entities that provide “covered investment advice” to plans, plan sponsors, fiduciaries, plan participants, beneficiaries and Individual Retirement Accounts (IRAs) and IRA owners are:
Fiduciaries of the Plan or IRA for purposes of Title I of ERISA;
Required to acknowledge their status and the status of their individual advisers as “fiduciaries” of the plan for purposes of ERISA;
Accountable as fiduciaries for making prudent investment recommendations without regard to their own interests, or the interests of those other than the plan or plan participant or beneficiary that is the customer;
Restricted to charging only “reasonable compensation” for their advice or service;
Prohibited from making misrepresentations to their customers regarding recommended investments; and
Prohibited from providing advice or making payments that involve any conflicts of interest prohibited by ERISA unless the arrangements fully complies with a prohibited transaction exemption issued by EBSA under ERISA Section 408 that otherwise complies with ERISA Section 404.
Concurrent with its adoption of final regulations implementing these new rules concerning investment advisors and their fiduciary responsibilities, the Rule also adopts certain new Prohibited Transaction Exemptions that define requirements that providers of covered investment advice and the plan fiduciaries that engage them generally will be required after April 7, 2017 to ensure are met for investment advisors to receive commission-based compensation for their services, to sell or purchase certain recommended debt securities and other investments out of their own inventories to or from plans and IRAs, or to receive compensation for recommending fixed rate annuity contracts to plans and IRAs.
Investment Advice Covered By The Rule
The final rule applies to “covered investment advice.” For purposes of the rule, “covered investment advice” generally includes:
A recommendation to a plan, plan fiduciary, plan participant and beneficiary and IRA owner for a fee or other compensation, direct or indirect, as to the advisability of buying, holding, selling or exchanging securities or other investment property, including recommendations as to the investment of securities or other property after the securities or other property are rolled over or distributed from a plan or IRA;
A recommendation as to the management of securities or other investment property, including, among other things, recommendations on investment policies or strategies, portfolio composition, selection of other persons to provide investment advice or investment management services, selection of investment account arrangements (e.g., brokerage versus advisory); or recommendations with respect to rollovers, transfers, or distributions from a plan or IRA, including whether, in what amount, in what form, and to what destination such a rollover, transfer, or distribution should be made.
Under the Rule, the fundamental threshold element in establishing the existence of fiduciary investment advice is whether a “recommendation” occurred. The Department has taken an approach to defining “recommendation” that is consistent with and based upon the approach taken by the Financial Industry Regulatory Authority (FINRA), the independent regulatory authority of the broker-dealer industry, subject to the oversight of the Securities and Exchange Commission (SEC).
The Rule specifies that a “recommendation” is a communication that, based on its content, context, and presentation, would reasonably be viewed as a suggestion that the advice recipient engage in or refrain from taking a particular course of action. Under the Rule, the more individually tailored the communication is to a specific advice recipient or recipients, the more likely the communication will be viewed as a recommendation.
The types of relationships that must exist for such recommendations to give rise to fiduciary investment advice responsibilities include recommendations made either directly or indirectly (e.g. through or together with any affiliate) by a person who:
Represents or acknowledges that they are acting as a fiduciary within the meaning of ERISA or the Internal Revenue Code (Code);
Renders advice pursuant to a written or verbal agreement, arrangement or understanding that the advice is based on the particular investment needs of the advice recipient; or
Directs the advice to a specific recipient or recipients regarding the advisability of a particular investment or management decision with respect to securities or other investment property of the plan or IRA.
Also, the Rule only applies where a recommendation is provided directly or indirectly in exchange for a “fee or other compensation.” “Fee or other compensation, direct or indirect” means any explicit fee or compensation for the advice received by the person (or by an affiliate) from any source, and any other fee or compensation received from any source in connection with or as a result of the recommended purchase or sale of a security or the provision of investment advice services including, though not limited to, such things as commissions, loads, finder’s fees, and revenue sharing payments. A fee or compensation is paid “in connection with or as a result of” such transaction or service if the fee or compensation would not have been paid but for the transaction or service or if eligibility for or the amount of the fee or compensation is based in whole or in part on the transaction or service.
Investment Advice Not Covered By Rule
While the Rule reaches broadly, not all communications with financial advisers are covered fiduciary investment advice under the Rule. As a threshold issue, if the communications do not meet the definition of “recommendations” as described above, the communications will be considered non-fiduciary. In response to requests from commenters, and for clarification, the final rule includes some specific examples of communications that would not rise to the level of a recommendation and therefore would not constitute a fiduciary investment advice communication under the Rule.
When evaluating the applicability and effect of these exemptions, however, it is important to keep in mind that by adding the new Rule, EBSA seeks to make clear that individuals or organizations that engage in activities described in the Rule as covered investment advice are fiduciaries subject to these requirements. Since the Rule does not revoke existing EBSA fiduciary guidance or judicial precedent, service providers and other parties with discretionary authority or responsibility over employee benefit plans not covered by the Rule still could qualify as fiduciaries if their authority, responsibility or actions functionally causes them to fall within the definition of a fiduciary under these other pre-existing definitions of fiduciary status. Subject to this cautionary proviso, the following are some of the activities that the Rule identifies as activities that might fall outside the Rule’s covered investment activities in the manner required by the Rule:
“Education” as defined and provided in accordance with the Rule;
“General communications that a reasonable person would not view as an investment recommendation;”
Simply making available a platform of investment alternatives without regard to the individualized needs of the plan, its participants, or beneficiaries if a plan fiduciary independent of the platform service provider actually decides what investment options are offered and the platform service provider also represents in writing to the plan fiduciary that they are not undertaking to provide impartial investment advice or to give advice in a fiduciary capacity; and
Transactions with independent plan fiduciaries where the adviser knows or reasonably believes that the independent fiduciary is a licensed and regulated provider of financial services (banks, insurance companies, registered investment advisers, broker-dealers) or those that have responsibility for the management of $50 million in assets, and other conditions set forth in the Rule are met;
Communications and activities made by advisers to ERISA-covered employee benefit plans in swap or security-based swap transactions when the swap transaction meets certain conditions set forth in the Rule, which EBSA designed in coordination with the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) to avoid conflicts between the Rule and the swap and security-based swap rules promulgated by those agencies under the Dodd–Frank Wall Street Reform and Consumer Protection Act; and
Activities and communications of employees working in the payroll, accounting, human resources, and financial departments of the plan sponsor or its affiliated business who routinely develop reports and recommendations for the company and other named fiduciaries of the sponsors’ plans if the employees receive no fee or other compensation in connection with any such recommendations beyond their normal compensation for work performed for their employer.
New Prohibited Transaction Exemptions Published With Rule
Concurrent with its publication of the Rule, EBSA also is adopting the following new “Prohibited Transaction Exemptions to the otherwise applicable statutory list of prohibited conflict of interest transactions in ERISA Section 406 and the companion rules of the Internal Revenue Code (Code) applicable to qualified retirement plans.
Noncompliance with the Rule, including where necessary to avoid violating ERISA Section 406’s prohibited transaction prohibitions, by parties providing covered investment advice or the engagement or retention of such a service provider by an employer or other party exercising or with responsibility or authority to make that engagement carriers big legal risk. Advisers and financial institutions that don’t meet the BICE standards and other requirements of the Rule expose themselves to liability from breach of fiduciary duty claims under ERISA brought by ERISA plans, participants, and beneficiaries or in the case of IRAs or other non-ERISA plans, state law breach of contract or other state law claims brought by IRAs and other non-ERISA plans or accountholders. Likewise an employer, member of its management or other party responsible for or having authority to choose the service provider risks breaching its own fiduciary duties under ERISA by engaging a party that renders covered investment advice without complying with the Rule. In addition, to the extent that the engagement or activities of the service provider involves commission compensation payments, swaps or other activities that would constitute a prohibited conflict of interest under ERISA Section 406 not structured and conducted with an applicable prohibited transaction exemption, both the service provider and the fiduciary could bear personal liability for involving the plan or its assets in a prohibited transaction in violation of ERISA Section 406. For this reason, to help positions themselves to mitigate or defend against liability for such potential claims, advisors generally should take steps to ensure that the advisor can prove the advisor acted in their clients’ best interest by documenting their use of a reasonable process and adherence to professional standards in deciding to make the recommendation and determining it was in the customer’s best interest, and by documenting their compliance with the financial institution’s policies and procedures required by the Best Interest Contract Exemption.
“Best Interest Contract Exemption” (BICE)
ERISA and the Internal Revenue Code rules for qualified retirement plans generally prohibit individuals or entities providing fiduciary investment advice to plan sponsors, plan participants, and IRA owners to receive payments creating any of the listed statutory conflicts of interest listed in ERISA or the Code without a prohibited transaction exemption (PTE), employee benefit plan sponsors, benefit plan committees and other fiduciaries, and the broker-dealers, financial advisors, insurance agents and other plan service providers providing covered investment services to employee benefit plans also need to ensure that their compensation is structured to ensure that the compensation and other arrangements do not violate these prohibited transaction and conflict of interest prohibitions of the Code and ERISA, ERISA’s reasonable compensation rules, or the other requirements of ERISA.
Concerning ERISA Section 406’s party-in-interest and other conflict of interest requirements, EBSA issued in conjunction with its publication of the Rule a new “Best Interest Contract Exemption” (BICE), which provides a prohibited transaction exception that permits the payment of commission-based compensation to fiduciary investment advisors as long as the conditions specified in the BICE are met. Among other things, the BICE requires as a condition of the applicability of this exception that:
The financial institution to acknowledge in writing fiduciary status for itself and its advisers;
The financial institution and advisers to adhere to ERISA’s basic standards of impartial conduct, including giving prudent advice that is in the customer’s best interest, avoiding making misleading statements, and receiving no more than reasonable compensation;
The financial institution to have policies and procedures designed to mitigate harmful impacts of conflicts of interest; and
The financial institution to disclose specified information about their conflicts of interest and the cost of their advice.
The specified disclosures required to meet the conditions of the BICE include:
Descriptions of material conflicts of interest;
Descriptions of fees or charges paid by the retirement investor
A statement of the types of compensation the firm expects to receive from third parties in connection with recommended investments;
Notification that investors have the right to obtain specific disclosure of costs, fees, and other compensation upon request; and
A requirement that a website must be maintained and updated regularly that includes information about the financial institution’s business model and associated material conflicts of interest, a written description of the financial institution’s policies and procedures that mitigate conflicts of interest, and disclosure of compensation and incentive arrangements with advisers, among other information. However, the BICE currently does not require that the website include individualized information about a particular adviser’s compensation.
Noncompliance with the Rule by parties providing covered investment advice or the engagement or retention of such a service provider by an employer or other party exercising or with responsibility or authority to make that engagement carriers big legal risk. Advisers and financial institutions that don’t meet the BICE standards and other requirements of the Rule expose themselves to liability from breach of fiduciary duty claims under ERISA brought by ERISA plans, participants, and beneficiaries or in the case of IRAs or other non-ERISA plans, state law breach of contract or other state law claims brought by IRAs and other non-ERISA plans or accountholders. Likewise an employer, member of its management or other party responsible for or having authority to choose the service provider risks breaching its own fiduciary duties under ERISA by engaging a party that renders covered investment advice without complying with the Rule. In addition, to the extent that the engagement or activities of the service provider involves commission compensation payments, swaps or other activities that would constitute a prohibited conflict of interest under ERISA Section 406 not structured and conducted with an applicable prohibited transaction exemption, both the service provider and the fiduciary could bear personal liability for involving the plan or its assets in a prohibited transaction in violation of ERISA Section 406. For this reason, to help positions themselves to mitigate or defend against liability for such potential claims, advisors generally should take steps to ensure that the advisor can prove the advisor acted in their clients’ best interest by documenting their use of a reasonable process and adherence to professional standards in deciding to make the recommendation and determining it was in the customer’s best interest, and by documenting their compliance with the financial institution’s policies and procedures required by the Best Interest Contract Exemption.
Principle Transactions Exemption
The “Principal Transactions Exemption” published in connection with the Rule provides an exemption from the prohibitions of ERISA Section 406 to allow investment advice fiduciaries to sell or purchase certain recommended debt securities and other investments out of their own inventories to or from plans and IRAs where the requirements of the Exemption are met. As with the Best Interest Contract Exemption, the Principle Transaction Exemption requires, among other things, that investment advice fiduciaries adhere to certain impartial conduct standards, including obligations to act in the customer’s best interest, avoid misleading statements, and seek to obtain the best execution reasonably available under the circumstances for the transaction.
Existing PTE For Fixed Rate Annuity Contracts
In connection with its adoption of the Rule, EBSA also is amending existing exemption, PTE 84-24, which provides relief for insurance agents and brokers, and insurance companies, to receive compensation for recommending fixed rate annuity contracts to plans and IRAs. As amended in connection with the Rule, the requirements of PTE 84-24 are modified to provide increased safeguards for retirement investors while still providing “more streamlined conditions” than those required to meet the Best Interest Contract Exemption. Consistent with its enthusiasm for encouraging the offering and adoption of life time income products to retirees over the past several years, EBSA says these more streamlined conditions of PTE 84-24 are appropriate to “facilitate access by plans and IRAs to these relatively simple lifetime income products.” More complex products, such as variable annuities and indexed annuities, will be able to be recommended by advisers and financial institutions under the terms of the Best Interest Contract Exemption.
Other PTE Exemptions Modified To Raise Requirements
The Department is amending other existing exemptions, as well, to ensure that plan and IRA investors receiving investment advice are consistently protected by impartial conduct standards, regardless of the particular exemption upon which the adviser and the fiduciary engaging that advisor intend to rely upon to avoid violating of ERISA 406.
While the compliance deadline for the new Rule is not until April 8, 2017, the relief from ERISA Section 406 offered by the new Exemptions announced in connection with the Rule’s publication generally became available when EBSA published them in connection with the Rule on April 8, 2016. As this relief could provide helpful protection against fiduciary challenges or exposures that some service providers might already face under already existing fiduciary precedent or guidance, many service providers involved in dealings with plan or IRA investments may wish to take steps to position themselves to claim protection under one of these new PTE Exemptions even before the Rule takes effect. When evaluating this option, some service providers should be aware of the availability of transitional relief that may make it easier for some service providers to claim relief under the new BICE or Principal Transactions Exemption between April 8, 2017 and January 1, 2018 (Transition Period). In addition, parties that contemplate wishing to take advantage of the relief offered by the new BICE or Principal Transactions Exemption may benefit from taking advantage of reduced requirements for meeting these conditions during the phase in Transition Period. During this Transition Period, EBSA still will require firms and advisers to adhere to the Exemptions’ impartial conduct standards, provide a notice to retirement investors that, among other things, acknowledges their fiduciary status and describes their material conflicts of interest, and to designate a person responsible for addressing material conflicts of interest and monitoring advisers’ adherence to the impartial conduct standards; however compliance with certain other requirements is waived until January 1, 2018. Of course, full compliance with all requirements of the applicable Exemptions will be required as of January 1, 2018.
Rule Requires Action By Plan Sponsors, Fiduciaries & Service Providers
The new Rule creates lots of new work both for advisors and other service providers in, as well as plan sponsors, plan administrative committees or other fiduciaries responsible for selection, retention and oversight of those providing these services. All such parties have much to do to fulfill their ERISA responsibilities by the April 8, 2017 deadline for compliance with the new Rule and to deal with other likely fallout from the new Rule.
Fallout for Covered Investment Advisors & Other Service Providers
Clearly, advisors, financial institutions and other service providers providing covered investment advice and others with involvement with investments or investment platforms have much work to do to prepare for the new rule. However, compliance with the Rule is not merely a service provider problem. Employer or other plan sponsors, plan fiduciaries or other responsible for the credentialing, selection, retention, and oversight of service providers dealing with investments also need to ensure that the party or parties responsible for these vendor dealings fulfills its own fiduciary responsibilities in dealing with vendors and service providers that may be impacted by these requirements.
Advisers and financial institutions that don’t meet the requirements of the new Rule expose themselves to liability from breach of fiduciary duty claims under ERISA brought by ERISA plans, participants, and beneficiaries or in the case of IRAs or other non-ERISA plans, state law breach of contract or other state law claims brought by IRAs and other non-ERISA plans or accountholders. Obviously, advisors, financial institutions and other service providers providing advice or having dealings or involvement with IRA or employee benefit plan investments, their selection or administration will want to review and update their relationships and their associated compensation, contracts, disclosures and other arrangements and processes in light of the new Rule. Clearly, those that could be considered to offer or provide covered investment advice need to start revising contracts, compensation, policies, practices and other arrangements in anticipation of the Rule. At the same time, the Rule also is likely to create work for certain service providers with involvement or dealings with investments that the service provider considers to fall outside of the Rule:
To respond to changes in client requests for proposals, contracts or other due diligence in response to the Rule;
To respond to changes in response to the Rule by covered investment advisors to reconfigure services, relationships and contracts in response to the Rule;
To clarify and institutionalize and document communications by the uncovered service provider to clients and others of limits on the service provider’s services and capacity that are necessary or helpful to avoid or limit exposure of the service provider to coverage by or claims of liability arising out of the Rule; and/or
Otherwise.
Fallout For Plan Sponsors & Plan Fiduciaries Selecting & Overseeing Service Providers
Employer or other plan sponsors, plan fiduciaries or other responsible for the credentialing, selection, retention, and oversight of service providers dealing with investments also need to anticipate and be prepared to deal the effects of adoption of the Rule on their responsibilities and risks as they relate to the selection, retention, contracting, compensation and other dealings with service providers impacted by the Rule.
The Rule’s explicit designation as fiduciaries of certain service providers that previously may have been characterized as providing services as non-fiduciaries, much less its tightening of requirements for the investment advisors that are covered fiduciaries, creates a host of new responsibilities and considerations for employers sponsoring plans and its members of management that select, retain, contract with and oversee these service providers.
Under ERISA, parties designated in writing or function exercising discretionary authority or responsibility for the selection, retention, compensation and oversight of fiduciary or other service providers generally are considered fiduciaries for purposes of carrying out these responsibilities and bear personal liability for prudently selecting, retaining and monitoring the service provider in accordance with ERISA.
To fulfill this fiduciary obligation, those involved in selecting and retaining investment advisors covered by the rules should expect to bear responsibility for ensuring that the covered investment advisor is engaged in compliance with the Rule and the otherwise applicable requirements of ERISA, including that the engagement and compensation of the selected investment advisor will not involve the plan or its assets in a prohibited conflict of interest listed in ERISA Section 406. Furthermore, failing to ensure that the engagement of an investment advisor does not violate these conflict of interest rules also exposes a sponsoring employer of a qualified plan to excise tax liability under the Code’s companion party-in-interest rules applicable to such plans.
Accordingly, whether the employer itself retains and directly exercises the discretionary authority to select and retain a service provider or appoints a committee or member of its staff to perform these responsibilities as a designated fiduciary, an accurate understanding of which service providers, taking into account the rule, now will be considered fiduciaries and the requirements of the Rule flowing from this status is essential to understand and make appropriate provisions to ensure that proper steps are taken to ensure that the Rule and ERISA’s other requirements for prudent credentialing, bonding, contracting, compensation, and other dealings with the service provider and to budget for the proper conduct of the activities needed to fulfill these obligations.
In light of these and other exposures and obligations, employer and other plan sponsors, plan fiduciaries and plan service providers alike all should start preparing to respond to the new Rule.
To help positions themselves to mitigate or defend against liability for such potential claims, each party generally will want to take prudent and well-documented steps to evaluate the fiduciary status of each applicable service provider, as well as its own fiduciary status, capacity, responsibility and other exposures in light of the new Rule. Since ERISA fiduciary status attaches functionally based on the functional facts and circumstances, sponsoring employers, as well as service providers generally will want to consider taking appropriate steps to document this analysis and other compliance and risk management efforts to avoid violations of the Rule, as well as to position themselves to defend against other claims and liabilities.
In all cases, each impacted party should make an effort to apply and retain evidence documenting its efforts including, in the case of all service providers, whether or not covered investment advisors under the Rule, their efforts to act in their clients’ best interest by documenting their use of a reasonable process and adherence to professional standards in deciding to make the recommendation and determining it was in the customer’s best interest, and by documenting their compliance with the financial institution’s policies and procedures and applicable requirements of the law.
About The Author
Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Group Chair, past Welfare Benefit Committee Chair, and Current Defined Contribution Plan Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, a past ABA Joint Committee on Employee Benefits Council Representative Cynthia Marcotte Stamer is a practicing attorney, regulatory and public policy advocate, author, lecturer and industry and public policy thought leader recognized as a “Top” attorney in employee benefits, labor and employment and health care law for her more than 28 years’ of leading edge experience nationally and internationally providing practical and effective advice and representation to management.
Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management understand and use the law and process to manage people, performance, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative and pragmatic problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.
As a key part of this work, Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements.
She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. In these and other engagements, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. In the course of this work, Ms. Stamer has accumulated an impressive resume of more than 28 years’ of experience advising and representing clients on Title I and other ERISA fiduciary responsibility concerns including assisting and advising plan sponsors, plan fiduciary and plan service providers to design and administer fiduciary and other compliance and risk management policies and practices, conducting investigations of potential fiduciary or other breaches, and serving as special counsel, advising and representing these and other clients in connection with EBSA, IRS, SEC and other governmental audits, investigations and enforcement actions; in private disputes and litigation regarding plan investments or other fiduciary concerns between plan participant and beneficiaries, plans, plan fiduciaries, plan sponsors and plan service providers; or both.
Ms. Stamer also is deeply involved in helping to influence health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. Deeply involved in both U.S. statutory and regulatory pension and health care reform throughout her career, Ms. Stamer both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas. She also works as a policy advisor and advocate to health plans, their sponsors, administrators, insurers and many other business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see www.cynthiastamer.com, or http://www.stamerchadwicksoefje.com the member of contact Ms. Stamer via email here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc. ™ resources at www.solutionslawpress.com such as:
Group health plans and group and individual health insurers (Health Plans) must add updating their 2017 Summary of Benefits and Coverage (SBC) forms to their 2017 to do list in response to the publication by the Departments of Health and Human Services (HHS), Labor (DOL) and Treasury (collectively “Agencies) of enhanced content requirements for the 2017 Summary of Benefits and Coverage (SBC) template and Uniform Glossary that the Patient Protection & Affordable Care Act (ACA) requires Health Plans to provide to Health Plan members. Health Plans must begin using SBCs updated to comply with the 2017 SBC template released by the Agencies on April 6, 2016 beginning on the first day of the first open enrollment period that begins on or after April 1, 2017.
The ACA requires Health Plans to provide covered persons a brief (4 page) summary of what the plan covers and the plan’s cost sharing along with a comprehensive uniform glossary of commonly used health coverage and medical terms with the detailed content and format dictated by the Agencies SBC regulations. Intended to help covered persons understand and compare coverage options by providing standardized information in a standardized format about each plan, the SBC and Glossary must include all required content in the type and format dictated by the SBC regulations. In addition to ensuring that their SBC and Glossary meet these requirements, Health Plans also may need to prepare and offer translations of the SBC and Glossary to comply with the ACA’s “culturally and linguistically appropriate” requirements.
The current and 2017 SBC Template along with instructions for its preparation and completion, model translation documents for certain forms, and other information about the SBC requirements are available here.
Currently, the dictated SBC format includes coverage examples that demonstrate the cost sharing amounts an individual might be responsible for in three common medical situations. In addition to the current coverage examples that address diabetes care and childbirth, the updated template for 2017 also will require a new coverage example that addresses coverage for a foot fracture so that a consumer understands what a plan covers in an emergency scenario.
Beyond dictating the emergency example, the 2017 templates also expand the information about cost sharing that SBCs much contain to include enhanced language to explain deductibles and a requirement that plans address individual and overall out-of-pocket limits in the SBC.
While the Agencies regulations dictate the required content, health insurers and employers or others serving as health plan administrators or sponsors need to use care to ensure that SBCs are prepared appropriately and provided when and how required. Failure to timely deliver the SBC not only can trigger penalties under ERISA against the plan administrator and/or against the insurer under the ACA market reform rules, noncompliance with the SBC requirements also is among the listed ACA compliance defects that can expose the sponsoring employer to excise tax penalties under the Internal Revenue Code.
In order to fulfill this and other important ACA and other federal health plan notice and reporting mandates, employer and other plan sponsors, administrators and fiduciaries generally must finalize their health plan design well in advance of the date the new health plan design is intended to take effect. The Agencies SBC regulations generally require that the SBC be provided before the first day of the enrollment period and that updated SBCs be provided whenever any material change in benefits or coverage is enacted after the delivery of the original SPB. The requirement to prepare and deliver the SBC is in addition to the current federal mandate that plan administrators provide written notice of material changes to a health plan at least 60 days before the effective date of the material change and a host of other health plan notice requirements imposed by federal law. Employers, insurers, third party administrators and health plan fiduciaries need to understand and make appropriate arrangements to ensure that these SBC and other notice and reporting requirements are timely and appropriately completed.
About The Author
A practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., Ms. Stamer’s more than 28 years’ of leading edge work as an practicing attorney, author, lecturer and industry and policy thought leader have resulted in her recognition as a “Top” attorney in employee benefits, labor and employment and health care law.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Cynthia Marcotte Stamer is a noted Texas-based management lawyer and consultant, author, lecturer and policy advocate, recognized as among the “Top Rated Labor & Employment Lawyers in Texas” by LexisNexis® Martindale-Hubbell® and as among the “Best Lawyers In Dallas” for her work in the field of “Tax: Erisa & Employee Benefits” and “Health Care” by D Magazine.
Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer helps management manage. Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well-known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.
A Fellow in the American College of Employee Benefit Counsel, Ms. Stamer uses her deep and highly specialized knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions. In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others. Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation, Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Beyond these involvements, Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see here or contact Ms. Stamer directly by email here or by telephone at (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.
Employer and union sponsored health plans, their sponsors, fiduciaries, and business associates should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) follow OCR’s 2016 audit program on the heels of its announcement last week of two large HIPAA settlements last week.
OCR confirmed today it is sending emails notifying health plans, healthcare providers, healthcare clearing houses (Covered Entities) and their business associates identified as part of the kickoff of its next phase of audits of Covered Entities. In light of the HIPAA verification rules and the notorious spread of opportunistic identity theft and other fraud by opportunistic Cybercriminals following these types of announcements, Covered Entities and business associates should carefully verify the requests validity and manage the response to avoid violating HIPAA in responding and position for defensibility against potential penalties.
Even if health plans or other Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.
To catch up on this latest guidance, Solutions Law Press, Inc. ™ invites you to register to participate in a special WebEx briefing on “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” on Wednesday, March 30, 2016 beginning at Noon Central Time on Wednesday, March 30, 2016.
2016 Audit Program
In its 2016 Phase 2 HIPAA Audit Program, OCR will review the policies and procedures adopted and employed by Covered Entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. OCR says it will primarily conduct these audits as desk audits, although some on-site audits will be conducted.
According to today’s announcement, the 2016 audit process begins with verification of an entity’s address and contact information. OCR is sending emails to Covered Entities and business associates requesting that contact information be provided to OCR on time. OCR will then send a pre-audit questionnaire to gather data about the size, type, and operations of potential audit targets. OCR says this data will be used with other information to create potential audit subject pools. Recipients should contact qualified legal counsel immediately for advice and assistance about proper procedures to verify the email is in fact from OCR and for assistance in responding.
If an entity does not respond to OCR’s request to verify its contact information or pre-audit questionnaire, OCR will use publicly available information about the entity to create its audit subject pool. Therefore an entity that does not respond to OCR may still be selected for an audit or subject to a compliance review. Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity’s spam filtering and virus protection are automatically enabled, OCR expects entities to check their junk or spam email folder for emails from OCR.
The announcement also reflects that OCR is still developing other aspects of the audit program. OCR will post updated audit protocols on its website closer to conducting the 2016 audits. The audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used as a tool by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities.
OCR says its audits will enhance industry awareness of compliance obligations and enable OCR to better target technical assistance regarding problems identified through the audits. Through the information gleaned from the audits, OCR will develop tools and guidance to aid the industry in compliance self-evaluation and in preventing breaches. OCR plans to use results and procedures used in the phase 2 audits to develop its permanent HIPAA audit program.
OCR Settlements Show Enforcement Risk
The audit program announcement comes less than a week after OCR announced millions of dollars of new penalties under settlements with two Covered Entities:
A $1,555,000 settlement with North Memorial Health Care of Minnesota;
A $3.9 million settlement with Feinstein Institute for Medical Research.
The two settlements drive home again the substantial liability that health care providers, health plans, health care clearinghouses and their business associates risk for violating HIPAA.
Feinstein Settlement
Feinstein is a biomedical research institute organized as a New York not-for-profit corporation sponsored by Northwell Health, Inc., formerly known as North Shore Long Island Jewish Health System, a large health system headquartered in Manhasset, New York comprised of 21 hospitals and over 450 patient facilities and physician practices.
OCR’s investigation began after Feinstein filed a breach report indicating that on September 2, 2012, a laptop computer containing the electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI stored in the laptop included the names of research participants, dates of birth, addresses, social security numbers, diagnoses, laboratory results, medications, and medical information about potential participation in a research study.
OCR’s investigation discovered that Feinstein’s security management process was limited in scope, incomplete, and insufficient to address potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the entity. Further, Feinstein lacked policies and procedures for authorizing access to ePHI by its workforce members, failed to implement safeguards to restrict access to unauthorized users, and lacked policies and procedures to govern the receipt and removal of laptops that contained ePHI into and out of its facilities. For electronic equipment procured outside of Feinstein’s standard acquisition process, Feinstein failed to implement proper mechanisms for safeguarding ePHI as required by the Security Rule.
“Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities,” said OCR Director Jocelyn Samuels. “For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”
The Feinstein settlement announcement follows yesterday’s announcement of a $1.5 million plus settlement with North Memorial to resolve HIPAA charges that it failed to implement a business associate agreement with a major contractor and failed to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information. North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities.
The settlement highlights the importance for healthcare providers, health plans, healthcare clearinghouses and their business associates to comply with HIPAA’s business associate agreement and other HIPAA organizational, risk assessment, privacy and security, and other requirements.
OCR’s announcement emphasizes the importance of meeting these requirements. “Two major cornerstones of the HIPAA Rules were overlooked by this entity,” said Director Samuels. “Organizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure.”
The settlement comes from charges filed after OCR initiated its investigation of North Memorial following receipt of a breach report on September 27, 2011, which indicated that an unencrypted, password-protected laptop was stolen from a business associate’s workforce member’s locked vehicle, impacting the ePHI of 9,497 individuals.
OCR’s investigation indicated that North Memorial failed to have in place a business associate agreement, as required under the HIPAA Privacy and Security Rules, so that its business associate could perform certain payment and health care operations activities on its behalf. North Memorial gave its business associate, Accretive, access to North Memorial’s hospital database, which stored the ePHI of 289,904 patients. Accretive also received access to non-electronic protected health information as it performed services on-site at North Memorial.
The investigation further determined that North Memorial failed to complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure — including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes.
In addition to the $1,550,000 payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan, as required under the Security Rule. North Memorial will also train appropriate workforce members on all policies and procedures newly developed or revised pursuant to this corrective action plan.
Following up on OCR’s imposition of its second-ever HIPAA Civil Monetary Penalty (CMP) and the latest in an ever-growing list of settlements by Covered Entities under HIPAA, these latest settlements illustrate the substantial liability that Covered Entities face for violating HIPAA. To avoid these liabilities, Covered Entities must constantly be diligent to comply with the latest guidance of OCR about their obligations under HIPAA.
As OCR continues to issue additional guidance as well as supplement this guidance through information shared in settlement agreements like the North Memorial settlement, even if Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.
Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities face growing responsibilities and liability for maintaining the security of ePHI.
In response to HITECH, OCR continues to use a carrot and stick approach to encouraging and enforcing compliance. As demonstrated by OCR’s imposition of the second-ever HIPAA Civil Monetary Penalty (CMP) of $239,000 against Lincare and the ever-growing list of Resolution Agreements OCR announces with other Covered Entities, OCR continues to step up enforcement against Covered Entities that breach the Privacy and Security Rules. See OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000.
On the other hand, OCR also continues to encourage voluntary compliance by Covered Entities by sharing guidance and tools to aid Covered Entities to understand fulfill their HIPAA responsibilities such as the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016.The crosswalk that maps the HIPAA Security Rule to the standards of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) as well as mappings to certain other commonly used security frameworks.
While stating that the HIPAA Security Rule does not require use of the NIST Cybersecurity Framework, OCR says it hopes the Crosswalk will provide “a helpful roadmap” for HIPAA Covered Entities and their business associates to understand the overlap between the NIST Cybersecurity Framework, the HIPAA Security Rule, and other security frameworks that can help Covered Entities safeguard health data in a time of increasing risks and help them to identify potential gaps in their programs.
At the same time, OCR’s announcement of its release of the Crosswalk also cautions users that “use of the Framework does not guarantee HIPAA compliance.” Rather, OCR says “the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.
With a USA Today report attributing more than 40 percent of data breaches to the healthcare industry over the last three years 91 percent of all health organizations having reporting breaches over the last two years, OCR has made clear that it intends to zealously investigate and enforce the Security Rules against Covered Entities that violate the Security Rules against Covered Entities that fail to take suitable steps to safeguard the security of PHI as required by the HIPAA Security Rule.
To meet these requirements, the HIPAA Security Rule requires that Covered Entities conduct and be prepared to product documentation of their audit and other efforts to comply with the Security Rule Most Covered Entities will want to consider including an assessment of the adequacy of their existing practices under the Crosswalk and other requirements disclosed by OCR in these assessments to help position the Covered Entity to defend or mitigate HIPAA CMP and other liabilities in the event of a HIPAA breech or audit.
Changing Rules Complicate Compliance
In addition to maintaining adequate security, HIPAA also requires Covered Entities to provide individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans in accordance with the HIPAA Privacy Rule. In response to recurrent difficulties experienced by individuals in exercising these rights, OCR recently published supplemental guidance to clarify and promote better understanding and compliance with these rules by Covered Entities. OCR started this process in January, 2015 by releasing a comprehensive fact sheet (Access fact sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient.
Earlier this month, OCR followed up by publishing on March 1, 2016 a second set of FAQs addresses additional issues, including the fees individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they so choose.
Covered entities and their business associates should expect OCR to ask about use of these tools in audits and investigations. Accordingly, they should move quickly to review and update their business associate agreements and other practices to comply with this new guidance as well as watch for further guidance and enforcement about these practices from OCR.
OCR’s new guidance on access to PHI follows a host of other regulatory and enforcement activities. While the particulars of each of these new actions and guidance vary, all send a very clear message: OCR expects Covered Entities and their business associates to comply with HIPAA and is offering tools and other guidance to aid them in that process. In the event of a breach or audit, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply.
Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.
Register For 3/30 Webex Briefing
Solutions Law Press, Inc.™ invites to catch up on the latest guidance on the Covered Entities’ responsibility under HIPAA to provide access to patients to PHI by registering here to participate in the “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” Webex briefing by attorney Cynthia Marcotte Stamer that Solutions Law Press, Inc.™ will host beginning at Noon Central Time on Wednesday, March 30, 2016.
About The Author
Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.
As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.
Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.
A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.
Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:
Employer and union sponsored group health plans covered by the Employee Retirement Income Security Act of 1974 (ERISA) and their insurers are not required to comply with a Vermont state law that requires health insurers and certain other parties to report payments relating to health care claims and other information relating to health care services to a state agency for compilation in an all-inclusive health care database, according to the United States Supreme Court’s March 1, 2016 ruling in Gobeille v. Liberty Mutual Insurance Company.
In a 6-2 opinion authored by Justice Kennedy, the Supreme Court held in Gobeille that ERISA Section 514 preempts Vermont’s requirement that health insurers and other health benefit payers report health care claims and other information relating to health care services to a state agency for inclusion in an all-inclusive health care data base.
The lawsuit stemmed from a lawsuit challenging Vermont’s attempt to enforce the law against Liberty Mutual Insurance Company’s self-insured health plan (Plan). Liberty Mutual provides benefits under the Plan to its thousands of employees which are located in all 50 States of which only approximately 140 of which are located in Vermont. When Vermont sought to require the Plan’s third-party administrator, Blue Cross Blue Shield of Massachusetts, Inc. (Blue Cross) to transmit its files on the Plan’s eligibility, medical claims, and pharmacy claims for the Plan’s Vermont members to the state data base, Liberty Mutual was concerned that the disclosure of such confidential information might violate its fiduciary duties, It instructed Blue Cross not to comply and sued seeking a declaratory judgement that ERISA pre-empts application of Vermont’s statute and regulation to the Plan and an injunction prohibiting Vermont from trying to acquire data about the Plan or its members. After the District Court granted summary judgment to Vermont, the Second Circuit reversed, concluding that Vermont’s reporting scheme is pre-empted by ERISA as applied to the Plan.
When Vermont appealed the Second Circuit’s decision to the Supreme Court, the Supreme Court sided with Liberty Mutual. It upheld the Second Circuit’s ruling, holding that the preemption provisions of ERISA bar Vermont from enforcing the reporting requirement against ERISA-covered health plans or their administrators.
Righting for the Supreme Court Majority, Justice Kennedy explained that ERISA expressly pre-empts “any and all State laws insofar as they may now or hereafter relate to any employee benefit plan.” 29 U.S.C §1144(a). Commenting that this preemption reaches to any state law that has an impermissible “connection with” ERISA plans, Justice Kennedy took judicial notice that ERISA seeks to make the benefits promised by an employer more secure by mandating certain uniform reporting and other oversight systems and other standard procedures, Justice Kennedy said ERISA’s extensive reporting, disclosure, and recordkeeping requirements are central to, and an essential part of, this uniform plan administration system. He also wrote that ERISA’s uniform rule design also makes clear that it is the Secretary of Labor, not the separate States, that is authorized to decide whether to exempt plans from ERISA reporting requirements or to require ERISA plans to report data such as that sought by Vermont. Because Vermont’s law and regulation also govern plan reporting, disclosure, and recordkeeping, Justice Kennedy explained that pre-emption is necessary in order to prevent multiple jurisdictions from imposing differing or even parallel, regulations, creating wasteful administrative costs and threatening to subject plans to wide-ranging liability.
Justice Kennedy also found unpersuasive Vermont’s counterargument that respondent has not shown that the State scheme has caused it to suffer economic costs, stating that Liberty Mutual need not wait to bring its pre-emption claim until confronted with numerous inconsistent obligations and encumbered with any ensuing costs. In addition, Justice Kennedy wrote that the fact that ERISA and the state reporting scheme have different objectives does not transform Vermont’s direct regulation of a fundamental ERISA function into an innocuous and peripheral set of additional rules and that Vermont’s regime also cannot be saved by invoking the State’s traditional power to regulate in the area of public health. Furthermore, Justice Kennedy added that ERISA’s pre-existing reporting, disclosure, and recordkeeping provisions maintain their pre-emptive force regardless of whether the new Patient Protection and Affordable Care Act’s reporting obligations also pre-empt state law.
About The Author
Recognized as a “Top” attorney in employee benefits, labor and employment and health care law extensively involved in health and other employee benefit and human resources policy and program design and administration representation and advocacy throughout her career, Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick│Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than 27 years’ experience practicing at the forefront of employee benefits and human resources law.
A Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on health and other employee benefit, human resources and insurance matters and policy.
Ms. Stamer helps management manage. Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.
Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at http://www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
Solutions Law Press, Inc. is happy to share information about this upcoming free health industry study group meeting on 9/15/2015 in Irving, Texas.
NORTH TEXAS HEALTHCARE COMPLIANCE PROFESSIONALS ASSOCIATION
Invites Members and Guests to Our Next Group Luncheon
Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act
Featuring
Kristi Gotcher
U.S. Department of Labor Employee Benefit Security Administration Investigator
Space Limited! Register Early To Reserve Your Spot To Participate!
Please share this invitation with others who might be interested in this topic or other NTHCPA events!
The North Texas Healthcare Compliance Professionals Association (NTHCPA) invites members and other interested health care compliance professionals to join us on Tuesday, September 15, 2015 from 11:30 a.m. to 1:30 p.m. for our Study Group Luncheon featuring a program on “Employee Benefit Security Administration Insights On Healthcare Organization’s Health & Other Employee Benefit Plan Rights & Responsibilities Under Employee Retirement Income Security Act” from U.S. Department of Labor Employee Benefit Security Administration (EBSA) Investigator Kristi Gotcher.
The health and other employee benefit plan rules of the Employee Retirement Income Security Act (ERISA) generally offer important protections and create significant compliance challenges for health care organizations and providers. On one hand, health care providers generally rely heavily on their or their patient’s ability to obtain health benefits promised under employer or union-sponsored health plans covering their patients to help reimbursement provider charges. Meanwhile, health care providers and their leaders also can incur significant liability for failing to comply with ERISA’s rules when establishing and maintaining health or other employee benefit programs for their own employees. Drawing on her involvement as investigator with the Department of Labor agency primarily responsible for both interpreting and enforcing ERISA’s rules, EBSA Ms. Gotcher will share key updates and insights on both how ERISA and the EBSA can help patients and providers enforce benefit rights under ERISA-covered health plans and key health and highlight employee benefit compliance responsibilities that health care organizations and their leaders need to ensure that their own health and other employee benefit programs meet to avoid violating ERISA.
About the Speaker
Kristi A. Gotcher is an Investigator with the United States Department of Labor, Employee Benefits Security Administration (EBSA) in the Dallas Regional Office. Kristi began working for EBSA in the Dallas Regional Office in November 2007 as a Benefits Advisor. She earned her Bachelor of Arts in Social Political Relations from St. Edwards University and a J.D. from Texas Wesleyan University School of Law (now Texas A&M University School of Law). Ms. Gotcher is licensed to practice law in the State of Texas.
Registration & Meeting Details
The meeting scheduled from 11:30 a.m. to 1:30 p.m. on Tuesday, September 15, 2015 at the DFW Hospital Council Offices located at 250 Decker Drive, Irving Texas. Participants who timely R.S.V.P. will enjoy a complimentary luncheon. Networking and lunch service will begin at 11:30. Our program will begin at Noon.
NTHCPA encourages members and other interested health care compliance professionals to register early to reserve their spot to participate and to share this invitation with others in the industry who might benefit from participation.
There is no charge to participate in the meeting. However space is limited and available only on a first come, first serve basis. To ensure your spot and help us to arrange for adequate space and refreshments for this meeting, R.S.V.P. here as soon as possible and no later than Noon on September 14, 2015. Walk in guests will be accommodated on a space-available basis only.
Thanks To Meeting Underwriter Stamer ׀Chadwick ׀ Soefje, PLLC
NTHCPA and its members extend our thanks to Cynthia Marcotte Stamer, P.C. and the other members of Stamer ׀ Chadwick ׀ Soefje PLLC for underwriting this month’s study group luncheon and other support of NTHCPA.
A boutique firm of exceptionally experienced and skilled “big-firm” lawyers committed to changing the way law firms serve their clients, Stamer │Chadwick │Soefje, PLLC delivers sophisticated legal advice and innovative solutions to the most challenging and complex problems. Simply put, Stamer │Chadwick │Soefje, PLLC attorneys are “Solutions Lawyers™.”
Stamer │Chadwick │Soefje, PLLC attorneys deliver sophisticated legal advice and innovative solutions to the most challenging and complex problems. Stamer │Chadwick │Soefje, PLLC attorneys possess the breadth of experience to respond to the unique legal and operational challenges health industry and other clients face and help guide them toward pragmatic resolutions that make sense for them. “Solutions Lawyers™ possess the breadth of experience to respond to the unique challenges our corporate and individual clients face and help guide them toward pragmatic resolutions that make sense for them.
Founded by nationally-known, healthcare and labor & employment attorney Cynthia Marcotte Stamer; labor & employment attorney Robert G. Chadwick; and professional liability and civil litigation attorney Timothy B. Soefje, Stamer │Chadwick │Soefje, PLLC focuses on advising and representing businesses and professionals nationally in the areas of healthcare, cyber liability, ERISA, employee benefits, labor & employment, corporate and commercial litigation, professional liability, construction litigation, and insurance defense. All three attorneys are rated AV® Preeminent™ by Martindale-Hubbell® Peer Review Ratings™ Ms. Stamer and Mr. Chadwick are both Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, are Fellows in the American Bar Foundation, and recognized as “Top Lawyers” in Labor and Employment Law. Ms. Stamer also has received recognition as a “Top” attorney in health care and employee benefits law and is a Fellow in the American College of Employee Benefit Council.
Ms. Stamer more than 28 years’ experience advising and representing health industry and employee benefit clients on a wide range of legal, public policy, management and operational concerns as well as extensive leadership and management experience serving in on the board of health industry nonprofit organizations. Nationally recognized for her legal work, advocacy, publications, writings and presentations on health industry concerns, Ms. Stamer provides legal and management advice, training and coaching, defense, public policy and regulatory advocacy to health industry and other clients on health and other regulatory and operational compliance, federal and state public policy and enforcement, managed care and other contracting, reimbursement, fraud, quality, employment, staffing and other workforce, benefits, licensing, credentialing and peer review, safety, disaster preparedness and response, HIPAA and other privacy and data security, corporate governance, investigations and internal controls, and a host of other health industry compliance and risk management and other legal and operational concerns. In addition to her legal experience, Ms. Stamer also contributes her experience and talents to serving in a number of health industry and other civil and professional groups. Among other things, Ms. Stamer serves as Vice President of the NTHCPA, the RPTE representative to the American Bar Association (ABA) Joint Committee on Employee Benefits Council and scrivener for its annual agency meeting with the Office of Civil Rights, the ABA International Section Life Sciences and Health Law Committee Vice President of Policy, RPTE Liaison to the ABA Health Care Coordinating Counsel, TIPS Employee Benefit Committee Vice Chair, Founder and Executive Director of the Project COPE: The Coalition on Patient Empowerment, and National Physicians Council for Healthcare Policy. She also previously served as President and Founding Board Member of the Alliance for Health Care Excellence and its Health Care Heroes and Patient Empowerment Programs, as RPTE Employee Benefits & Other Compensation Group Chair and Welfare Benefit Committee Vice Chair, Exempt Organizations Coordinator of the Gulf States Area TEGE Council, Board President and Audit Committee Chair of the Richardson Development Center for Children ECI Agency, National Kidney Foundation of North Texas Board Audit Committee Chair, the United Way of North Texas Long Range Planning Committee. She also has and continues to serve in the leadership of many other civic and professional boards, seminar faculties, editorial advisory boards and publishes and speaks extensively on health industry and employee benefit related concerns.
Mr. Chadwick has extensive experience advising and defending health industry and other clients on OSHA and other occupational health and safety, employee benefits, compensation and other labor and employment concerns as well as defending boards and other management leaders against management liability claims.
Mr. Soefje has extensive experience advising and representing health industry clients and professionals on medical malpractice, officers and directors liability and other professional liability, errors and omissions, construction defect and other litigation and disputes.
NTHCPA exists to champion ethical practice and compliance standards and to provide the necessary resources for ethics and compliance Professionals and others in North Texas who share these principles. The vision of NTHCPA is to be a pre-eminent compliance and ethics group promoting lasting success and integrity of organizations within North Texas.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns.
Other Helpful Resources & Other Information
We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication availablehere, or our HR & Benefits Update electronic publication available here. You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.
Examples of some of these recent health care related publications include:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
Employers sponsoring health plans and members of their management named as plan fiduciaries or otherwise having input or oversight over health plan concerns should verify their company’s group health plan meets the out-of-pocket maximum rules of the Patient Protection and Affordable Care Act (ACA) § 1302(c)(1) as well as a long list of other federal health benefit rules to minimize the risk that violations will compel the sponsoring employer to self-assess, self-report on IRS Form 8928, and pay a $100 per day per violation excise tax penalty and while expose the plan and its fiduciaries to fiduciary or other liability under the Employee Retirement Income Security Act (ACA). Consequently, sponsoring employers and their management generally will want to ensure that their plan documents are properly updated to comply with the out-of-pocket maximum and other federal requirements, to require contractual commitments to administer the health plan in compliance with and to report, correct, and indemnify for violations of these requirements in vendor contracts with their health plan insurers, administrators and other vendors, and conduct documented audits to verify the health plan’s operational compliance with these requirements as interpreted by the Department of Health & Human Services (HHS), Department of Labor (DOL) and Internal Revenue Service (IRS) in form and operation. The new self-reporting and excise tax self-assessment and payment requirements for employers coupled with already long-standing fiduciary and other liabilities for fiduciaries, plan administrators and others makes it important that employers sponsoring group health plans and their management or other leaders overseeing or participating in plan design or vendor selection, plan administration or other plan related activities seek the advice and help of qualified, experienced legal counsel for assistance with conducting an appropriate compliance review and risk assessment of their health plans, correcting or taking other steps to mitigate risks from any past or existing violations, and steps to take to tighten documents, vendor contracts, and processes to mitigate compliance or other risks going forward.
Employers, Insurers & Plan Fiduciaries Face Big Risks From Federal Health Plan Rule Violations
As amended by ACA, health plan violations of ACA and various other federal health plan mandates carry big risks for health plans, their sponsoring employers, and representatives of sponsoring employers, insurers and third party administrators responsible as fiduciaries for administering a group health plan in accordance with these federal rules. As amended by ACA, federal law imposes significant penalties against plans, their fiduciaries and even the sponsoring employer if the group health plan violates the ACA out-of-pocket limit or a long list of other ACA and other federal group health rules. Group health plans can face lawsuits from covered persons, their health care providers as assignees or the DOL, to enforce rights to benefits, plus attorneys’ fees and other costs of enforcement. Beyond benefit litigation, the employer or representatives of the sponsoring employer, if any, named or acting as fiduciaries, insurer or third party service providers named or acting as fiduciaries, also could face fiduciary lawsuits seeking damages, equitable relief, and attorneys’ fees and costs of court, for failing to prudently administer the plan in accordance with its terms and the law brought by covered persons or their beneficiaries or the DOL as well as fiduciary breach penalties if the fiduciary breach action is brought by the DOL. If the plan fails to comply with claims and appeals procedures or other ERISA notification requirements, parties named or functioning as the plan administrator for this purpose also could face penalties of up to $125 per violation per day in the case of enforcement actions brought by participants and beneficiaries or $1025 per violation per day in the case of actions brought by the DOL, plus attorneys’ fees and other costs of enforcement.
Except in rare circumstances where the sponsoring employer has carefully contracted to transfer fiduciary liability to its insurer or administrator and otherwise does not exercise or have a fiduciary obligation to exercise discretion or control over these responsibilities, employers sponsoring group health plans that violate federal mandates like the out-of-pocket limit often ultimately bear some or all of these liabilities even if the violation actually was committed by a plan vendor hired to administer the program either because the plan documents name the employer as the “named fiduciary” or “plan administrator” under ERISA, the employer bears fiduciary responsibility functionally for selection or oversight of the culpable party, the employer signed a contract, resolution or plan document obligating the employer to indemnify the service provider for the liability, or a combination of these reasons. Even where the employer avoids these direct or indirect ERISA exposures, however, employers now also need to be concerned that out-of-pocket limitation or other federal health plan rule violations will trigger expensive excise tax liability for the sponsoring employer.
As part of ACA, the Internal Revenue Code now generally requires employers sponsoring a group health plan that violates the ACA out-of-pocket limit or a long list of other federal health plan rules after 2013 to self-assess, report and pay stiff new excise tax penalties of $100 per day per violation when filing their annual tax return. See,Businesses Must Confirm & Clean Up Health Plan ACA & Other Compliance Following Supreme Court’s King v. Burwell Decision;More Work For Employers, Benefit Plans Following SCOTUS Same-Sex Marriage Ruling; 2016 & 2017 Health Plan Budgets, Workplans Should Anticipate Expected Changes To SBCs.Since prompt self-audit and correction can help mitigate these liabilities, business leaders should act quickly to engage experienced legal counsel for their companies for advice about how to audit their group health plan’s 2014 and 2015 compliance with the out-of-pocket limit and other federal health plan rules within the scope of attorney client privilege while managing fiduciary exposures that could result if the audit is improperly structured or conducted, as well as options for addressing potential 2014, 2015 and future years excise tax and other exposures that compliance deficiencies with these rules could trigger.
While businesses inevitably will need to involve or coordinate with their accounting, broker, and other vendors involved with the plans, businesses generally will want to get legal advice in a manner that preserves their potential to claim attorney-client privilege to protect against discovery in the event of future enforcement or litigation actions sensitive discussions and analysis about compliance audits, plan design choices, and other risk management and liability planning as well as to get help identifying potential plan design, contracting, procedural or other changes that may be needed to fix compliance deficiencies and mitigate other risks, particularly in light of complexity of the exposures and risks.
The Supreme Court’s recent King v. Burwell decision makes it particularly important that employers and other group health plan sponsors, and those named or serving functionally as the plan administrator or other fiduciary responsible for properly administering the group health plan in accordance with these rules move quickly to manage these risks. With the continued limited Republican majority in the Senate, Republicans lack sufficient votes to override a promised Presidential veto of any legislation that would repeal or substantially modify ACA. Meanwhile, President Obama is moving to help ensure that his Presidential Legacy includes implementation of ACA and to mitigate ACA’s budgetary impacts by collecting excise tax and other penalties from insurers, plan administrators and employers by instructing the Tri-Agencies to move forward on full implementation and enforcement of ACA and other federal health plan rules. As a consequence, employers that sponsored group health coverage in 2014 need to confirm that their plan complied with the out-of-pocket maximum and other specified federal health plan rules or take timely action to self-assess, report on the Internal Revenue Service (IRS) Form 8928, and pay the $100 per day per violation penalty required by the Internal Revenue Code for 2014 when filing their 2014 business tax return.
Adjusted Out-Of-Pocket Limit Amounts
The ACA out-of-pocket maximum limitation is one of many broad health care reforms enacted by ACA. Under its provisions, federal law now limits the amount of the maximum deductible, co-payments or other cost sharing that most employer or union sponsored group health plans can impose on essential health benefits to the out-of-pocket limitation allowed by ACA § 1302(c)(1). See Public Health Service (PHS) Act §2707(b).
The out-of-pocket limitations of $6,350 for individual only coverage and $12,700 for other than self-only coverage that first took effect with the 2014 plan year, are subject to annual adjustment for inflation under ACA §1302(c)(4) by the premium adjustment percentage beginning this plan year. The IRS recently announced the adjusted limitations that will apply to the 2015 and 2016 plan years. The applicable limits for 2014-2016 are as follows based on this guidance:
Plan Year
Individual Coverage Only
Other Than Self-Only
2014
$6,350
$12,700
2015
6,600
13,200
2016
6,850
13,700
Since noncompliance with this limitation is one of a long list of federal health plan mandates that triggers a duty for the sponsoring employer to self-assess, report and pay an excise tax of $100 per day per violation for post-2013 plan years, employers that sponsored health plans in 2014 generally will want to verify that their plan complied with this out-of-pocket rule in 2014 and ensure that its 2015 plan has been updated to reflect the adjusted limit and otherwise comply with its requirements.
In this respect, the final HHS Notice of Benefit and Payment Parameters for 2016 (2016 Payment Notice) clarifies that the self-only maximum annual limitation on cost sharing applies to each individual, regardless of whether the individual is enrolled in self-only coverage or in coverage other than self-only.
While employers can design their group health plans to apply higher out-of-pocket limitations on coverages for non-essential benefits and out-of-network care, plans designed to take advantage of this permitted distinction must be carefully administered to ensure that the limits allowed for non-essential benefits are not improperly applied to essential benefit coverages under the plan. Employers are cautioned to use care to avoid this from occurring by drafting the plan terms and requiring fiduciaries to administer the plan to ensure that:
The plan properly essential and non-essential health benefits, both in terms and in operation;
The limit is properly applied and calculated with respect to all benefits considered essential health benefits; and
The application of higher out-of-pocket limitations for non-essential benefits does not violate other federal health plan rules such as special federal health plan rules regarding out-of-network emergency care, mental health coverage parity, coverage for newborns and mothers, or the like.
Ensure Plan Language & Operations Comply With Tri-Agency Out-Of-Pocket Guidance & Other Federal Health Plan Rules
Updating the out-of-pocket maximum rules of a group health plan to comply with the ACA out-of-pocket maximum rule can be more complicated than many employers or plan fiduciaries might realize since the plan terms, and its administration must comply in form and operation with the regulations and other interpretations of the three agencies jointly responsible for administration and enforcement of this and various other federal health plan rules: the Departments of Health & Human Services (HHS), Internal Revenue Service (IRS), and Labor (DOL) (collectively, the “Tri-Agencies”).
In the case of ACA’s out-of-pocket maximum rules, the Tri-Agencies already have supplemented the guidance in their implementing regulations by publishing a FAQ that gives additional clarification and examples that the Tri-Agencies intend to help explain the proper administration of the rule. Group health plans, their insurers or other fiduciaries, as well as sponsoring employers should take into account all of this existing guidance when reviewing and assessing the compliance of their group health plans, as well as stay vigilant for the publication of additional guidance.
Existing guidance on the out-of-pocket maximum rule states that group health plans and insurance policies generally must count toward the out-of-pocket maximum limit all deductibles, coinsurance, copayments, or similar charges and any other expenditure the group health plan requires a covered person to pay for a qualified medical expense that is an “essential health benefit” within the meaning of ACA other than premiums, balance billing amounts for non-network providers and other out-of-network cost-sharing, or spending for non-essential health benefits.
One of the first considerations should be to ensure that the plan document and parties responsible for administer it properly understand and apply the rule to all charges falling within coverage for “essential health benefits.” Technically, the out-of-pocket limitation only applies to coverage of “essential health benefits” within the meaning of ACA, in any group health plan, whether insured or self-insured. What benefits are considered “essential health benefits” is defined by Tri-Agency regulations. The definition of “essential health benefits” in these Tri-Agency regulations is complicated and generally varies by state, even when the group health plan is self-insured. Sponsors of self-insured group health plans and employers sponsoring plans covering individuals in different states generally will want to seek legal advice about the adequacy of their group health plan’s essential health benefit definition to make sure that these rules and their limitations are met.
When applying these limits, employers, insurers, and administrators of group health plans attempting to distinguish non-essential health coverages such as prescription drug, behavior health, or dental coverages provided separately from otherwise applicable major medical coverage should consult with legal counsel to confirm that those arrangements comply with existing guidance on ACA’s out-of-pocket maximum and other federal mandates in form and operation. This analysis generally should both verify that the plan documents and administrative processes incorporate these requirements generally into the plan document as well as include provisions to ensure that these requirements are properly integrated with other federal mandates requiring cost-sharing for emergency care in the case of behavioral health coverage, the applicable federal mental health parity mandates, and other federal health plan rules. Special care and scrutiny should be applied if the group health plan uses multiple service providers to help administer benefits (such as one third-party administrator for major medical coverage, a separate pharmacy benefit manager, and a separate managed behavioral health organization).
Special care also is needed if a group health plan uses separate plan service providers to administer the plan or certain of its provisions. Separate plan service providers may impose different levels of out-of-pocket limitations and may utilize different methods for crediting participants’ expenses against any out-of-pocket maximums. Administrators, insurers or other fiduciaries responsible for administration of these coverages must properly coordinate, and sponsoring employers should consult with legal counsel about auditing their plans for proper coordination of these processes across these different service providers.
Along with making specific plan document and process changes to provide for proper implementation and administration of the out-of-pocket and other federal coverage and benefit mandates, all parties also should review the claims and appeals procedures used in connection with the processing and notification of covered persons about claims and appeals determinations made about denials to ensure that they fully comply with both the DOL’s reasonable claims and appeals regulations and, in the case of non-grandfathered health plans, ACA’s special independent review and other heightened requirements for administering and notifying covered persons or their beneficiaries about claim denials or appeals as any of these violations could trigger the obligation for the sponsoring employer to self-report on IRS Form 8928 and pay the $100 per day per violation ERISA liability for the plan and its fiduciaries, as well as other penalties under ERISA §502(c).
Sponsoring Employers, Plan Fiduciaries and Vendors Should Act To Manage Exposures
Since violations trigger substantial excise tax liability for the sponsoring employer, as well as expose the group health plan and its sponsor, members of management or others acting as fiduciaries to judgments, regulatory penalties, and associated investigation, defense settlement and other costs and disruptions, most sponsoring employers and their leaders generally will want to consult with qualified legal counsel knowledgeable about these health plan rules and their management about steps that they should take to prevent or mitigate legal and financial exposures that violations of the out-of-pocket maximum and other federal health plan mandates can trigger. Timely action generally both can help prevent future violations and their expensive redress and mitigate penalties and other exposures incurred for violations, if any, that may have or in the future inadvertently occur.
As a part of these efforts, steps that plan sponsors and fiduciaries generally should take include.
Having plan documents and other plan materials and communications carefully review and drafted to meet mandates and mitigate risks;
Using care in when selecting and contracting with plan insurers or other vendors, by conducting appropriate documented review and credentialing of each vendor and its practices, as well as reviewing and negotiating administrative, insurance or other vendor agreements to appropriately name and allocate fiduciary status as well as include provisions requiring insurers, administrators and other group health plan vendors appropriately designate to provide contractual commitments that the policies and other plan documentation, systems and practices provided by the vendor are and will be administered in accordance with the out-of-pocket and other legal mandates, to provide certification of compliance and notice of violations, correction and indemnification of compliance deficiencies, and other related assurances and taking other documented prudent safeguards to require compliant practices;
Auditing as part of the vendor selection and renewal process and at other times throughout the year the operational compliance of the administration of the group health plan and taking corrective action as needed;
Ensuring that stop-loss, group or other insurance coverages are drafted to include catchall language to help ensure that the employer does not get left unexpectedly self-insuring the cost of funding benefits mandated by law that the carrier asserts fall outside the policy coverage because of gaps between drafting and the law;
Arranging for fiduciary liability, directors and officers or other coverage, indemnification from financially secure vendors, or other backup funding to help protect or mitigate the potential costs or liabilities that the sponsoring employer or its plan fiduciaries can expect to incur in the event of a challenge to the compliance of their group health plan or its practices; and
Learning and using appropriate processes to document prudent efforts to appropriately administer the plan in a compliant, legally defensible manner throughout the year.
For Legal or Consulting Advice, Legal Representation, Training Or More Information
If you need help reviewing your group health plan or responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
Recognized as a “Top” attorney in employee benefits, labor and employment and health care law extensively involved in health and other employee benefit and human resources policy and program design and administration representation and advocacy throughout her career, Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick│Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than 27 years’ experience practicing at the forefront of employee benefits and human resources law.
A Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on health and other employee benefit, human resources and insurance matters and policy.
Ms. Stamer helps management manage. Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.
Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see http://www.cynthiastamer.com or the Stamer│Chadwick │Soefje PLLC website or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at http://www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here.
Businesses sponsoring 401(k) or other defined contribution or defined benefit pension plans, health plans or other employee benefit plans should verify that any required Form 5500s, Annual Returns of Employee Benefit Plans were timely filed and if any were not, should contact legal counsel about whether they can come into compliance and avoid painful penalties by taking advantage of a newly announced Internal Revenue Service (IRS) low-cost penalty relief program for IRS penalties and a Department of Labor (DOL) voluntary compliance resolution program for Employee Retirement Income Security Act (ERISA) penalties.
In most cases, the Internal Revenue Code and ERISA each separately require that a Form 5500, Annual Return of Employee Benefit Plan be filed each year for the plan by the end of the seventh month after the close of the plan year. For plans that work on a calendar-year basis, as most do, this means the 2014 return is due on July 31, 2015. Businesses sponsoring employee benefit plans and the plan administrator of an employee benefit plan face substantial penalties under the Internal Revenue Code and ERISA if the required Form 5500 is not timely filed. Under the Internal Revenue Code, a business that fails to file a required Form 5500 can incur IRS penalties of up to $15,000 per return per plan year. In addition, the plan administrator (often the sponsoring business or a member of its management) of an employee benefit plan with unfiled Form 5500s separately also can incur DOL penalties of up to $1000 per day per plan per plan year. By simultaneously filing the late returns under both the new IRS penalty relief program and the long-standing DOL voluntary compliance resolution program, however, qualifying employers can resolve these exposures much more cost effectively.
While the DOL for many years has allowed plan administrators of retirement and other employee benefit plans the opportunity to resolve ERISA late or non-filing penalties through late filing under its Delinquent Filer Voluntary Compliance Program (DFVCP), the IRS only recently has established a companion program for small employers to use to resolve Internal Revenue Code penalty exposures of employers failing to file the required Form 5500 for their retirement plans. Based on its positive experience from a one-year pilot program, however, the IRS in May, 2015 now has implemented a new permanent penalty relief program that allows qualifying employers to resolve the Internal Revenue Code penalties for failing to file a Form 5500 required by the Internal Revenue Code.
The DOL DFVCP is available for use by plan administrators of retirement or welfare benefit plans sponsored by employers of all sizes. Plan administrators of employee benefit plans with unfiled required Form 550s can fix the penalty to resolve their ERISA penalty exposures for non- or late-filing of a required Form 5500s for all unfiled years at $1,500 per submission for “small plans” (generally, fewer than 100 participants at the beginning of the plan year) and $4,000 per submission for “large plans” (generally, 100 participants or more at the beginning of the plan year). A single filing for each plan for all plan years for which a required Form 5500 for that plan has not been timely filed can resolve the potential ERISA penalties for all unfiled plan years. Further reduced penalty caps are applicable to submissions for certain 501(c)(3) organizations and for Top Hat and Apprenticeship programs. However, by filing late returns under this program, eligible filers can avoid these penalties by paying only $500 for each return submitted, up to a maximum of $1,500 per plan.
In contrast, the new IRS program is only offers penalty relief from the Internal Revenue Code’s penalties for failure to file a required Form 5500 for plans sponsored by small businesses with plans covering a 100 percent owner or the partners in a business partnership, and the owner’s or partner’s spouse (but no other participants), and certain foreign plans. While employers sponsoring employee benefit plans with broader coverage do not qualify for relief under the new IRS penalty relief program, employers sponsoring these employee benefit plans nevertheless should visit with legal counsel about options for resolving their existing penalty exposures for non-filing as legal counsel often can negotiate reductions in penalties with the IRS for employers voluntarily late filing forms. Such relief generally is not available under the new penalty relief from for small employers or otherwise if the IRS already has assessed a penalty for late filing. Accordingly, it is important for employer and plan administrators to evaluate whether there are any unfiled required Form 5500s for any plan year for their employee benefit plans and act promptly to voluntarily resolve these issues through late filing before the IRS or DOL discovers the omission.
For Legal or Consulting Advice, Legal Representation, Training Or More Information
If you need help responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
A practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, Ms. Stamer’s more than 27 years’ of leading edge work as a practicing attorney, author, lecturer and industry and policy thought leader have resulted in her recognition as a “Top” attorney in employee benefits, labor and employment and health care law.
Recognized as a “Top” Employee Benefits, Labor and Employment and Health Care Lawyer, Board Certified in Labor and Employment law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, the State Bar of Texas and the American Bar Association, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, and an ABA Joint Committee on Employee Benefits Council Representative, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on health, pension, severance and other employee benefit, human resources, and related insurance, health care, privacy and data security and tax matters and policy.
Ms. Stamer’s legal and management consulting work throughout her career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk with a special emphasis on employee benefits, compensation and management controls. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real-time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.
As a key part of this work, Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements.
She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, expatriot and medical tourism, on site medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. In these and other engagements, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large-scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others. Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation, Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas. She also works as a policy advisor and advocate to health plans, their sponsors, administrators, insurers and many other business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, seewww.cynthiastamer.com,or http://www.stamerchadwicksoefje.com the member of contact Ms. Stamer via emailhere or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.
Employers sponsoring group health plan coverage now or in 2014, check the adequacy of your insurer or third party administrator’s claims and appeals processes and notices. Employers that sponsor group health plans that violated certain health care reform mandates for claims and appeals imposed by the Patient Protection and Affordable Care Act (ACA) will face a duty to pay an excise tax of $100 per violation per day under the expanded Form 8928 filing requirements made applicable to employers providing health plan coverage after 2013 under the Internal Revenue Code (Code), as well undermine the enforceability of claims and appeals decisions under Section 502(b) and trigger penalties of $125 per day ($1000 per day in the case of Department of Labor enforcement actions) against the plan administrator under Section 502(c) of the Employee Retirement Income Security Act of 1974 (ERISA).
Insurers and third party administrators providing claims and appeals services also should be concerned. Not only could these vendors face liability under ERISA, employer hit with fees almost certainly will look to the vendors responsible for performing these services for indemnification or other relief. Fixing past problems and preventing new violations is key to mitigating risks for all parties.
Because of the potential legal risks under the Code and ERISA, employers evaluating compliance to determine whether to file a Form 8928 generally should consult with legal counsel about whether and how best to structure and conduct the health plan compliance review to preserve distinctions between their business operations and fiduciary activities performed on behalf of the plan, as well as any opportunities to use attorney-client privilege, work product or other evidentiary rules to mitigate their risks and exposures.
Even before ACA, ERISA already required that group health plans and their plan administrators and fiduciary comply with a long list of highly technical rules when processing and administering claims and appeals and notifying plan members about these activities. The ACA claims and appeals rules covered by the Form 8928 filing and excise tax rules are additional notice and procedural safeguards imposed upon group health plans in addition to these long-standing ERISA claims and appeals procedures. As implemented by current Department of Labor Regulations, these ACA claims and appeals procedures require that group health plans (other than grandfathered plans) both comply with:
All of the pre-existing ERISA claims and appeals rules; and
Notify members or their beneficiaries of their rights to and provide for independent review of coverage rescission decisions and medical judgment-based claims denials in accordance with detailed rules set forth in the Labor Department Regulations; and
Comply with tighter procedural and notice standards for processing claim and appeals imposed by ACA in accordance with the detailed rules set forth in the Labor Department Regulations.
While most employers that sponsor group health plans historically have assumed that the insurers or other health plan vendors hired to administer their programs have designed and administer claims and appeals in compliance with these mandates, the processes and notices of many health plan insurers and self-insured plan claims and appeals vendors typically fall far short of meeting the requirements of even the pre-existing ERISA claims and appeals requirements as implemented by Labor Department Regulations since 2001, much less the additional independent review and other ACA claims and appeals requirements.
Post-2013 deficiencies in the practices of many insurers and other health plan vendors’ claims and appeals processes and notifications now leave many employers exposed to significant excise tax penalties. While under ERISA, group health plans and their responsible plan administrator or other applicable named fiduciary, not the sponsoring employer, generally bear the responsibility and liability for administering the group health plan in accordance with ACA’s claims and appeals and the other group health plan requirements covered by Form 8928, the Code’s extension of the Form 8928 filing requirement and imposition of significant excise taxes against employers that sponsor group health plans that violate these requirements is designed to give businesses sponsoring group health plans meaningful incentives to take steps to ensure that their group health plan is properly designed and administered by its insurers and fiduciaries to comply with the listed requirements.
Under Code Section 6039D, businesses sponsoring group health plans are required to self-assess and pay excise taxes of up to $100 per day for each uncorrected violation of a specified list of federal health plan mandates by filing a Form 8928 when the business files its corporate or partnership tax return for the applicable taxable year. Before 2014, the Form 8928 filing requirement applied to a fairly narrow set of requirements. Beginning with 2014, however, ACA added the ACA claims and appeals rules as well as a long list of other ACA requirements to the health plan violations subject to Form 8928 disclosures and excise taxes. If a business sponsored a health plan that violated the ACA claims and appeals rules or any other health plan rule subject to the Form 8928 filing requirement in 2014 or thereafter, the business should take prompt, well-documented actions to self-correct the violation or timely must file the required Form 8929 and pay the applicable $100 per violation per day excise tax since proof of good faith efforts to maintain compliance, proof of self-correction, or both may mitigate these excise tax and other Form 8928 liability as well as associated ERISA exposures. Likewise, during the current and future years after 2013, businesses offering group health plan coverage to their employees also will want to monitor their health plan’s compliance with the federal group health plan rules covered by Form 8929 reporting to avoid or mitigate these risks going forward.
Since federal group health plan violations that trigger the Form 8928 requirement of a sponsoring employer also generally create potential exposures for the ERISA exposures for the group health plan, parties acting as the “plan administrator” or other “fiduciary” role with respect to the plan or both under ERISA, the group health plan and its plan administrator or other responsible fiduciary (sometimes, but not always the employer or a member of its management), the group health plan, and those parties acting as the plan administrator or fiduciary responsible for administering the plan in compliance with those requirements also will want to be prepared to demonstrate that prudent steps are taken to administer the group health plan in accordance with the applicable mandates, including prudently to investigate and redress any suspected concerns identified in connection with the employer’s Form 8928 filing analysis. Under ERISA, for instance, the group health plan’s failure to strictly comply with any one of the highly technical claims or appeals procedural or notification requirements of ACA can give the affected plan member or its assignee the ability to sue the group health plan without the need to fulfill otherwise applicable appeals or other procedures that otherwise might apply under the group health plan’s claims and appeals procedures as well as have other adverse consequences for the group health plan or its fiduciaries, may heightened the burdens of proof the plan or its fiduciaries must meet to sustain denial determinations, or both. In addition, where the ACA violation included a failure to comply with ACA’s claims or appeals notification requirements, the violation also could provide the basis for the plan member to ask a court to order the plan administrator to pay the plan member up to $125 per day per violation plus attorneys’ fees and enforcement costs, the basis for the Department of Labor to penalize the plan administrator up to $1025 per day per violation per plan member, or both. While technically these ERISA exposures generally run specifically to the plan or the party serving as its plan administrator or responsible fiduciary, the employer frequently ultimately pays for these liabilities either because:
The plan documentation names the sponsoring business as the plan administrator or named fiduciary responsible for these actions;
The vendor agreement between the sponsoring business and the insurer or other service provider that the business hired to perform these duties requires the sponsoring business to indemnify the vendor for these liabilities; or
Both.
While the sponsoring business and parties serving as the plan administrator or other fiduciaries of the plan all have potential legal risk if the plan is not administered in accordance with the ACA claims and appeals procedures or other requirements covered by the Form 8928 filing requirements, all parties need to be mindful of the distinctions between the Form 8928 and other exposures that a sponsoring employer bears under the Code as compared to the ERISA fiduciary responsibility and other duties imposed upon the plan and its fiduciaries under ERISA. Maintenance of proper separation between these roles and appropriate structuring of communications between the sponsoring business with the plan and its fiduciaries and vendors is important to minimize the risk that the sponsoring business unintentionally will create or broaden the fiduciary liability exposures of the business by unnecessarily or inappropriately exercising discretion or control over the administration of plan duties that the plan terms allocate to other parties. Also, plan sponsors engaging in compliance reviews and associated discussions generally have a greater ability to use attorney-client privilege and work product than plan fiduciaries. Accordingly, businesses sponsoring their group health plans and their management generally will want to consult with qualified, experienced legal counsel for advice about whether and how to structure their Form 8928 assessments and associated risk analysis and correction discussions to promote and preserve the ability of the business, as the sponsoring employer, and its management to minimize ERISA fiduciary exposures and claim and use attorney-client privilege and work product evidentiary privileges to contain the scope of ERISA associated risks.
Going forward, businesses also will want to obtain advice of counsel about opportunities to mitigate Form 8928, ERISA and other exposures through more careful credentialing and contracting with health plan insurers and vendors, review and drafting of plan documents, summary plan descriptions and other plan materials, and other risk management and compliance processes and procedures. SeeCareful Selection & Contracting With Vendors Critical Part of Health Plan Renewals.
While most employers will not be able to negotiate the ideal contractual provisions and all operational violations, careful plan drafting to comply with applicable rules, vendor credentialing and contracting, and monitoring of compliance by an employer can reduce the risk and frequencies of violation and promote timely self-correction. In addition, the documented administration of these and other efforts by the employer can provide invaluable evidence to position the sponsoring employer to minimize or secure a waiver of excise taxes that otherwise might arise under the Code, pursue indemnification for liabilities the employer incurs due to the misfeasance of the insurer or vendor or both.
For Help or More Information
For Legal or Consulting Advice, Legal Representation, Training Or More Information
If you need help responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
A practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, Ms. Stamer’s more than 27 years’ of leading edge work as an practicing attorney, author, lecturer and industry and policy thought leader have resulted in her recognition as a “Top” attorney in employee benefits, labor and employment and health care law.
Board certified in labor and employment law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on HIPAA and other health and other employee benefit, human resources, and related insurance, health care, privacy and data security and tax matters and policy.
Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.
As a key part of this work, Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements.
She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. In these and other engagements, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others. Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation, Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas. She also works as a policy advisor and advocate to health plans, their sponsors, administrators, insurers and many other business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, seewww.cynthiastamer.com,or http://www.stamerchadwicksoefje.com the member of contact Ms. Stamer via emailhere or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.
Health plans, insurers and other health plan industry service providers widespread use and reliance on internet applications to access and share protected health information when performing online enrollment, claims administration and payment, reporting, member and provider communications and a host of other key health plan functions makes it particularly important for health plans, their employer or other sponsors, fiduciaries, insurers and other vendors and their management to respond quickly to a warning from Department of Health & Human Services (HHS) Office of Civil Rights (OCR) warning to ensure applications and systems properly safeguard protected health information (PHI) as required by the Health Insurance Portability & Accountability (HIPAA) Privacy, Security & Breach Notification Rules (HIPAA Rules) and other laws made in its July 10, 2015 announcement of its latest HIPAA settlement.
The newResolution Agreementwith the Massachusetts based hospital system, St. Elizabeth’s Medical Center (SEMC) settles charges OCR made that SEMC reached HIPAA by failing to protect the security of PHI when using internet applications to access and share PHI. The Resolution Agreement also shows how complaints filed with OCR by workforce members can create additional compliance headaches for Covered Entities or their business associates while the “robust corrective action plan” imposed under the Resolution Agreement shares examples of ladder reporting and management oversight and documentation Covered Entities and business associates can expect to need to prove their organizations maintains the “culture of compliance” with HIPAA OCR expects in the event of an OCR audit or investigation.
With recent reports on massive health plan HIPAA and other data breaches fueling widespread participant and regulatory concern over identity theft and other data security, Covered Entities and their business associates should prepare to defend the adequacy of their own HIPAA and other data security practices in the event of an OCR breach investigation or audit. Accordingly, health plans and their employer or other sponsors, health plan fiduciaries, health plan vendors acting as business associates and others dealing with health plans and their management should contact legal counsel experienced in these matters for advice within the scope of attorney-client privilege about how to respond to the OCR warning and other developments to manage their HIPAA and other privacy and data security legal and operational risks and liabilities.
SEMC Resolution Agreement Overview
The SEMC Resolution Agreement settles OCR charges that SEMC violated HIPAA stemming from an OCR investigation of a November 16, 2012 complaint by SEMC workforce members and a separate data breach report SEMC separately made to OCR of a breach of unsecured electronic PHI (ePHI) stored on a former SEMC workforce member’s personal laptop and USB flash drive affecting 595 individuals. In their complaint, SEMC workers complained SEMC violated HIPAA by allowing workforce members to use an internet-based document sharing application to share and store documents containing electronic protected health information (ePHI) of at least 498 individuals without adequately analyzing the risks. OCR says its investigation of the complaint and breach report revealed among other things that:
SEMC improperly disclosed the PHI of at least 1,093 individuals;
SEMC failed to implement sufficient security measures regarding the transmission of and storage of ePHI to reduce risks and vulnerabilities to a reasonable and appropriate level; and
SEMC failed to timely identify and respond to a known security incident, mitigate the harmful effects of the security incident, and document the security incident and its outcome.
To resolve OCR’s charges, SMCS agreed to pay $218,400 to OCR and implement a “robust corrective action plan” to correct these alleged HIPAA violations. While the required settlement payment is relatively small, the Resolution Agreement’s focus security requirements for internet application and data use and sharing activities engaged in by virtually every Covered Entity and business associate make the Resolution Agreement merit the immediate attention of all Covered Entities, their business associates and their management.
SEMC HIPAA Specific Compliance Lessons For Health Plans & Business Associates
In announcing the Resolution Agreement, OCR Director Jocelyn Samuels sent a clear warning to all Covered Entities and their business associates “to pay particular attention to HIPAA’s requirements when using internet-based document sharing applications,” stating “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”
The Resolution Agreement makes clear that OCR expects health plans and other Covered Entities and their business associates to be able to show both their timely investigation of reported or suspected HIPAA susceptibilities or violations as well as to self-audit and spot test HIPAA compliance in their operations. The SEMC corrective action plan also indicates Covered Entities and business associates must be able to produce documentation and other evidence needed to show the top to bottom dedication to HIPAA compliance necessary to prove a “culture of compliance” with HIPAA permeates their organizations.
In light of OCR’s warning and expectations, Covered Entities and business associates should start by considering the advisability for their own organization to take one or more of the steps outlined in the “robust corrective action plan” included in the Resolution Agreement, starting with the specific steps the corrective action plan requires SEMC to address its internet application security concerns such as:
Conducting self-audits and spot checks of workforce members’ familiarity and compliance with HIPAA policies and procedures on transmitting ePHI using unauthorized networks; storing ePHI on unauthorized information systems, including unsecured networks and devices; removal of ePHI from SEMC; prohibition on sharing accounts and passwords for ePHI access or storage; encryption of portable devices that access or store ePHI; security incident reporting related to ePHI; and
Inspecting laptops, smartphones, storage media and other portable devices, workstations and other devices containing ePHI and other data devices and systems and their use; and
Conducting other tests and audits of security and compliance with policies, processes and procedures; and
Documenting results, findings, and corrective actions including appropriate up the ladder reporting and management oversight of these and other HIPAA compliance expectations, training and other efforts.
Beyond the specific internet applications and other security of ePHI lessons in the Resolution Agreement, Covered Entities and their business associates also should be mindful of other more subtle, but equally important broader HIPAA compliance and risk management lessons provided in the Resolution Agreement and other recent OCR guidance about their overall HIPAA compliance responsibilities.
One of the most significant of these lessons is the need for proper workforce training, oversight and management. The Resolution Agreement sends an undeniable message that OCR expects Covered Entities, business associates and their leaders to be able to show their effective oversight and management of the operational compliance of their systems and members of their workforce with HIPAA policies. The SEMC corrective action plan should prompt Covered Entities and business associates to weigh the adequacy of their existing workforce training, reporting, investigation and other management processes and documentation. Meanwhile, OCR’s report that an OCR complaint made by SEMC insiders to OCR prompted its investigation also should sensitize Covered Entities and their business associates of the need to ensure that their workforce training and management processes are appropriate to position their organization both to show their processes encourage proper internal reporting and investigation of compliance concerns, as well as manage the inevitable HIPAA and other human resources retaliation and whistleblower exposures that can arise out of such reports.
The Resolution Agreement also provides insights to the internal corporate processes and documentation of compliance efforts that Covered Entities and business associates may need to show their organization has the required “culture of compliance” needed to mitigate consequences of breaches or other compliance glitches. Particularly notable are Resolution Agreement’s terms on the documentation and up the ladder reporting to management and OCR of SEMC’s self-audit and self-correction activities and management oversight and management of these activities. Like tips shared by HHS in the recently released Practical Guidance for Health Care Governing Boards on Compliance Oversight, these details in the Resolution Agreement provide invaluable tips to Boards and other leaders of Covered Entities and business associates about steps they can take to promote their ability to demonstrate their organizations have the necessary culture of HIPAA compliance OCR expects.
Health Plan HIPAA Compliance Risks & Responsibilities of Employers & Their Leaders
While HIPAA places the primary duty for complying with HIPAA on Covered Entities and business associates, health plan sponsors and their management still need to make HIPAA compliance a priority for many practical and legal reasons.
As employers forced to cope with the deluge of fears and questions of employees and other health plan members impacted by recent massive PHI breach reports shared by Blue Cross association health insurance plan giants, Anthem and Premera can attest, HIPAA data breach or other compliance reports often trigger significant financial, administrative, workforce satisfaction and other operational costs employer health plan sponsors. Inevitable employee concern about health plan data breaches undermines employee value and satisfaction of the health benefit plan as an employee benefit. These concerns also usually require employers to expend significant management and financial resources to respond to these concerns and address other employer fallout from the breach.
The costs of investigation and redress of a known or suspected HIPAA data or other breach typically far exceed the actual damages to participants resulting from the breach. While HIPAA technically does not make sponsoring employers directly responsible for these duties or the costs of their performance, as a practical matter sponsoring employers typically can expect to pay costs and other expenses that its health plan incurs to investigate and redress a HIPAA breach. For one thing, except in the all too rare circumstances where employers as plan sponsors have specifically negotiated more favorable indemnification and liability provisions in their vendor contracts, employer and other health plan sponsors usually agree in their health plan vendor contracts to pay the expenses and to indemnify health plan insurers, third party administrators, and other vendors for costs and liabilities arising from HIPAA breaches or other events arising in the course of the administration of the health plan. Since employers typically are obligated to pay health plan costs in excess of participant contributions, employers also typically would be required to provide the funding their health plan needs to cover these costs even in the absence of such indemnification agreements.
Sponsoring employers and their management also should be aware the employer’s exception from direct liability for HIPAA Rule compliance does not fully insulate the employer or its management from legal risks in the event of a health plan data breach or other HIPAA violation.
While HIPAA generally limits direct responsibility for compliance with the HIPAA Rules to a health plan or other Covered Entity and their business associates, HIPAA hybrid entity and other organizational rules and criminal provisions of HIPAA, as well as various other federal laws arguably could create liability risks for the employer. See, e.g.,Cyber Liability, Healthcare: Healthcare Breaches: How to Respond; Restated HIPAA Regulations Require Health Plans to Tighten Privacy Policies and Practices; Cybercrime and Identity Theft: Health Information Security Beyond. For example, hybrid entity and other organizational provisions in the HIPAA Rules generally require employers and their health plan to ensure that health plan operations are appropriately distinguished from other employer operations in order for otherwise non-covered human resources, accounting or other employer activities to avoid subjecting their otherwise non-covered employer operations and data to HIPAA Rules. To achieve this required designation and separation, the HIPAA rules typically also require that the health plan include specific HIPAA language and the employer and health plan take appropriate steps to designate and separate health plan records and data, workforces, and operations from the non-covered business operations and records of the sponsoring employer. Failure to fulfill these requirements could result in the unintended spread of HIPAA restrictions and liabilities to other aspects of the employer’s human resources or other operations. Sponsoring employers will want to confirm that health plan and other operations and workforces are properly designated, distinguished and separated to reduce this risk.
When putting these designations and separations in place, employers also generally will want to make arrangements to ensure that their health plan includes the necessary terms and the employer implements the policies necessary for the employer to provide the certifications to the health plan that HIPAA will require that the health plan receive before HIPAA will allow health plan PHI to disclosed to the employer or its representative for the limited underwriting and other specified plan administration purposes permitted by the HIPAA Rules.
Once these arrangements are in place, employers and their management also generally will want to take steps to minimize the risk that their organization or a member of the employer’s workforce honors these arrangements and does not improperly access or use health plan PHI, systems in violation of these conditions or other HIPAA Rules. This or other wrongful use or access of health plan PHI or systems could violate criminal provisions of HIPAA or other federal laws making it a crime for any person – including the employer or a member of its workforce – from wrongfully accessing health plan PHI, electronic records or systems. Since health plan PHI records also typically include personal tax, social security information that the Internal Revenue Code, the Social Security Act and other federal laws generally would require the employer to keep confidential and to protect against improper use, employers and their management also generally should be concern about potential exposures for their organization that could result from improper use or access of this information in violation of these other federal laws. Since HIPAA and some of these other laws under certain conditions make it a felony crime to violate these rules, employer and their management generally will want to treat compliance with these federal rules as critical elements of the employer’s Federal Sentencing Guideline and other compliance programs.
Beyond the already discussed concerns, employers or members of their management also may have an incentive to promote health plan compliance with HIPAA or other health plan privacy or data security requirements to many the exposure of the employer or management or other staff to statutory, regulatory, contractual or ethical liabilities arising under ERISA, Internal Revenue Code, the Fair & Accurate Credit Transaction Act (FACTA), trade secret, insurance, disability, identity theft, cybersecurity or other federal or state laws.
For instance, health plan sponsors and management involved in health plan decisions, administration or oversight could face personal fiduciary liability risks under ERISA for failing to act prudently to ensure that the health plan compliance with HIPAA and other federal privacy and data security requirements.. ERISA’s broad functional fiduciary definition encompasses both persons and entities appointed as “named” fiduciaries and others who functionally exercise discretion or control over a plan or its administration. Consequently, the sponsoring employer and certain members of its human resources or other executive management team who functionally possess or exercise responsibility or authority over the administration of the employer’s health plan or its data or other assets, the selection or oversight of plan fiduciaries, vendors, or other workforce members its administration, or other key health plan operations risk ERISA fiduciary liability for their own failures to act prudently in carrying out HIPAA compliance or other responsibilities or to take action when they know or should know that another fiduciary is or has breached these duties. This fiduciary status and risk can occur even if the entity or individual does not is not named a named fiduciary, expressly disclaims fiduciary responsibility or does not realize it bears fiduciary status or responsibility. Since fiduciaries generally bear personal liability for their own breaches of fiduciary duty as well as potential co-fiduciary liability for fiduciary breaches committed by others that they knew or prudently should have known, most employers and members of their management will make HIPAA health plan compliance a priority to avoid or minimize these potential ERISA fiduciary exposures.
Furthermore, most employers and their management also will appreciate the desirability of taking reasonable steps to manage potential exposures that the employer or members of its management could face if their health plan or the employer violates the anti-retaliation rules of HIPAA or other laws through the adoption and administration of appropriate human resources, internal investigation and reporting, risk management policies and practices. SeeEmployee & Other Whistleblower Complaints Common Source of HIPAA Privacy & Other Complaints.
Act To Manage HIPAA & Other Related Risks
OCR’s release of the Resolution Agreement on the heels of widespread publicity about massive health plan and other data breaches at Blue Cross health care giants, Anthem and Premera and other U.S. businesses and the potential legal and financial exposures that a HIPAA data breach or other violation could create, health plans and their sponsors, insurers, business associates, and leaders should appreciate the advisability of acting promptly to ensure that their health plans and business associates are taking appropriate steps to comply with the HIPAA Rules and manage other associated risks and liabilities. At minimum, health plans and their business associates should move quickly to conduct a documented assessment of the adequacy of their health plan internet applications and other HIPAA compliance in in light of the Resolution Agreement and other developments. Given the scope and diversity of the legal responsibilities, risks and exposures associated with this analysis, most health plan sponsors, fiduciaries, business associates and their management also will want to consider taking other steps to mitigate various other legal and operational risks that lax protection or use of health plan PHI or systems could create for their health plan, its sponsors, fiduciaries, business associates and their management. Health plan fiduciaries, sponsors and business associates and their leaders also generally will want to explore options to use indemnification agreements, liability insurance or other risk management tools as a stop gap against the costs of investigation or defense of a HIPAA security or other data breach.
For Legal or Consulting Advice, Legal Representation, Training Or More Information
If you need help responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
A practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, Ms. Stamer’s more than 27 years’ of leading edge work as an practicing attorney, author, lecturer and industry and policy thought leader have resulted in her recognition as a “Top” attorney in employee benefits, labor and employment and health care law.
Board certified in labor and employment law by the Texas Board of Legal Specialization, a Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on HIPAA and other health and other employee benefit, human resources, and related insurance, health care, privacy and data security and tax matters and policy.
Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy.
Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes.
As a key part of this work, Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements.
She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. In these and other engagements, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
In the course of this work, Ms. Stamer has accumulated an impressive resume of experience advising and representing clients on HIPAA and other privacy and data security concerns. The scribe for the American Bar Association (ABA) Joint Committee on Employee Benefits annual agency meeting with the Department of Health & Human Services Office of Civil Rights for several years, Ms. Stamer has worked extensively with health plans, health care providers, health care clearinghouses, their business associates, employer and other sponsors, banks and other financial institutions, and others on risk management and compliance with HIPAA and other information privacy and data security rules, investigating and responding to known or suspected breaches, defending investigations or other actions by plaintiffs, OCR and other federal or state agencies, reporting known or suspected violations, business associate and other contracting, commenting or obtaining other clarification of guidance, training and enforcement, and a host of other related concerns. Her clients include public and private health plans, health insurers, health care providers, banking, technology and other vendors, and others. Beyond advising these and other clients on privacy and data security compliance, risk management, investigations and data breach response and remediation, Ms. Stamer also advises and represents clients on OCR and other HHS, Department of Labor, IRS, FTC, DOD and other health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She also is the author of numerous highly acclaimed publications, workshops and tools for HIPAA or other compliance including training programs on Privacy & The Pandemic for the Association of State & Territorial Health Plans, as well as HIPAA, FACTA, PCI, medical confidentiality, insurance confidentiality and other privacy and data security compliance and risk management for Los Angeles County Health Department, ISSA, HIMMS, the ABA, SHRM, schools, medical societies, government and private health care and health plan organizations, their business associates, trade associations and others.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas. She also works as a policy advisor and advocate to health plans, their sponsors, administrators, insurers and many other business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, seewww.cynthiastamer.com,or http://www.stamerchadwicksoefje.com the member of contact Ms. Stamer via emailhere or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also may be interested reviewing other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:
Discrimination Rules Create Risks For Employer Reliance On Injunction Of FMLA Rule On Same-Sex Partners’ Marital Status
Obama Executive Order’s Prohibition Of Government Contractor Sexual Orientation & Gender Identity Discrimination Creates Challenges For All US Employers
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.
With the Obama Administration construing the United States Supreme Court’s King v. Burwell decision as a green light for its full implementation and enforcement of the Patient Protection & Affordable Care Act (ACA), U.S. businesses should brace for both increases in health benefit costs and liabilities over the next year as well as take prompt action to identify and mitigate potential excise tax and other exposures from any unaddressed compliance deficiencies in their 2014 or 2015 health plans as soon as possible and no later than the due date for filing their 2014 business tax return.
As health benefit costs continue their upward trend, many businesses and their leaders plan to look for new options to manage costs and liabilities following the King decision. In most cases, businesses assume they can delay these actions until the beginning of their upcoming health plan year, not realizing their company’s potential liability exposures from existing and past defects. Businesses and their leaders who have held off updating their health plan compliance and expect to delay completion of these activities until the beginning of their upcoming health plan year are likely to be in for a rude awakening, however, particularly since a much underappreciated Sarbanes-Oxley style provision of the Internal Revenue Code will require employer or other group health plan sponsors to self-report, self-assess and pay stiff excise tax penalties when filing their company’s 2014 business tax return unless their group health plan complied with a long list of ACA and other federal health plan rules in 2014.
Employer Health Benefit & Other Compensation Up, Costs Exposures Projected To Continue To Rise
While many businesses delayed making tough choices about their health plan design and compliance over the past several years in hopes of some judicial or Congressional relief from the mandates and costs of ACA, businesses generally have continued to struggle with ever-rising compensation and benefit costs, with health benefit costs the biggest challenge. Recent U.S. Bureau of Labor Statistics (BLS) data confirms what business leaders already know. Compensation and benefit costs rose over the past year, with health benefit costs remaining a big factor in these increased costs. According to BLS, employer compensation costs rose slightly and health benefit costs remained the largest individual benefit cost for employers during the 12-month period ending March 31, 2015, according to the U.S. Bureau of Labor Statistics (BLS). See BLS Employment Cost Index News Release (April 30, 2015).
The BLS Employer Costs For Employee Compensation Report, March 2015 released June 10, 2015 Report) shows private employers spent an average of $31.65 per hour worked for compensation in March 2015 with health benefits accounting averaging 7.7 percent of this average employer total compensation cost per employee. This compares to BLS showing that in March 2014, In March 2014, total employer compensation costs for private industry workers averaged $29.99 per hour worked, with wages and salaries averaging $20.96 per hour (69.9 percent) and benefits averaging $9.03 per hour (30.1 percent). See BLS Employer Costs For Employee Compensation, March 2014 (June 12, 2014)(2014 Report).
BLS data on health benefit and other compensation and benefit costs and trends provides many interesting insights for business as well as government leaders and the role health benefit cost increases play in these increased expenditures. For instance, BLS statistics show for private employers on average during the 12-month period ending March 31, 2015:
Compensation costs for private industry workers increased 2.8 percent over the year, higher than the March 2014 increase of 1.7 percent;
Wages and salaries increased 2.8 percent, also higher than the March 2014 increase of 1.7 percent;
Benefits costs rose 2.6 percent, which was higher than March 2014, when the increase was 1.8 percent; and
Health benefits on average increased 2.5 percent over during the 12-month period that ended on March 31, 2015, rising from the March 2014 increase in compensation costs of 1.8 percent.
Businesses Must Prepare For Impending ACA Enforcement While Dealing With Upsurge In Health Benefit Costs
While the continued rise in the average hourly cost of health benefits for employers is significant in its own right, the reported health benefit cost and employer health cost data in the Report does not include additional reporting and other compliance and risk management costs, which in light of the explosion in employer group health plan mandates since the passage of the Patient Protection and Affordable Care Act (ACA). Research indicates that the employer plan design changes slowed the upward trend in employer health benefit expenditures that otherwise would have occurred in 2015. This upward trend is projected to continue if not accelerate in 2016, however.
The 2015 Report shows these upward increases in employer costs for health benefits and other compensation continued in the first quarter of 2015. Concerning health benefits, for instance, the 2015 Report shows health benefit costs paid by employers averaged $2.43 per hour worked (7.7 percent of total compensation)in private industry in March 2015, compared to the average health benefit costs BLS reported. In comparison, the 2014 Report indicated in March, 2014, the average cost for health insurance benefits in private industry was $2.36 per hour worked in March 2014 (7.9 percent of total compensation).
Overall health benefit costs and associated compliance expenses of employers that elect to continue to offer health benefits for employees are projected to rise throughout 2015 and 2016 as ACA driven mandates and market changes drive up employer’s direct health benefit costs. See, e.g. Employers’ Health Costs Projected to Rise 6.5% for 2016.
The trend data and judicial and political developments indicate that business leaders can look for these trends not only to continue, but accelerate. With an impending responsibility to self-report violations of ACA and various of federal health plan mandates imminent, business leaders should brace to deal with any deficiencies in compliance in their 2014 and 2015 health plans much sooner than they might have expected following the Supreme Court’s King v. Burwell decision last week. President Obama made clear last week he views the King ruling as giving the Internal Revenue Service, Department of Labor and Department of Health & Human Services the all clear for full implementation and enforcement of ACA and other federal health plan rules. While these overall enforcement exposures will play out over the next several years, many employers are poised to experience the first bite of these new enforcement exposures over the next few months, when the Internal Revenue Code will require that employers that offered health coverage for employees in 2014 self-assess, report and pay stiff new excise tax penalties of $100 per day per violation when filing their 2014 tax return unless their program complied with all of a long list of ACA or other federal law mandates in addition to otherwise applicable exposures under the Employee Retirement Income Security Act (ERISA) and other laws. See, Businesses Must Confirm & Clean Up Health Plan ACA & Other Compliance Following Supreme Court’s King v. Burwell Decision. Since prompt self-audit and correction can help mitigate these liabilities, business leaders should act quickly to engage experienced legal counsel for their companies for help in evaluating, within the scope of attorney client privilege, the adequacy of their 2014 and 2015 health plan compliance, options for addressing potential exposures from any compliance deficiencies, and for advice and assistance to decide whether to offer health benefits going forward and if so, aid in designing and implementing their future health benefit program to enhance its defensibility. While businesses inevitably will need to involve or coordinate with their accounting, broker, and other vendors involved with the plans, businesses generally will want to get legal advice in a manner that preserves their potential to claim attorney-client privilege to protect against discovery in the event of future enforcement or litigation actions sensitive discussions and analysis about compliance audits, plan design choices, and other risk management and liability planning as well as to get help evaluating potential future plan design changes or proposed solutions to known or suspected liability exposures, particularly in light of complexity of the exposures and risks.
For Legal or Consulting Advice, Legal Representation, Training Or More Information
If you need help responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
Recognized as a “Top” attorney in employee benefits, labor and employment and health care law extensively involved in health and other employee benefit and human resources policy and program design and administration representation and advocacy throughout her career, Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick │Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than 27 years’ experience practicing at the forefront of employee benefits and human resources law.
A Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms.Stamer is recognized nationally and internationally for her practical and creative insights and leadership on health and other employee benefit, human resources and insurance matters and policy.
Ms. Stamer helps management manage. Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.
Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.
Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.
Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.
Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.
Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see www.cynthiastamer.com, or www.stamerchadwicksoefje.com the member of contact Ms. Stamer via email here or via telephone to (469) 767-8872.
About Solutions Law Press, Inc.™
Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile at here.
Employers Urged Not Overestimate When Plan Qualifies As Excepted Or Overlook Other Applicable Federal Mandates
Changes to the definition of “excepted benefits” in Final Excepted Benefit Rules (Rules) published March 18, 2015 by the Departments of Labor, Health and Human Services, and Treasury (Tri-Agencies) might allow some employer and union group health plan sponsors, in limited circumstances, to offer wraparound coverage to certain employees purchasing individual health insurance in the private market, including in the Health Insurance Marketplace without violating the Patient Protection & Affordable Care Act (ACA) if the arrangements are carefully crafted to meet the specific requirements of one of two pilot programs set forth in the Rules.
Employers contemplating or maintaining arrangements that they or their service providers consider excepted benefits should use care to ensure that their arrangements are vetted in light of the latest guidance by experienced, qualified employee benefits counsel knowledgeable in these and other applicable group health plan rules and products because it is important to meet all of the requirements for qualifying the arrangement as an excepted benefit arrangement under the Rules and other applicable requirements of law to minimize the likelihood that the arrangement does not produce undesirable unanticipated consequences.
Beyond the new Rules, the Tri-Agencies have published a host of other guidance regarding the arrangements that qualify as excepted benefit arrangements and those that the Tri-Agencies view as not meeting this definition, as well as the implications of these distinctions. This includes guidance that reflects the Tri-Agencies concerns that many arrangements prompted by certain brokers or other advisors as qualifying as excepted benefits, alone or in conjunction with other arrangements sponsored or offered by the employer, do not qualify as excepted benefit arrangements as well as guidance about potential consequences of these arrangements that the promoter or an employer considering these arrangements should fully understand before moving forward, For this reason, employers that already provide, or are interested in providing health coverage under an employer sponsored arrangement to employees or their dependents enrolled in individual health coverage through the Health Insurance Marketplace or other privately provided individual insurance arrangement are urged to carefully review the proposed arrangement in light of the Rules, as well as to understand the treatment and implication of their proposed arrangement under other applicable Federal group health plan mandates and rules.
As interpreted by the Tri-Agencies, except for excepted benefit arrangements as defined in the Rules, employers generally cannot pay for individual health coverage or offer or provide wrap around or other group health coverage to employees that enroll in individual coverage The Rules amend the definition of excepted benefits to include under very narrow specified conditions an employer to offer specified limited coverage that wraps around individual health insurance when the employer provided coverage is specifically designed to provide “meaningful benefits” such as coverage for expanded in-network medical clinics or providers, reimbursement for the full cost of primary care, or coverage of the cost of prescription drugs not on the formulary of the primary plan and otherwise fulfills the requirements of the Rules.
The final rules permit group health plan sponsors, only in the limited circumstances identified in the Rules, to offer wraparound coverage to employees who are purchasing individual health insurance in the private market, including in the Health Insurance Marketplace.
The Rules establish two pilot programs where the Rules treat wraparound coverage as an excepted benefit that an employers can offer to individuals enrolled in health coverage through the Health Insurance Marketplace:
One allows wraparound benefits only for multi-state plans in the Health Insurance Marketplace; and
One that allows wraparound benefits for part-time workers who enroll in an individual health insurance policy or in Basic Health Plan coverage for low-income individuals established under the Affordable Care Act. These workers could, under existing excepted benefit rules, qualify for a flexible spending arrangement alternative to this wraparound coverage.
When the requirements of the Rules are met, the Rules allow employers a narrow opportunity to offer certain employees enrolled in individual coverage wrap around health coverage from the employer to enhance that individual coverage.
Because the arrangement must qualify as an excepted benefit arrangement under the Rules, employers also need to fully understand the implications of the excepted health benefit status of the anticipated arrangement under related rules like the Portability Rules of the Health Insurance Portability & Accountability Act (HIPAA), the ACA rules and other relevant laws and arrangements.
Because of the necessity to ensure that any arrangement an employer contemplates offering as an excepted benefit meet all of the required conditions to qualify for that status under the Rules and otherwise meet all other requirements of applicable law, it is important to carefully review any such proposed arrangement with qualified legal counsel.
Most employers contemplating moving forward to implement such arrangements also should consider seeking written opinions of qualified counsel that meets the Internal Revenue Service’s requirements to be a “tax reliance opinion” as well as the written opinion of the broker, insurer or other vendor promoting or endorsing the arrangement.
Employers also should keep in mind that with excepted benefit status may excuse the arrangement from the obligation to comply with certain mandates of ACA, the Portability Rules of the Health Insurance Portability & Accountability Act or certain other rules, these arrangements generally remain subject to the requirements of the Employee Retirement Income Security Act, various Code rules, and a host of other federal rules. As a result, employers should consult with qualified legal counsel about the implications and compliance of these and other health coverage arrangements to ensure that they properly understand all responsibilities and consequences of these arrangements and manage potential responsibilities and liabilities.
Employers and their health plan fiduciaries, administrators, and vendors are reminded that the excepted benefit distinction has implications on other compliance obligations and health plan treatment of the arrangement in question. For instance, excepted benefit coverage typically does not qualify as minimum excepted coverage that an employer can count as providing minimum essential coverage for purposes of the Code Section 4980H employer shared responsibility payment rules or as enrollment by the individual in minimum individual coverage for purposes of the employee avoiding liability for the individual shared responsibility payment.
Beyond ensuring that the proposed wrap around arrangement meets the requirements to qualify as an excepted benefit under the Rules, employers and those working with them on the design or use of these arrangements need to verify that the arrangements and other arrangements of the employer by their terms and in operation comply with other health plan rules and guidance. With regard to dealings with employees who are enrolled in individual policies, employers must keep in mind the Tri-Agencies rules prohibiting employer payment or subsidization of the costs of those policies. The Tri-Agencies have made clear that they construe ACA as prohibiting employer payment or reimbursement of the cost of individual health insurance policies (other than excepted benefit only arrangements) p covering employees or dependents whether purchased from a Health Insurance Marketplace or otherwise. This prohibition extends to any employer payment or reimbursement arrangement, whether pre-tax or after-tax or on a group or individual basis. See Notice 2015-17 (affirming employer payment plans or other arrangements that reimburse or pay employees for costs of individual health coverage purchased through Health Insurance Marketplaces or private insurance markets are prohibited as previously announced in Notice 2013-54). See also ACA Prohibits Employer Paying Individual Health Premiums For Employees, IRS Says Again.
About the Author
If your business need legal advice about the your health or other employee benefit or human resources practices, assistance assessing or resolving potential past or existing compliance exposures, or monitoring and responding to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.com or by registering to receive these and other updates here. Recent examples of these updates include:
Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, an ABA Joint Committee On Employee Benefits Council representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a Fellow in the American College of Employee Benefit Counsel, ABA, and State Bar of Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health plans and insurers about ACA, and a wide range of other plan design, administration, data security and privacy and other compliance risk management policies. Ms. Stamer also regularly represents clients and works with Congress and state legislatures, EBSA, IRS, EEOC, OCR and other HHS agencies, state insurance and other regulators, and others. She also publishes and speaks extensively on health and other employee benefit plan and insurance, staffing and human resources, compensation and benefits, technology, public policy, privacy, regulatory and public policy and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.com.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.
NOTE: This article is provided for educational purposes. It is does not establish any attorney-client relationship nor provide or serve as a substitute for legal advice to any individual or organization. Readers must engage properly qualified legal counsel to secure legal advice about the rules discussed in light of specific circumstances. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, or (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here.
Employee benefit plan sponsors, administrators, fiduciaries and the banks, insurers and other service providers involved in the investment or management of plan assets that currently rely upon existing Employee Benefit Security Administration (EBSA) limited scope audit regulations to avoid the expense and other burdens of conducting full scale audits of certain employee benefit plan assets held by banks, insurers and certain other regulated entities should watch for EBSA proposals to repeal or tighten these regulations in response to recommendations in a new report published by the U.S. Department of Labor Office of Inspector General (OIG) . If adopted by the EBSA, plans sponsors, administrators and fiduciaries could expect to incur significant increases in the annual audit expenses of their employee benefit plans, banks, insurers and other organizations currently covered by the small scope audit exception could expect greater scrutiny and expenses when dealing with employee benefit plan accounts, and all of these parties could expect greater fiduciary risk and other compliance obligations.
Repealing or tightening the EBSA limited scope audit regulations and finalizing proposed conflict of interest rules are two key recommendations that OIG urges EBSA to adopt to strengthen its ability to fulfill its mission to protect the security of retirement, health, and other private‐sector employer‐sponsored benefit plans for America’s workers, retirees, and their families in the Top Management Challenges Facing the Department of Labor report (Report) just released by the OIG.
While ERISA generally requires plan asset audits on most employee benefit plan assets, the small scope audit rule of the Employee Retirement Income Security Act (ERISA) currently authorizes so‐called “limited scope audits” for plan assets held in certain banks, insurance companies and certain other qualifying entities under the presumption that these organizations and their actions with respect to the assets are being audited by other entities for other purposes. As a result, the independent public accountants that conduct their audits express “no opinion” on the financial statements of the assets they hold on behalf of plans.
According to the OIG Report, this small scope audit rule inappropriately challenges EBSA’s oversight efforts by allowing as much as $3.3 billion in pension assets held in otherwise regulated entities, such as banks to “escape audit scrutiny.” The Report states, “These limited scope audits weaken assurances to stakeholders and may put retirement plan assets at risk because they provide little or no confirmation regarding the existence or value of plan assets.
In addition to attacking the small scope audit rule, OIG also urges EBSA to finalize its long awaited rules defining prohibited conflicts of interest for parties and individuals providing investment advice to employee benefit plans that EBSA has been working on since 2010. The so‐called “conflict of interest ‐‐ fiduciary investment advice rule” would broaden the definition of investment advice fiduciary for ERISA plans and individual retirement accounts to try to reduce the opportunities for financial conflicts of interest to compromise the impartiality of investment advice in the retirement savings marketplace.
Accordingly, the OIG Report concludes that EBSA should “concentrate on issuing final regulations on the so‐called “conflict of interest rule” and continue its work to obtain legislative changes repealing the limited‐scope audit exemption. In the interim, EBSA should continue to expand upon its existing authority to clarify and strengthen limited scope audit regulations and evaluate the ERISA Council’s recommendations on the issue.”
The OIG recommendations in the Report are likely to refuel pressure on EBSA to finalize the fiduciary investment advice rule and tighten or eliminate the small scope audit rule. Since either or both of these actions would likely increase the expense and other responsibilities and risks associated with the investment and maintenance of employee benefit plan assets, plan sponsors, fiduciaries, administrators, banks, insurers, investment advisors and others involved in the investment or administration of employee benefit plans and their assets should both carefully monitor the response of the EBSA to the OIG recommendations and react promptly to provide feedback to help shape any changes to manage these costs and expenses.
About Author Cynthia Marcotte Stamer
If you need help evaluating or monitoring the implications of these developments or reviewing or updating your health benefit program for compliance or with any other employment, employee benefit, compensation or internal controls matter, please contact the author of this article, attorney Cynthia Marcotte Stamer.
A Fellow in the American College of Employee Benefits Council, immediate past-Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPPT Employee Benefits & Other Compensation Arrangements, an ABA Joint Committee on Employee Benefits Council Representative, the ABA TIPS Employee Benefit Plan Committee Vice Chair, former ABA Health Law Section Managed Care & Insurance Interest Group Chair, past Southwest Benefits Association Board Member, Employee Benefit News Editorial Advisory Board Member, and a widely published speaker and author, Ms. Stamer has more than 24 years experience advising businesses, plans, fiduciaries, insurers. plan administrators and other services providers, and governments on health care, retirement, employment, insurance, and tax program design, administration, defense and policy. Nationally and internationally known for her creative and highly pragmatic knowledge and work on health benefit and insurance programs, Ms. Stamer’s experience includes extensive involvement in advising and representing these and other clients on ACA and other health care legislation, regulation, enforcement and administration.
Widely published on health benefit and other related matters, Ms. Stamer’s insights and articles have been published by the HealthLeaders, Modern Health Care, Managed Care Executive, the Bureau of National Affairs, Aspen Publishers, Business Insurance, Employee Benefit News, the Wall Street Journal, the American Bar Association, Aspen Publishers, World At Work, Spencer Publications, SHRM, the International Foundation, Solutions Law Press and many others.
For additional information about Ms. Stamer and her experience, see www.CynthiaStamer.com.
For Added Information and Other Resources
If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:
If you need assistance in auditing or assessing, updating or defending your organization’s compliance, risk manage or other internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.
Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping employers and other management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit and management policies and practices. Her experience includes extensive work helping employers implement, audit, manage and defend union-management relations, wage and hour, discrimination and other labor and employment laws, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions. The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, re-engineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters.She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters.Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see hereor contact Ms. Stamer directly.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.com.
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.
A $6.48 million judgment against Direct TV satellite television installer, Bruister and Associates Inc.(BAI) its sole owner, Herbert Bruister, and other trustees of two BAI-sponsored employee stock ownership plans shows plan sponsors and trustees involved in stock purchase transactions where employee stock ownership plans commonly referred to as “ESOPs” and other employee benefit plan buy or hold investments in the stock of plan sponsors or other related businesses the risks of failing to conduct the transactions to ensure that the transactions are prudently performed and otherwise conducted in compliance with the Employee Retirement Income Security Act (ERISA) fiduciary responsibility requirements.
BAI Lawsuit & Judgment Highlights
The BAI judgment stems from a Department of Labor lawsuit that charged BAI, along with BAI board members and plan trustees Bruister and Amy Smith, and plan trustee Jonda Henry engaged in prohibited transactions and breached other fiduciary duties under ERISA by causing the plans to purchase 100 percent of BAI’s shares for $24 million in three sales transactions conducted between December 2002 to December 2005.
According to court documents, Bruister, Smith and Henry, as plan fiduciaries, engaged in prohibited transactions by causing the plans to pay excessive prices for BAI stock purchased from Bruister. For each purchase, the Labor Department charged the fiduciaries used flawed valuations prepared by Matthew Donnelly and his firm, Business Appraisal Institute.
The court also found that the three fiduciaries breached their duty of loyalty from start to finish. Additionally, Bruister and his attorney David Johanson went so far as to fire the initial attorney representing the plans because that attorney was too thorough. Moreover, the court found that Bruister and Johanson exercised undue influence over Donnelly’s valuations, and that as a result, Donnelly was not sufficiently independent to provide valuations for the plans.
The court concluded that Bruister, Henry and Smith, in their role as plan fiduciaries, failed to properly represent plan participants’ interests, and that they unreasonably relied on an appraiser who so obviously lacked independence. The court reasoned, “An informed trustee would not have remained idle while the seller communicated directly with the employee stock ownership trust’s independent appraiser and financial advisor to elevate the price at the participants’ expense.”
Although Johanson was not a fiduciary, the court found his conduct worthy of comment because he both was the attorney for the seller and structured each sale. The court noted that Johanson attempted to influence the valuations in Bruister’s favor, and the testimony Johanson gave at trial did not support his denials. The court even noted that Johanson coached Donnelly during a break in his deposition to retract his testimony that Johanson represented Bruister individually. “History rebuts Johanson’s suggestion that he did not interfere with Donnelly’s valuations and raises doubts as to each of the subject transactions,” the court said.
The order requires Bruister, Smith and Henry to jointly pay $4.5 million in restitution to the plans and requires Bruister to pay an additional $1.98 million in prejudgment interest. The order also held Bruister Family LLC liable with all defendants for $885,065 and jointly liable with Bruister for $390,604.
Company Stock Investments Carry Special ERISA Risks
Purchases of company stock by an ESOP or other employee benefit plan can create a wide range of risks under ERISA’s fiduciary responsibility rules. When making investment or other decisions under an employee benefit plan, the general fiduciary duty standards of ERISA § 404 generally require plan fiduciaries to act prudently and solely in the interest of participants and beneficiaries. Meanwhile, except in certain narrow circumstances and subject to fulfillment of ERISA § 404, the prohibited transaction rules of ERISA § 406 among other things prohibits plan fiduciaries from causing the plan to engage in a transaction, if he knows or should know that such transaction is a direct or indirect:
Sale or exchange, or leasing, of any property between the plan and a party in interest;
Furnishing of goods, services, or facilities between the plan and a party in interest;
Transfer to, or use by or for the benefit of a party in interest, of any assets of the plan; or
Acquisition, on behalf of the plan, of any employer security or employer real property in violation of section 1107 (a) of this title.
As for all plan investment transactions, detailed, unbiased valuation documentation showing the prudence of any decision to invest or hold the investments of the plan in company stock is critical when determining the initial purchase or sale prices for plan transactions involving company stock. Since the sponsoring company is a party-in-interest of the plan, holding, must less using plan assets to purchase company stock or other activities resulting in the inclusion of company stock among the plan assets held by the plan creates presumptions of impropriety that impose higher than usual burdens upon the plan, its sponsor and fiduciaries to prove the appropriateness of the transaction. See e.g., Pfeil v. State Street Bank & Trust Co., 671 F.3d 585 (6th Cir. 2012). As ESOP transactions to purchase company stock inherently require a host of complicated party-in-interest and other conflict of interest concerns, these risks are particularly heightened. Employee benefit plans, their fiduciaries and sponsors the need to continuously and prudently conduct documented monitoring and evaluations evaluate and monitor the investment of plan assets in company stock,the analysis and decisions about whether to continue to keep and offer this stock under the plan, as well as the qualifications, credentials and conduct of the fiduciaries and others empowered to influence these decisions. The Labor Department’s statement in announcing the Parrot litigation sums up the messages from these cases. “Plan officials are required by law to manage the ESOP in a careful, prudent manner and to act solely to benefit the plan’s participants,” said Jean Ackerman, director of the Employee Benefit Security Administration’s (EBSA’s) San Francisco Regional Office, which. “This action underscores the department’s commitment to protect the benefits that employers promise to their employees.”
In light of these exposures, plan fiduciaries, sponsors and their management, service providers and consultants participating in these activities need to both act with care and carefully document their actions to position to defend potential challenges.
Plans, their sponsors and fiduciaries also should ensure that appropriate steps are taken in selecting the fiduciaries, management and service providers responsible for administering or overseeing the administration of their plans, the selection of vendors, and other critical details. Appropriate background checks and other credentialing should be done both at commencement and periodically. Bonding and fiduciary liability insurance should be arranged and reviewed periodically along with their activities. Documentation of these and other steps should be carefully created and preserved.
When and if a change in stock value or other event that could compromise the investment occurs, consideration should be given as to the responsibilities that such events create under ERISA. As company leaders often have dual responsibilities to both the company and the plan, it is important that the company sponsoring the plan, its management and owners learn in advance how these responsibilities impact each other so that they are aware of the issues and have a good understanding of responsibilities and options as situations evolve.
Businesses and business leaders that fail to conduct and maintain the necessary evidence that these requirements are met when involving the plan in these transactions risk significant liability.
“Plan fiduciaries have an obligation to work solely in the interest of plan participants,” said Assistant Secretary of Labor for Employee Benefits Security Phyllis C. Borzi.in the Labor Department’s October 31, 2014 announcement of the judgment. “When they fail to do so, the retirement security of workers is put in jeopardy, and we will take action to make plan participants whole.”
For Help or More Information
If you need help reviewing and updating, administering or defending your employee benefit, human resources, insurance, health care matters or related documents or practices to monitor or respond to evolving laws and regulations, drafting or administering programs, resolving or defending audits, investigations or disputes or other employee benefit, human resources, safety, compliance or risk management concerns, please contact the author of this update, Cynthia Marcotte Stamer.
About Ms. Stamer
A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 24 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.
A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.
Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, the editor and publisher of Solutions Law Press HR & Benefits Updateand other Solutions Law Press Publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns see here or contact Ms. Stamer via telephone at 469.767.8872 or via e-mail to cstamer@solutionslawyer.net.
About Solutions Law Press
Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources at www.solutionslawpress.comincluding:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.
November 19, 2014 is the deadline for commenting on a request for information on the use of brokerage windows, self-directed brokerage accounts and similar features in 401(k)-type plans schedule for publication by the Department of Labor in tomorrow’s (August 21, 2014) Federal Register. An advanced copy of the RFI can be viewed here.
Some 401(k)-type plans offer participants access to brokerage windows in addition to, or in place of, specific investment options chosen by the employer or another plan fiduciary. These “window” arrangements can enable or require individual participants to choose for themselves from a broad range of investments. The department received a number of questions about brokerage windows after the publication of a final regulation on participant-level fee disclosure.
According to Assistant Secretary of Labor for Employee Benefits Security Phyllis C. Borzi, the Labor Department’s goal in issuing this RFI is to determine whether, and to what extent, regulatory standards or other guidance about the use of brokerage windows may be necessary to adequately protect participants’ retirement savings. To this end, the RFI asks questions on brokerage windows, including: the scope of investment options typically available through a window; demographic and other information about participants who commonly use brokerage windows; the process of selecting a brokerage window and provider for a plan; the costs of brokerage windows; and what kind of information about brokerage windows and underlying investment options typically is available and disclosed to participants.
Plan fiduciaries, sponsors, and service providers with plans offering these brokerage windows should act promptly to submit their input by the November 19, 2014 deadline.
For Advice, Training & Other Resources
If you need assistance monitoring these and other regulatory policy, enforcement, litigation or other developments, or to review or respond to these or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.
Board Certified in Labor & Employment Law, Past Chair of the ABA RPTE Employee Benefit & Other Compensation Arrangements Group, Co-Chair and Past Chair of the ABA RPTE Welfare Plan Committee, Vice Chair of the ABA TIPS Employee Benefit Plans Committee, an ABA Joint Committee On Employee Benefits Council representative, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a Fellow in the American College of Employee Benefit Counsel, ABA, and State Bar of Texas, Ms. Stamer has more than 25 years’ experience advising health plan and employee benefit, insurance, financial services, employer and health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health plans and insurers about ACA, and a wide range of other plan design, administration, data security and privacy and other compliance risk management policies. Ms. Stamer also regularly represents clients and works with Congress and state legislatures, EBSA, IRS, EEOC, OCR and other HHS agencies, state insurance and other regulators, and others. She also publishes and speaks extensively on health and other employee benefit plan and insurance, staffing and human resources, compensation and benefits, technology, public policy, privacy, regulatory and public policy and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications.
You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of the Cynthia Marcotte Stamer, PC here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile www.cynthiastamer.comor byregistering to participate in the distribution of these and other updates on our HR & Employee Benefits Update distributions here including:
If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. For important information about this communication click here.
NOTE: This article is provided for educational purposes. It is does not establish any attorney-client relationship nor provide or serve as a substitute for legal advice to any individual or organization. Readers must engage properly qualified legal counsel to secure legal advice about the rules discussed in light of specific circumstances.
The following disclaimer is included to ensure that we comply with U.S. Treasury Department Regulations. The Regulations now require that either we (1) include the following disclaimer in most written Federal tax correspondence or (2) undertake significant due diligence that we have not performed (but can perform on request).
ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, or (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
The Office of FCCP posted a third round of Frequently Asked Questions (FAQs) answering questions from contractors and the general public about provisions in the recently published Vietnam Era Veterans’ Readjustment Assistance Act (VEVRAA) and Section 503 of the Rehabilitation Act (Section 503) Final Rules. These FAQs address implementation issues, such as the schedule for contractors to come into compliance with the affirmative action requirements of Subpart C of the new regulations. These latest FAQs, published on the OFCCP Web site and marked with a “NEW” banner, are part of a series of FAQs, guidance materials, and resources that OFCCP is providing to contractors and the public between now and the March 24, 2014, effective date of the new rules.
The VEVRAA FAQs are available here. The Section 503 FAQs are available here.
For Assistance or More Information
If you have questions or need help with these or employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.
A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.
A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.
Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. Her widely respected publications and programs include more than 25 years of publications on health plan contracting, design, administration and risk management including a “Managed Care Contracting Guide” published by the American Health Lawyers Association and numerous other works on vendor contracting. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.
Other Helpful Resources & Other Information
We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here . You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.
Employers should expect heighten scrutiny and enforcement in the labor law areas identified in the “2013 Top Management Challenges Facing the Department List” recently published by the U.S. Department of Labor Office of Inspector General. Employers can expect to see the Labor Department and its component agencies acting to tighten oversight and enforcement in these areas in response to the OIG list.
For 2013, the OIG identified the following as the most serious management and performance challenges facing the Department:
Protecting the Safety and Health of Workers
Protecting the Safety and Health of Miners
Improving Performance Accountability of Workforce Investment Act Grants
Ensuring the Effectiveness of the Job Corps Program
Reducing Improper Payments
Ensuring the Security of Employee Benefit Plan Assets
Securing and Protecting Information Management Systems
Ensuring the Effectiveness of Veterans’ Employment and Training Service Programs
In the report accompanying the OIG list, the OIG presents the challenge, the OIG’s assessment of the Department’s progress in addressing the challenge, and what remains to be done. These top management challenges are intended to identify and help resolve serious weaknesses in areas that involve substantial resources and provide critical services to the public. Typically, the identification of an area of concern by the OIG prompts tightening of processes and enforcement.
For Assistance or More Information
If you have questions or need help with these or employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.
A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.
A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.
Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. Her widely respected publications and programs include more than 25 years of publications on health plan contracting, design, administration and risk management including a “Managed Care Contracting Guide” published by the American Health Lawyers Association and numerous other works on vendor contracting. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.
Other Helpful Resources & Other Information
We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here . You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.
Employers using health reimbursement arrangements (HRAs), health flexible spending plans (HFSAs) or other employer payment plan arrangements under which the employer provides a fixed defined contribution from the employer to employees to use to purchase individual or group health insurance should have those arrangements reviewed for compliance with the Patient Protection & Affordable Care Act (ACA) annual limit and preventive care rules as interpreted by the Departments of Labor, Treasury and Health & Human Service.
The Internal Revenue Service and the Employee Benefit Security Administration construe ACA as requiring that these arrangements be properly integrated with health insurance coverage that otherwise complies with the Affordable Care Act’s annual limit and preventive care rules to avoid violating ACA in recent guidance published in IRS Notice 2013-54 and EBSA Technical Release No. 2013-04.
Employers that use HRAs, HFSAs, or other employer defined contribution style arrangements to reimburse employees for individual or group insurance coverage should review their arrangements to ensure that they are properly designed to comply with ACA’s annual limit, preventive care and other mandates.
For Help or More Information
If you need help understanding or dealing with these impending notification requirements, with other 2014 health plan decision-making or preparation, or with reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.
A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.
A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.
Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.
Other Resources
If you found this of interest, you may also be interested in the following recent publications by Ms. Stamer published by Solutions Law Press, Inc.:
For important information about this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Employers and other employee benefit plan sponsors, benefit plan fiduciaries, and their advisors and service providers should review and update their health and employee benefit plan’s definitions of “spouse,” “marriage” and “dependent” in light of new guidance from the Department of Labor Wage & Hour Division (WHD) guidance under the Family & Medical Leave Act and the Employee Benefit Security Administration (EBSA) guidance under the under the Employee Retirement Income Security Act (ERISA) on the effect of the Supreme Court’s finding of the Defense of Marriage Act unconstitutional in United States v. Windsor on their family leave and employee benefit plan obligations to employees involved in same-sex domestic partnership relationships. When doing so, employers and employee benefit plan sponsors, fiduciaries and administrators also should keep in mind that the Defense of Marriage Act ruling is only one of a number of recent developments fueling an evolution in the traditional concepts of marriage, dependent and family and their effect on employment and employee benefit policies and practices. Accordingly, when reviewing these arrangements, employers and their benefit plans need to be reviewed and updated to keep abreast of and comply with these evolving practices and standards.
On June 26, 2013, the Windsor decision struck down the provisions of the Defense of Marriage Act that denied federal benefits to legally married, same-sex couples.
In Technical Release No. 2013-04 published on September 18, 2013, the EBSA states the Department plans to issue additional guidance in the coming months as it consults with the Department of Justice and other federal agencies to implement the Winsor decision. In the meanwhile, however, EBSA says that in general, the terms “spouse” and “marriage” in Title I of ERISA and in related department regulations should be read to include same-sex couples legally married in any state or foreign jurisdiction that recognizes such marriages, regardless of where they currently live.
The EBSA guidance follows the publication by the WHD of guidance on the effect of the Windsor decision on the family leave responsibilities of employers covered by the FMLA to employees involved in same-sex domestic partnership relationships in Fact Sheet #28F: Qualifying Reasons for Leave under the Family and Medical Leave Actpublished by the WHD earlier in August. In that guidance, WHD updated its definition of “spouse” for purposes of the FMLA to mean “husband or wife as defined or recognized under state law for purposes of marriage in the state where the employee resides, including “common law” marriage and same-sex marriage.”
The Windsor decision and these new pieces of related guidance reflect the evolving nature of marriage and family increasingly incorporated into federal and state employment and employee benefit law. While the Labor Department promises that additional guidance on the Defense of Marriage Act will be forthcoming the future, the new guidance makes clear that employers should review their existing employment and employee benefit plans in light of the Windsor decision and evolving precedent. Employers, employee benefit plans, their sponsors, fiduciaries and administrators should not assume that existing definitions will have the intended effect or be compliant. Rather, they should assess the existing language in light of the decision and the evolving guidance and make appropriate adjustments as necessary to ensure that their plans properly document the desired treatment in accordance with the evolving guidance and precedent. In doing so, employers also should review other definitions of dependent, kin, family and related concepts to ensure they are up to date with the FMLA, the Patient Protection & Affordable Care Act, the Defense of Marriage Act-related guidance and other current regulations.
For Help or More Information
If you need help understanding or dealing with these impending notification requirements, with other 2014 health plan decision-making or preparation, or with reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.
A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.
A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.
Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.
Other Resources
If you found this of interest, you may also be interested in the following recent publications by Ms. Stamer published by Solutions Law Press, Inc.:
For important information about this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
In celebration of the third annual National Health IT Week is September 16-20, the Centers for Medicare & Medicaid Services (CMS) will host several webinars and launching new eHealth tools and resources that it intends to help providers participate in eHealth programs. These programs may be of interest to providers as well as payers who are interested in what providers are doing to use eHealth tools.
The eHealth Provider Webinar will be held on Thursday, September 19th from 12:00 p.m. to 1:30 p.m. ET. CMS plans to present an overview of the eHealth programs and its eHealth initiative—an initiative that aligns health IT and electronic standards programs on:
Administrative Simplification
eRx Incentive Program
ICD-10
Quality Measurement
A portion of the webinar will also be dedicated to Q&A.
Registration Information
Space is limited. Register now to secure your spot for the eHealth Provider Webinar. Once registration is complete, you will receive a follow-up email with step-by-step instructions on how to log-in to the webinar. Listserv messages are sent prior to each webinar session with registration information.
If you’d like to view past webinars, the PowerPoint presentations and recordings can now be accessed on the Resources page of the eHealth website. For more information about CMS’ eHealth Initiatives, visit the CMS eHealth website for the latest news and updates on CMS’ eHealth initiatives.
For Help or More Information
If you need help understanding or dealing with these eHealth or other health and health benefit programs, or with other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.
A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.
A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.
Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.
Other Resources
If you found this of interest, you may also be interested in the following recent publications by Ms. Stamer published by Solutions Law Press, Inc. including:
For important information about this communication see here. THE FOLLOWING DISCLAIMER IS INCLUDED TO COMPLY WITH AND IN RESPONSE TO U.S. TREASURY DEPARTMENT CIRCULAR 230 REGULATIONS. ANY STATEMENTS CONTAINED HEREIN ARE NOT INTENDED OR WRITTEN BY THE WRITER TO BE USED, AND NOTHING CONTAINED HEREIN CAN BE USED BY YOU OR ANY OTHER PERSON, FOR THE PURPOSE OF (1) AVOIDING PENALTIES THAT MAY BE IMPOSED UNDER FEDERAL TAX LAW, OR (2) PROMOTING, MARKETING OR RECOMMENDING TO ANOTHER PARTY ANY TAX-RELATED TRANSACTION OR MATTER ADDRESSED HEREIN.
Posted by Cynthia Marcotte Stamer 
slphrbenefitsupdate.com 
You must be logged in to post a comment.