Fiduciary Liability |

Brace For Health Plan OCR HIPAA Audits

March 22, 2016

Employer and union sponsored health plans, their sponsors, fiduciaries, and business associates should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) follow OCR’s 2016 audit program on the heels of its announcement last week of two large HIPAA settlements last week.

OCR confirmed today it is sending emails notifying health plans, healthcare providers, healthcare clearing houses (Covered Entities) and their business associates identified as part of the kickoff of its next phase of audits of Covered Entities. In light of the HIPAA verification rules and the notorious spread of opportunistic identity theft and other fraud by opportunistic Cybercriminals following these types of announcements, Covered Entities and business associates should carefully verify the requests validity and manage the response to avoid violating HIPAA in responding and position for defensibility against potential penalties.

Even if health plans or other Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.

To catch up on this latest guidance, Solutions Law Press, Inc. ™ invites you to register to participate in a special WebEx briefing on “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” on Wednesday, March 30, 2016 beginning at Noon Central Time on Wednesday, March 30, 2016.

2016 Audit Program

In its 2016 Phase 2 HIPAA Audit Program, OCR will review the policies and procedures adopted and employed by Covered Entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. OCR says it will primarily conduct these audits as desk audits, although some on-site audits will be conducted.

According to today’s announcement, the 2016 audit process begins with verification of an entity’s address and contact information. OCR is sending emails to Covered Entities and business associates requesting that contact information be provided to OCR on time. OCR will then send a pre-audit questionnaire to gather data about the size, type, and operations of potential audit targets. OCR says this data will be used with other information to create potential audit subject pools. Recipients should contact qualified legal counsel immediately for advice and assistance about proper procedures to verify the email is in fact from OCR and for assistance in responding.

If an entity does not respond to OCR’s request to verify its contact information or pre-audit questionnaire, OCR will use publicly available information about the entity to create its audit subject pool. Therefore an entity that does not respond to OCR may still be selected for an audit or subject to a compliance review. Communications from OCR will be sent via email and may be incorrectly classified as spam. If your entity’s spam filtering and virus protection are automatically enabled, OCR expects entities to check their junk or spam email folder for emails from OCR.

The announcement also reflects that OCR is still developing other aspects of the audit program. OCR will post updated audit protocols on its website closer to conducting the 2016 audits. The audit protocol will be updated to reflect the HIPAA Omnibus Rulemaking and can be used as a tool by organizations to conduct their own internal self-audits as part of their HIPAA compliance activities.

OCR says its audits will enhance industry awareness of compliance obligations and enable OCR to better target technical assistance regarding problems identified through the audits. Through the information gleaned from the audits, OCR will develop tools and guidance to aid the industry in compliance self-evaluation and in preventing breaches. OCR plans to use results and procedures used in the phase 2 audits to develop its permanent HIPAA audit program.

OCR Settlements Show Enforcement Risk

The audit program announcement comes less than a week after OCR announced millions of dollars of new penalties under settlements with two Covered Entities:

A $1,555,000 settlement with North Memorial Health Care of Minnesota;
A $3.9 million settlement with Feinstein Institute for Medical Research.

The two settlements drive home again the substantial liability that health care providers, health plans, health care clearinghouses and their business associates risk for violating HIPAA.

Feinstein Settlement

Feinstein is a biomedical research institute organized as a New York not-for-profit corporation sponsored by Northwell Health, Inc., formerly known as North Shore Long Island Jewish Health System, a large health system headquartered in Manhasset, New York comprised of 21 hospitals and over 450 patient facilities and physician practices.

OCR’s investigation began after Feinstein filed a breach report indicating that on September 2, 2012, a laptop computer containing the electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI stored in the laptop included the names of research participants, dates of birth, addresses, social security numbers, diagnoses, laboratory results, medications, and medical information about potential participation in a research study.

OCR’s investigation discovered that Feinstein’s security management process was limited in scope, incomplete, and insufficient to address potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI held by the entity. Further, Feinstein lacked policies and procedures for authorizing access to ePHI by its workforce members, failed to implement safeguards to restrict access to unauthorized users, and lacked policies and procedures to govern the receipt and removal of laptops that contained ePHI into and out of its facilities. For electronic equipment procured outside of Feinstein’s standard acquisition process, Feinstein failed to implement proper mechanisms for safeguarding ePHI as required by the Security Rule.

“Research institutions subject to HIPAA must be held to the same compliance standards as all other HIPAA-covered entities,” said OCR Director Jocelyn Samuels. “For individuals to trust in the research process and for patients to trust in those institutions, they must have some assurance that their information is kept private and secure.”

The resolution agreement and corrective action plan may be found on the OCR website at http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/Feinstein/index.html.

North Memorial

The Feinstein settlement announcement follows yesterday’s announcement of a $1.5 million plus settlement with North Memorial to resolve HIPAA charges that it failed to implement a business associate agreement with a major contractor and failed to institute an organization-wide risk analysis to address the risks and vulnerabilities to its patient information. North Memorial is a comprehensive, not-for-profit health care system in Minnesota that serves the Twin Cities and surrounding communities.

The settlement highlights the importance for healthcare providers, health plans, healthcare clearinghouses and their business associates to comply with HIPAA’s business associate agreement and other HIPAA organizational, risk assessment, privacy and security, and other requirements.

OCR’s announcement emphasizes the importance of meeting these requirements. “Two major cornerstones of the HIPAA Rules were overlooked by this entity,” said Director Samuels. “Organizations must have in place compliant business associate agreements as well as an accurate and thorough risk analysis that addresses their enterprise-wide IT infrastructure.”

The settlement comes from charges filed after OCR initiated its investigation of North Memorial following receipt of a breach report on September 27, 2011, which indicated that an unencrypted, password-protected laptop was stolen from a business associate’s workforce member’s locked vehicle, impacting the ePHI of 9,497 individuals.

OCR’s investigation indicated that North Memorial failed to have in place a business associate agreement, as required under the HIPAA Privacy and Security Rules, so that its business associate could perform certain payment and health care operations activities on its behalf. North Memorial gave its business associate, Accretive, access to North Memorial’s hospital database, which stored the ePHI of 289,904 patients. Accretive also received access to non-electronic protected health information as it performed services on-site at North Memorial.

The investigation further determined that North Memorial failed to complete a risk analysis to address all of the potential risks and vulnerabilities to the ePHI that it maintained, accessed, or transmitted across its entire IT infrastructure — including but not limited to all applications, software, databases, servers, workstations, mobile devices and electronic media, network administration and security devices, and associated business processes.

In addition to the $1,550,000 payment, North Memorial is required to develop an organization-wide risk analysis and risk management plan, as required under the Security Rule. North Memorial will also train appropriate workforce members on all policies and procedures newly developed or revised pursuant to this corrective action plan.

The Resolution Agreement and Corrective Action Plan can be found on the HHS website at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/north-memorial-health-care/index.html.
Settlement Latest Reminder To Manage HIPAA Risks.

Following up on OCR’s imposition of its second-ever HIPAA Civil Monetary Penalty (CMP) and the latest in an ever-growing list of settlements by Covered Entities under HIPAA, these latest settlements illustrate the substantial liability that Covered Entities face for violating HIPAA. To avoid these liabilities, Covered Entities must constantly be diligent to comply with the latest guidance of OCR about their obligations under HIPAA.

As OCR continues to issue additional guidance as well as supplement this guidance through information shared in settlement agreements like the North Memorial settlement, even if Covered Entities reviewed their practices in the last 12-months, most will want to update this review in response to new OCR guidance and enforcement actions, including new guidance on obligations to provide plan members or other subjects of protected health information with access to or copies of their records and other guidance, as well as the ever-expanding list of enforcement actions by OCR.

Since the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA, Covered Entities face growing responsibilities and liability for maintaining the security of ePHI.

In response to HITECH, OCR continues to use a carrot and stick approach to encouraging and enforcing compliance. As demonstrated by OCR’s imposition of the second-ever HIPAA Civil Monetary Penalty (CMP) of $239,000 against Lincare and the ever-growing list of Resolution Agreements OCR announces with other Covered Entities, OCR continues to step up enforcement against Covered Entities that breach the Privacy and Security Rules. See OCR’s 2nd-Ever HIPAA CMP Nails Lincare For $239,000.

On the other hand, OCR also continues to encourage voluntary compliance by Covered Entities by sharing guidance and tools to aid Covered Entities to understand fulfill their HIPAA responsibilities such as the HIPAA Security Rule Crosswalk to NIST Cybersecurity Framework (Crosswalk) unveiled by OCR on February 24, 2016.The crosswalk that maps the HIPAA Security Rule to the standards of the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the Cybersecurity Framework) as well as mappings to certain other commonly used security frameworks.

While stating that the HIPAA Security Rule does not require use of the NIST Cybersecurity Framework, OCR says it hopes the Crosswalk will provide “a helpful roadmap” for HIPAA Covered Entities and their business associates to understand the overlap between the NIST Cybersecurity Framework, the HIPAA Security Rule, and other security frameworks that can help Covered Entities safeguard health data in a time of increasing risks and help them to identify potential gaps in their programs.

At the same time, OCR’s announcement of its release of the Crosswalk also cautions users that “use of the Framework does not guarantee HIPAA compliance.” Rather, OCR says “the crosswalk provides an informative tool for entities to use to help them more comprehensively manage security risks in their environments.

With a USA Today report attributing more than 40 percent of data breaches to the healthcare industry over the last three years 91 percent of all health organizations having reporting breaches over the last two years, OCR has made clear that it intends to zealously investigate and enforce the Security Rules against Covered Entities that violate the Security Rules against Covered Entities that fail to take suitable steps to safeguard the security of PHI as required by the HIPAA Security Rule.

To meet these requirements, the HIPAA Security Rule requires that Covered Entities conduct and be prepared to product documentation of their audit and other efforts to comply with the Security Rule Most Covered Entities will want to consider including an assessment of the adequacy of their existing practices under the Crosswalk and other requirements disclosed by OCR in these assessments to help position the Covered Entity to defend or mitigate HIPAA CMP and other liabilities in the event of a HIPAA breech or audit.

Changing Rules Complicate Compliance

In addition to maintaining adequate security, HIPAA also requires Covered Entities to provide individuals with the right to access and receive a copy of their health information from their providers, hospitals, and health insurance plans in accordance with the HIPAA Privacy Rule. In response to recurrent difficulties experienced by individuals in exercising these rights, OCR recently published supplemental guidance to clarify and promote better understanding and compliance with these rules by Covered Entities. OCR started this process in January, 2015 by releasing a comprehensive fact sheet (Access fact sheet) and the first in a series of topical frequently asked questions (FAQs) addressing patients’ right to access their medical records, which set forth requirements providers must follow in sharing medical records with patients, including that they must do so in a timely manner and in a format that works for the patient.

Earlier this month, OCR followed up by publishing on March 1, 2016 a second set of FAQs addresses additional issues, including the fees individuals may be charged for copies of their health information and the right of individuals to have their health information sent directly to a third party if they so choose.

Covered entities and their business associates should expect OCR to ask about use of these tools in audits and investigations. Accordingly, they should move quickly to review and update their business associate agreements and other practices to comply with this new guidance as well as watch for further guidance and enforcement about these practices from OCR.

Other Key HIPAA Regulatory & Enforcement Changes Raise Responsibilities & Risks

OCR’s new guidance on access to PHI follows a host of other regulatory and enforcement activities. While the particulars of each of these new actions and guidance vary, all send a very clear message: OCR expects Covered Entities and their business associates to comply with HIPAA and is offering tools and other guidance to aid them in that process. In the event of a breach or audit, Covered Entities and their business associates need to be prepared to demonstrate their efforts to comply.

Those that cannot show adequate compliance efforts should be prepared for potentially substantial CMP or Resolution Agreement payments and other sanctions.

Register For 3/30 Webex Briefing

Solutions Law Press, Inc.™ invites to catch up on the latest guidance on the Covered Entities’ responsibility under HIPAA to provide access to patients to PHI by registering here to participate in the “HIPAA Update: The Latest On Security, Patient Access & Other HIPAA Developments” Webex briefing by attorney Cynthia Marcotte Stamer that Solutions Law Press, Inc.™ will host beginning at Noon Central Time on Wednesday, March 30, 2016.

About The Author

Cynthia Marcotte Stamer is a practicing attorney and management consultant, author, public policy advocate and lecturer widely recognized for her extensive work and pragmatic thought leadership, experience, publications and training on HIPAA and other privacy, medical records and data and other health care and health plan concerns.
Recognized as “LEGAL LEADER™ Texas Top Rated Lawyer” in both Health Care Law and Labor and Employment Law, a “Texas Top Lawyer,” an “AV-Preeminent” and “Top Rated Lawyer” by Martindale-Hubble and as among the “Best Lawyers In Dallas” in employee benefits 2015 by D Magazine; Ms. Stamer has more than 28 years of extensive proven, pragmatic knowledge and experience representing and advising health industry clients and others on operational, regulatory and other compliance, risk management, product and process development, public policy and other key concerns.

As a core component of her work as the Managing Shareholder of Cynthia Marcotte Stamer, PC, the Co-Managing Member of Stamer Chadwick Soefje PLLC, Ms. Stamer has worked extensively throughout her nearly 30 year career with health care providers, health plans, health care clearinghouses, their business associates, employers, banks and other financial institutions, their technology and other vendors and service providers, and others on legal and operational risk management and compliance with HIPAA, FACTA, PCI, trade secret, physician and other medical confidentiality and privacy, federal and state data security and data breach and other information privacy and data security rules and concerns; prevention, investigation, response, mitigation and resolution of known or suspected data or privacy breaches or other incidents; defending investigations or other actions by plaintiffs, OCR, FTC, state attorneys’ general and other federal or state agencies; reporting and redressing known or suspected breaches or other violations; business associate and other contracting; insurance or other liability management and allocation; process and product development, contracting, deployment and defense; evaluation, commenting or seeking modification of regulatory guidance, and other regulatory and public policy advocacy; training and discipline; enforcement, and a host of other related concerns for public and private health care providers, health insurers, health plans, technology and other vendors, employers, and others.

Beyond her extensive involvement advising and defending clients on these matters, Ms. Stamer also has served for several years as the scrivener for the ABA JCEB’s meeting with OCR for many years. She returns as Chair of the Southern California ISSA Health Care Privacy & Security Summit for the third year in 2016, as well as speaks and serves on the steering committee of a multitude of other programs.

A Fellow in the American College of Employee Benefit Counsel, the American Bar Foundation and the Texas Bar Foundation, Ms. Stamer also shares shared her thought leadership, experience and advocacy on HIPAA and other concerns by her service in the leadership of a broad range of other professional and civic organization including her involvement as the Vice Chair of the North Texas Healthcare Compliance Association, Executive Director of the Coalition on Responsible Health Policy and its PROJECT COPE; Coalition on Patient Empowerment, a founding Board Member and past President of the Alliance for Healthcare Excellence, past Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; former Board President of the early childhood development intervention agency, The Richardson Development Center for Children; former Board Compliance Chair and Board member of the National Kidney Foundation of North Texas, current Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, current Vice Chair of Policy for the Life Sciences Committee of the ABA International Section, Past Chair of the ABA Health Law Section Managed Care & Insurance Section, a current Defined Contribution Plan Committee Co-Chair, former Group Chair and Co-Chair of the ABA RPTE Section Employee Benefits Group, immediate past RPTE Representative to ABA Joint Committee on Employee Benefits Council Representative and current RPTE Representative to the ABA Health Law Coordinating Counsel, former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division, past Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee, a former member of the Board of Directors of the Southwest Benefits Association and others.

Ms. Stamer also is a highly popular lecturer, symposia chair and author, who publishes and speaks extensively on health and managed care industry, human resources, employment and other privacy, data security and other technology, regulatory and operational risk management. Examples of her many highly regarded publications on these matters include “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security: Beyond HIPAA,” as well as thousands of other publications, programs and workshops these and other concerns for the American Bar Association, ALI-ABA, American Health Lawyers, Society of Human Resources Professionals, the Southwest Benefits Association, the Society of Employee Benefits Administrators, the American Law Institute, Lexis-Nexis, Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, the HCCA, ISSA, HIMSS, Modern Healthcare, Managed Healthcare, Institute of Internal Auditors, Society of CPAs, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other symposia and publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications and speaks and conducts training for a broad range of professional organizations and for clientson the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. For additional information about Ms. Stamer, see CynthiaStamer.com or the Stamer│Chadwick │Soefje PLLC or contact Ms. Stamer via email here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Solutions Law Press, Inc.™ provides human resources and employee benefit and other business risk management, legal compliance, management effectiveness and other coaching, tools and other resources, training and education on leadership, governance, human resources, employee benefits, data security and privacy, insurance, health care and other key compliance, risk management, internal controls and operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press, Inc.™ resources at www.solutionslawpress.com such as:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information including your preferred e-mail by creating or updating your profile here. ©2016 Cynthia Marcotte Stamer. Non-exclusive right to republish granted to Solutions Law Press, Inc.™ All other rights reserved.

Comments Off on Brace For Health Plan OCR HIPAA Audits | Brokers, Civil Rights, compensation, compliance, Corporate Compliance, Cybercrime, Data Breach, Data Security, employee, Employee Benefits, FACTA, fiduciary duty, Fiduciary Responsibility, Financial Security, GINA, health benefit, Health Benefits, health Care, health insurance, health insurance marketplace, health plan, Health Plans, HIPAA, HIPAA, Hospitality, HR, Human Resources, Identity Theft, Insurance, insurers, Internal Controls, Management, Medicare Part D, Mental Health, Mental Health Parity, MEWA, Obamacare, Patient Empowerment, Prescription Drugs, Privacy, Professional Liability, Risk Management, third party administrators, Uncategorized, Wellness, Wellness Programs, Workforce | Tagged: Data Breach, Data Security, Employee Benefits, ERISA, Fiduciary Liability, financial privacy, Health Insurance, Health Plan, Health Plans, HIPAA, Medical Privacy, OCR, Office of Civil Rights, Privacy | Permalink
Posted by Cynthia Marcotte Stamer

Sponsoring Employers Face Excise Taxes, Other Liabilities Unless Health Plans Comply With ACA Out-Of-Pocket & Other Federal Rules

August 21, 2015

Employers sponsoring health plans and members of their management named as plan fiduciaries or otherwise having input or oversight over the health plan should verify their company’s group health plan meets the out-of-pocket maximum rules of the Patient Protection and Affordable Care Act (ACA) § 1302(c)(1) as well as a long list of other federal health benefit rules to minimize the risk that violations will obligate the sponsoring employer to self-assess, self-report on IRS Form 8928, and pay a $100 per day per violation excise tax penalty and while expose the plan and its fiduciaries to fiduciary or other liability under the Employee Retirement Income Security Act (ACA). Consequently, sponsoring employers and their management generally will want to ensure that their plan documents are properly updated to comply with the out-of-pocket maximum and other federal requirements, to require contractual commitments to administer the health plan in compliance with and to report, correct, and indemnify for violations of these requirements in vendor contracts with their health plan insurers, administrators and other vendors, and conduct documented audits to verify the health plan’s operational compliance with these requirements as interpreted by the Department of Health & Human Services (HHS), Department of Labor (DOL) and Internal Revenue Service (IRS) in form and operation.

Employers, Insurers & Plan Fiduciaries Face Big Risks From Out-Of-Pocket Limit & Other Federal Health Plan Rule Violations

As amended by ACA, health plan violations of ACA and various other federal health plan mandates carry big risks for health plans, their sponsoring employers, and representatives of sponsoring employers, insurers and third party administrators responsible as fiduciaries for administering a group health plan in accordance with these federal rules. As amended by ACA, federal law imposes significant penalties against plans, their fiduciaries and even the sponsoring employer if the group health plan violates the ACA out-of-pocket limit or a long list of other ACA and other federal group health rules. Group health plans can face lawsuits from covered persons, their health care providers as assignees or the DOL, to enforce rights to benefits, plus attorneys’ fees and other costs of enforcement. Beyond benefit litigation, the employer or representatives of the sponsoring employer, if any, named or acting as fiduciaries, insurer or third party service providers named or acting as fiduciaries, also could face fiduciary lawsuits seeking damages, equitable relief, and attorneys’ fees and costs of court, for failing to prudently administer the plan in accordance with its terms and the law brought by covered persons or their beneficiaries or the DOL as well as fiduciary breach penalties if the fiduciary breach action is brought by the DOL. If the plan fails to comply with claims and appeals procedures or other ERISA notification requirements, parties named or functioning as the plan administrator for this purpose also could face penalties of up to $125 per violation per day in the case of enforcement actions brought by participants and beneficiaries or $1025 per violation per day in the case of actions brought by the DOL, plus attorneys’ fees and other costs of enforcement.

Except in rare circumstances where the sponsoring employer has carefully contracted to transfer fiduciary liability to its insurer or administrator and otherwise does not exercise or have a fiduciary obligation to exercise discretion or control over these responsibilities, employers sponsoring group health plans that violate federal mandates like the out-of-pocket limit often ultimately bear some or all of these liabilities even if the violation actually was committed by a plan vendor hired to administer the program either because the plan documents name the employer as the “named fiduciary” or “plan administrator” under ERISA, the employer bears fiduciary responsibility functionally for selection or oversight of the culpable party, the employer signed a contract, resolution or plan document obligating the employer to indemnify the service provider for the liability, or a combination of these reasons. Even where the employer avoids these direct or indirect ERISA exposures, however, employers now also need to be concerned that out-of-pocket limitation or other federal health plan rule violations will trigger expensive excise tax liability for the sponsoring employer.

Since prompt self-audit and correction can help mitigate these liabilities, business leaders should act quickly to engage experienced legal counsel for their companies for advice about how to audit their group health plan’s 2014 and 2015 compliance with the out-of-pocket limit and other federal health plan rules within the scope of attorney client privilege while managing fiduciary exposures that could result if the audit is improperly structured or conducted, as well as options for addressing potential 2014, 2015 and future years excise tax and other exposures that compliance deficiencies with these rules could trigger.

Of course, health insurance issuers, administrative service providers, brokers and consultants also face risks when health programs they sell or help administer are not properly designed, documented or administered in compliance with federal health plan rules. Since ACA generally extends the duty to comply with its out-of-pocket and many other reforms directly to insurers, insurers that issue non-compliant group or individual health plans generally risk direct liability for violations. Even where the violation doesn’t trigger direct liability for an insurer, third party or other administrative services provider, broker or consultant to an employer or fiduciary of a noncompliant health plan, these vendors generally need to be concerned about liability risks under a variety of theories. When the involvement includes discretionary involvement in the plan administration, of course, the vendor or advisor could face liability for breach of fiduciary duty under ERISA as ERISA defines fiduciary functionally. Even when not a fiduciary, however, insurance, administrative services or other plan vendors and consultants also should keep in mind that employers and fiduciaries that incur unexpected excise tax or other liability for an improperly designed or administered plan are likely to look to the consultants and brokers, administrative or other services or other vendors or advisors they relied on to help design or administer the group health plan. As a consequence, such vendors and consultants should use care to advise, and appropriately document their efforts to fully inform their clients and the appropriateness of their actions both to promote and preserve the client relationship and to guard against potential malpractice, deceptive marketing, breach of contract or other claims that unhappy employers or fiduciaries are likely to lodge against advisors or vendors who the employer or fiduciary relied upon to help design or properly document or administer the group health plan. Ensuring that clients obtain proper legal advice and review both helps mitigate liability for the client and, when done with sufficient timeliness to prevent or mitigate a compliance problem, the legal and relationship risks of the broker or consultant or other vendor that foreseeably often follow when a plan sponsor or fiduciary gets nailed for a noncompliant plan.

When working to manage risks, all parties should recognize the potential benefits of proper involvement of legal counsel in the process. While sponsoring businesses inevitably will need to involve or coordinate with their accounting, broker, and other vendors involved with the plans, businesses generally will want to get legal advice in a manner that preserves their potential to claim attorney-client privilege to protect against discovery in the event of future enforcement or litigation actions sensitive discussions and analysis about compliance audits, plan design choices, and other risk management and liability planning as well as to get help evaluating potential future plan design changes or proposed solutions to known or suspected liability exposures, particularly in light of complexity of the exposures and risks.

Since the Form 8928 self-reporting and $100 per day excise tax penalty against employers sponsoring plans violating the out-of-pocket maximum and many other federal health care reforms became effective in 2014, time is of the essence. The Supreme Court’s recent King v. Burwell decision makes it particularly important that employers and other group health plan sponsors, and those named or serving functionally as the plan administrator or other fiduciary responsible for properly administering the group health plan in accordance with these rules move quickly to manage these risks. With the continued limited Republican majority in the Senate, Republicans lack sufficient votes to override a promised Presidential veto of any legislation that would repeal or substantially modify ACA. Accordingly, employers and fiduciaries should not expect relief for current or 2014 violations to come from Congress anytime soon. What they can expect, however, is enforcement to accelerate. resident Obama is moving to help ensure that his Presidential Legacy includes implementation of ACA and to mitigate ACA’s budgetary impacts by collecting excise tax and other penalties from insurers, plan administrators and employers by instructing the Tri-Agencies to move forward on full implementation and enforcement of ACA and other federal health plan rules. As a consequence, employers that sponsored group health coverage in 2014 need to confirm that their plan complied with the out-of-pocket maximum and other specified federal health plan rules or take timely action to self-assess, report on the Internal Revenue Service (IRS) Form 8928, and pay the $100 per day per violation penalty required by the Internal Revenue Code for 2014 when filing their 2014 business tax return. Consequently, employer and other group health plan sponsors, their management, fiduciaries and vendors should move quickly to assess 2014 and current compliance and take corrective action as needed as quickly as possible.

Allowable Out-Of-Pocket Limit Amounts For 2014-2016

The ACA out-of-pocket maximum limitation is one of many broad health care reforms enacted by ACA. Under its provisions, federal law now limits the amount of the maximum deductible, co-payments or other cost sharing that most employer or union sponsored group health plans can impose on essential health benefits to the out-of-pocket limitation allowed by ACA § 1302(c)(1). See Public Health Service (PHS) Act §2707(b).

The out-of-pocket limitations of $6,350 for individual only coverage and $12,700 for other than self-only coverage that first took effect with the 2014 plan year, are subject to annual adjustment for inflation under ACA §1302(c)(4) by the premium adjustment percentage beginning this plan year. The IRS recently announced the adjusted limitations that will apply to the 2015 and 2016 plan years. The applicable limits for 2014-2016 are as follows based on this guidance:

Plan Year	Individual Coverage Only	Other Than Self-Only
2014	$6,350	$12,700
2015	6,600	13,200
2016	6,850	13,700

Since noncompliance with this limitation is one of a long list of federal health plan mandates that triggers a duty for the sponsoring employer to self-assess, report and pay an excise tax of $100 per day per violation for post-2013 plan years, employers that sponsored health plans in 2014 generally will want to verify that their plan complied with this out-of-pocket rule in 2014 and ensure that its 2015 plan has been updated to reflect the adjusted limit and otherwise comply with its requirements.

In this respect, the final HHS Notice of Benefit and Payment Parameters for 2016 (2016 Payment Notice) clarifies that the self-only maximum annual limitation on cost sharing applies to each individual, regardless of whether the individual is enrolled in self-only coverage or in coverage other than self-only.

While employers can design their group health plans to apply higher out-of-pocket limitations on coverages for non-essential benefits and out-of-network care, plans designed to take advantage of this permitted distinction must be carefully administered to ensure that the limits allowed for non-essential benefits are not improperly applied to essential benefit coverages under the plan. Employers are cautioned to use care to avoid this from occurring by drafting the plan terms and requiring fiduciaries to administer the plan to ensure that:

The plan properly essential and non-essential health benefits, both in terms and in operation;
The limit is properly applied and calculated with respect to all benefits considered essential health benefits; and
The application of higher out-of-pocket limitations for non-essential benefits does not violate other federal health plan rules such as special federal health plan rules regarding out-of-network emergency care, mental health coverage parity, coverage for newborns and mothers, or the like.

Ensure Plan Language & Operations Comply With Tri-Agency Out-Of-Pocket Guidance & Other Federal Health Plan Rules Harder Than Might Seem

Updating the out-of-pocket maximum rules of a group health plan to comply with the ACA out-of-pocket maximum rule can be more complicated than many employers or plan fiduciaries might realize since the plan terms, and its administration must comply in form and operation with the regulations and other interpretations of the three agencies jointly responsible for administration and enforcement of this and various other federal health plan rules: the Departments of Health & Human Services (HHS), Internal Revenue Service (IRS), and Labor (DOL) (collectively, the “Tri-Agencies”).

In the case of ACA’s out-of-pocket maximum rules, the Tri-Agencies already have supplemented the guidance in their implementing regulations by publishing a FAQ that gives additional clarification and examples that the Tri-Agencies intend to help explain the proper administration of the rule. Group health plans, their insurers or other fiduciaries, as well as sponsoring employers should take into account all of this existing guidance when reviewing and assessing the compliance of their group health plans, as well as stay vigilant for the publication of additional guidance.

Existing guidance on the out-of-pocket maximum rule states that group health plans and insurance policies generally must count toward the out-of-pocket maximum limit all deductibles, coinsurance, copayments, or similar charges and any other expenditure the group health plan requires a covered person to pay for a qualified medical expense that is an “essential health benefit” within the meaning of ACA other than premiums, balance billing amounts for non-network providers and other out-of-network cost-sharing, or spending for non-essential health benefits.

One of the first considerations should be to ensure that the plan document and parties responsible for administer it properly understand and apply the rule to all charges falling within coverage for “essential health benefits.” Technically, the out-of-pocket limitation only applies to coverage of “essential health benefits” within the meaning of ACA, in any group health plan, whether insured or self-insured. What benefits are considered “essential health benefits” is defined by Tri-Agency regulations. The definition of “essential health benefits” in these Tri-Agency regulations is complicated and generally varies by state, even when the group health plan is self-insured. Sponsors of self-insured group health plans and employers sponsoring plans covering individuals in different states generally will want to seek legal advice about the adequacy of their group health plan’s essential health benefit definition to make sure that these rules and their limitations are met.

When applying these limits, employers, insurers, and administrators of group health plans attempting to distinguish non-essential health coverages such as prescription drug, behavior health, or dental coverages provided separately from otherwise applicable major medical coverage should consult with legal counsel to confirm that those arrangements comply with existing guidance on ACA’s out-of-pocket maximum and other federal mandates in form and operation. This analysis generally should both verify that the plan documents and administrative processes incorporate these requirements generally into the plan document as well as include provisions to ensure that these requirements are properly integrated with other federal mandates requiring cost-sharing for emergency care in the case of behavioral health coverage, the applicable federal mental health parity mandates, and other federal health plan rules. Special care and scrutiny should be applied if the group health plan uses multiple service providers to help administer benefits (such as one third-party administrator for major medical coverage, a separate pharmacy benefit manager, and a separate managed behavioral health organization).

Special care also is needed if a group health plan uses separate plan service providers to administer the plan or certain of its provisions. Separate plan service providers may impose different levels of out-of-pocket limitations and may utilize different methods for crediting participants’ expenses against any out-of-pocket maximums. Administrators, insurers or other fiduciaries responsible for administration of these coverages must properly coordinate, and sponsoring employers should consult with legal counsel about auditing their plans for proper coordination of these processes across these different service providers.

Along with making specific plan document and process changes to provide for proper implementation and administration of the out-of-pocket and other federal coverage and benefit mandates, all parties also should review the claims and appeals procedures used in connection with the processing and notification of covered persons about claims and appeals determinations made about denials to ensure that they fully comply with both the DOL’s reasonable claims and appeals regulations and, in the case of non-grandfathered health plans, ACA’s special independent review and other heightened requirements for administering and notifying covered persons or their beneficiaries about claim denials or appeals as any of these violations could trigger the obligation for the sponsoring employer to self-report on IRS Form 8928 and pay the $100 per day per violation ERISA liability for the plan and its fiduciaries, as well as other penalties under ERISA §502(c).

Sponsoring Employers, Plan Fiduciaries and Vendors Should Act To Manage Exposures

Since violations trigger substantial excise tax liability for the sponsoring employer, as well as expose the group health plan and its sponsor, members of management or others acting as fiduciaries to judgments, regulatory penalties, and associated investigation, defense settlement and other costs and disruptions, most sponsoring employers and their leaders generally will want to consult with qualified legal counsel knowledgeable about these health plan rules and their management about steps that they should take to prevent or mitigate legal and financial exposures that violations of the out-of-pocket maximum and other federal health plan mandates can trigger. Timely action generally both can help prevent future violations and their expensive redress and mitigate penalties and other exposures incurred for violations, if any, that may have or in the future inadvertently occur.

Such risk management steps generally might include:

Having their plan document reviewed and updated as necessary to comply with the out-of-pocket maximum and other federal health plan rules;
Using care in when selecting and contracting with plan insurers or other vendors, by credentialing the vendor and its practices, including provisions requiring insurers, administrators and other group health plan vendors to provide contractual commitments that the policies and other plan documentation, systems and practices provided by the vendor are and will be administered in accordance with the out-of-pocket and other legal mandates, to provide certification of compliance and notice of violations, correction and indemnification of compliance deficiencies, and other related assurances and taking other documented prudent safeguards to require compliant practices;
Auditing as part of the vendor selection and renewal process and at other times throughout the year the operational compliance of the administration of the group health plan and taking corrective action as needed;
Ensuring that stop-loss, group or other insurance coverages are drafted to include catchall language to help ensure that the employer does not get left unexpectedly self-insuring the cost of funding benefits mandated by law that the carrier asserts fall outside the policy coverage because of gaps between drafting and the law;
Arranging for fiduciary liability, directors and officers or other coverage, indemnification from financially secure vendors, or other backup funding to help protect or mitigate the potential costs or liabilities that the sponsoring employer or its plan fiduciaries can expect to incur in the event of a challenge to the compliance of their group health plan or its practices; and
Work with qualified legal counsel experienced with these matters to help structure, conduct and document compliance efforts and learn what steps should be taken to prevent or quickly mitigate compliance concerns and contain risks and seeking advice promptly about remediation of risks in the event a compliance concern arises.

For Legal or Consulting Advice, Legal Representation, Training Or More Information

If you need help reviewing your group health plan or responding to these new or other workforce, benefits and compensation, performance and risk management, compliance, enforcement or management concerns, help updating or defending your workforce or employee benefit policies or practices, or other related assistance, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Recognized as a “Top” attorney in employee benefits, labor and employment and health care law extensively involved in health and other employee benefit and human resources policy and program design and administration representation and advocacy throughout her career, Cynthia Marcotte Stamer is a practicing attorney and Managing Shareholder of Cynthia Marcotte Stamer, P.C., a member of Stamer│Chadwick│Soefje PLLC, author, pubic speaker, management policy advocate and industry thought leader with more than 27 years’ experience practicing at the forefront of employee benefits and human resources law.

A Fellow in the American College of Employee Benefit Counsel, past Chair and current Welfare Benefit Committee Co-Chair of the American Bar Association (ABA) RPTE Section Employee Benefits Group, Vice Chair of the ABA Tort & Insurance Practice Section Employee Benefits Committee, former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, an ABA Joint Committee on Employee Benefits Council Representative and Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, Ms. Stamer is recognized nationally and internationally for her practical and creative insights and leadership on health and other employee benefit, human resources and insurance matters and policy.

Ms. Stamer helps management manage. Ms. Stamer’s legal and management consulting work throughout her 27 plus year career has focused on helping organizations and their management use the law and process to manage people, process, compliance, operations and risk. Highly valued for her rare ability to find pragmatic client-centric solutions by combining her detailed legal and operational knowledge and experience with her talent for creative problem-solving, Ms. Stamer helps public and private, domestic and international businesses, governments, and other organizations and their leaders manage their employees, vendors and suppliers, and other workforce members, customers and other’ performance, compliance, compensation and benefits, operations, risks and liabilities, as well as to prevent, stabilize and cleanup workforce and other legal and operational crises large and small that arise in the course of operations.

Ms. Stamer works with businesses and their management, employee benefit plans, governments and other organizations deal with all aspects of human resources and workforce management operations and compliance. She supports her clients both on a real time, “on demand” basis and with longer term basis to deal with daily performance management and operations, emerging crises, strategic planning, process improvement and change management, investigations, defending litigation, audits, investigations or other enforcement challenges, government affairs and public policy. Well known for her extensive work with health care, insurance and other highly regulated entities on corporate compliance, internal controls and risk management, her clients range from highly regulated entities like employers, contractors and their employee benefit plans, their sponsors, management, administrators, insurers, fiduciaries and advisors, technology and data service providers, health care, managed care and insurance, financial services, government contractors and government entities, as well as retail, manufacturing, construction, consulting and a host of other domestic and international businesses of all types and sizes. Common engagements include internal and external workforce hiring, management, training, performance management, compliance and administration, discipline and termination, and other aspects of workforce management including employment and outsourced services contracting and enforcement, sentencing guidelines and other compliance plan, policy and program development, administration, and defense, performance management, wage and hour and other compensation and benefits, reengineering and other change management, internal controls, compliance and risk management, communications and training, worker classification, tax and payroll, investigations, crisis preparedness and response, government relations, safety, government contracting and audits, litigation and other enforcement, and other concerns.

Ms. Stamer uses her deep and highly specialized health, insurance, labor and employment and other knowledge and experience to help employers and other employee benefit plan sponsors; health, pension and other employee benefit plans, their fiduciaries, administrators and service providers, insurers, and others design legally compliant, effective compensation, health and other welfare benefit and insurance, severance, pension and deferred compensation, private exchanges, cafeteria plan and other employee benefit, fringe benefit, salary and hourly compensation, bonus and other incentive compensation and related programs, products and arrangements. She is particularly recognized for her leading edge work, thought leadership and knowledgeable advice and representation on the design, documentation, administration, regulation and defense of a diverse range of self-insured and insured health and welfare benefit plans including private exchange and other health benefit choices, health care reimbursement and other “defined contribution” limited benefit, 24-hour and other occupational and non-occupational injury and accident, ex-patriate and medical tourism, onsite medical, wellness and other medical plans and insurance benefit programs as well as a diverse range of other qualified and nonqualified retirement and deferred compensation, severance and other employee benefits and compensation, insurance and savings plans, programs, products, services and activities. As a key element of this work, Ms. Stamer works closely with employer and other plan sponsors, insurance and financial services companies, plan fiduciaries, administrators, and vendors and others to design, administer and defend effective legally defensible employee benefits and compensation practices, programs, products and technology. She also continuously helps employers, insurers, administrative and other service providers, their officers, directors and others to manage fiduciary and other risks of sponsorship or involvement with these and other benefit and compensation arrangements and to defend and mitigate liability and other risks from benefit and liability claims including fiduciary, benefit and other claims, audits, and litigation brought by the Labor Department, IRS, HHS, participants and beneficiaries, service providers, and others. She also assists debtors, creditors, bankruptcy trustees and others assess, manage and resolve labor and employment, employee benefits and insurance, payroll and other compensation related concerns arising from reductions in force or other terminations, mergers, acquisitions, bankruptcies and other business transactions including extensive experience with multiple, high-profile large scale bankruptcies resulting in ERISA, tax, corporate and securities and other litigation or enforcement actions.

Ms. Stamer also is deeply involved in helping to influence the Affordable Care Act and other health care, pension, social security, workforce, insurance and other policies critical to the workforce, benefits, and compensation practices and other key aspects of a broad range of businesses and their operations. She both helps her clients respond to and resolve emerging regulations and laws, government investigations and enforcement actions and helps them shape the rules through dealings with Congress and other legislatures, regulators and government officials domestically and internationally. A former lead consultant to the Government of Bolivia on its Social Security reform law and most recognized for her leadership on U.S. health and pension, wage and hour, tax, education and immigration policy reform, Ms. Stamer works with U.S. and foreign businesses, governments, trade associations, and others on workforce, social security and severance, health care, immigration, privacy and data security, tax, ethics and other laws and regulations. Founder and Executive Director of the Coalition for Responsible Healthcare Policy and its PROJECT COPE: the Coalition on Patient Empowerment and a Fellow in the American Bar Foundation and State Bar of Texas, Ms. Stamer annually leads the Joint Committee on Employee Benefits (JCEB) HHS Office of Civil Rights agency meeting and other JCEB agency meetings. She also works as a policy advisor and advocate to many business, professional and civic organizations.

Author of the thousands of publications and workshops these and other employment, employee benefits, health care, insurance, workforce and other management matters, Ms. Stamer also is a highly sought out speaker and industry thought leader known for empowering audiences and readers. Ms. Stamer’s insights on employee benefits, insurance, health care and workforce matters in Atlantic Information Services, The Bureau of National Affairs (BNA), InsuranceThoughtLeaders.com, Benefits Magazine, Employee Benefit News, Texas CEO Magazine, HealthLeaders, Modern Healthcare, Business Insurance, Employee Benefits News, World At Work, Benefits Magazine, the Wall Street Journal, the Dallas Morning News, the Dallas Business Journal, the Houston Business Journal, and many other publications. She also has served as an Editorial Advisory Board Member for human resources, employee benefit and other management focused publications of BNA, HR.com, Employee Benefit News, InsuranceThoughtLeadership.com and many other prominent publications. Ms. Stamer also regularly serves on the faculty and planning committees for symposia of LexisNexis, the American Bar Association, ALIABA, the Society of Employee Benefits Administrators, the American Law Institute, ISSA, HIMMs, and many other prominent educational and training organizations and conducts training and speaks on these and other management, compliance and public policy concerns.

Ms. Stamer also is active in the leadership of a broad range of other professional and civic organizations. For instance, Ms. Stamer presently serves on an American Bar Association (ABA) Joint Committee on Employee Benefits Council representative; Vice President of the North Texas Healthcare Compliance Professionals Association; Immediate Past Chair of the ABA RPTE Employee Benefits & Other Compensation Committee, its current Welfare Benefit Plans Committee Co-Chair, on its Substantive Groups & Committee and its incoming Defined Contribution Plan Committee Chair and Practice Management Vice Chair; Past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and a current member of its Healthcare Coordinating Council; current Vice Chair of the ABA TIPS Employee Benefit Committee; the former Coordinator and a Vice-Chair of the Gulf Coast TEGE Council TE Division; on the Advisory Boards of InsuranceThoughtLeadership.com, HR.com, Employee Benefit News, and many other publications. She also previously served as a founding Board Member and President of the Alliance for Healthcare Excellence, as a Board Member and Board Compliance Committee Chair for the National Kidney Foundation of North Texas; the Board President of the early childhood development intervention agency, The Richardson Development Center for Children; Chair of the Dallas Bar Association Employee Benefits & Executive Compensation Committee; a member of the Board of Directors of the Southwest Benefits Association. For additional information about Ms. Stamer, see http://www.cynthiastamer.com or the Stamer│Chadwick │Soefje PLLC website or contact Ms. Stamer via email to here or via telephone to (469) 767-8872.

About Solutions Law Press, Inc.™

Comments Off on Sponsoring Employers Face Excise Taxes, Other Liabilities Unless Health Plans Comply With ACA Out-Of-Pocket & Other Federal Rules | ACA, Affordable Care Act, Cafeteria Plans, COBRA | Tagged: 401(k), 6039D, Affordable Care Act, benefit denial, co-payment, Copay, copayment, Corporate Compliance, deductible, EBSA, Employee, Employer, Fiduciary Liability, group health plan, Group Health plans, Health Care Reform, Health Plan, Health Plans, Insurance, insured, IRS, out-of-pocket maximum, participants, Patient Protection & Affordable Care Act, Patient Protection and Affordable Care Act, self-insured, third party administrator | Permalink
Posted by Cynthia Marcotte Stamer

Legal Review Of Health Plan Documents, Processes Needed To Mitigate Employer’s Excise Tax & Other Health Plan Risks

August 21, 2015

Employers sponsoring health plans and members of their management named as plan fiduciaries or otherwise having input or oversight over health plan concerns should verify their company’s group health plan meets the out-of-pocket maximum rules of the Patient Protection and Affordable Care Act (ACA) § 1302(c)(1) as well as a long list of other federal health benefit rules to minimize the risk that violations will compel the sponsoring employer to self-assess, self-report on IRS Form 8928, and pay a $100 per day per violation excise tax penalty and while expose the plan and its fiduciaries to fiduciary or other liability under the Employee Retirement Income Security Act (ACA). Consequently, sponsoring employers and their management generally will want to ensure that their plan documents are properly updated to comply with the out-of-pocket maximum and other federal requirements, to require contractual commitments to administer the health plan in compliance with and to report, correct, and indemnify for violations of these requirements in vendor contracts with their health plan insurers, administrators and other vendors, and conduct documented audits to verify the health plan’s operational compliance with these requirements as interpreted by the Department of Health & Human Services (HHS), Department of Labor (DOL) and Internal Revenue Service (IRS) in form and operation. The new self-reporting and excise tax self-assessment and payment requirements for employers coupled with already long-standing fiduciary and other liabilities for fiduciaries, plan administrators and others makes it important that employers sponsoring group health plans and their management or other leaders overseeing or participating in plan design or vendor selection, plan administration or other plan related activities seek the advice and help of qualified, experienced legal counsel for assistance with conducting an appropriate compliance review and risk assessment of their health plans, correcting or taking other steps to mitigate risks from any past or existing violations, and steps to take to tighten documents, vendor contracts, and processes to mitigate compliance or other risks going forward.

Employers, Insurers & Plan Fiduciaries Face Big Risks From Federal Health Plan Rule Violations

As part of ACA, the Internal Revenue Code now generally requires employers sponsoring a group health plan that violates the ACA out-of-pocket limit or a long list of other federal health plan rules after 2013 to self-assess, report and pay stiff new excise tax penalties of $100 per day per violation when filing their annual tax return. See, Businesses Must Confirm & Clean Up Health Plan ACA & Other Compliance Following Supreme Court’s King v. Burwell　Decision;　 More Work For Employers, Benefit Plans Following SCOTUS Same-Sex Marriage　Ruling; 2016 & 2017 Health Plan Budgets, Workplans Should Anticipate Expected Changes To　SBCs. Since prompt self-audit and correction can help mitigate these liabilities, business leaders should act quickly to engage experienced legal counsel for their companies for advice about how to audit their group health plan’s 2014 and 2015 compliance with the out-of-pocket limit and other federal health plan rules within the scope of attorney client privilege while managing fiduciary exposures that could result if the audit is improperly structured or conducted, as well as options for addressing potential 2014, 2015 and future years excise tax and other exposures that compliance deficiencies with these rules could trigger.

While businesses inevitably will need to involve or coordinate with their accounting, broker, and other vendors involved with the plans, businesses generally will want to get legal advice in a manner that preserves their potential to claim attorney-client privilege to protect against discovery in the event of future enforcement or litigation actions sensitive discussions and analysis　about compliance audits, plan design choices, and other risk management and liability planning as well as to get help identifying potential plan design, contracting, procedural or other changes that may be needed to fix compliance deficiencies and mitigate other risks, particularly in light of complexity of the exposures and risks.

The Supreme Court’s recent King v. Burwell decision makes it particularly important that employers and other group health plan sponsors, and those named or serving functionally as the plan administrator or other fiduciary responsible for properly administering the group health plan in accordance with these rules move quickly to manage these risks. With the continued limited Republican majority in the Senate, Republicans lack sufficient votes to override a promised Presidential veto of any legislation that would repeal or substantially modify ACA. Meanwhile, President Obama is moving to help ensure that his Presidential Legacy includes implementation of ACA and to mitigate ACA’s budgetary impacts by collecting excise tax and other penalties from insurers, plan administrators and employers by instructing the Tri-Agencies to move forward on full implementation and enforcement of ACA and other federal health plan rules. As a consequence, employers that sponsored group health coverage in 2014 need to confirm that their plan complied with the out-of-pocket maximum and other specified federal health plan rules or take timely action to self-assess, report on the Internal Revenue Service (IRS) Form 8928, and pay the $100 per day per violation penalty required by the Internal Revenue Code for 2014 when filing their 2014 business tax return.

Adjusted Out-Of-Pocket Limit Amounts

Plan Year	Individual Coverage Only	Other Than Self-Only
2014	$6,350	$12,700
2015	6,600	13,200
2016	6,850	13,700

The plan properly essential and non-essential health benefits, both in terms and in operation;
The limit is properly applied and calculated with respect to all benefits considered essential health benefits; and
The application of higher out-of-pocket limitations for non-essential benefits does not violate other federal health plan rules such as special federal health plan rules regarding out-of-network emergency care, mental health coverage parity, coverage for newborns and mothers, or the like.

Ensure Plan Language & Operations Comply With Tri-Agency Out-Of-Pocket Guidance & Other Federal Health Plan Rules

Sponsoring Employers, Plan Fiduciaries and Vendors Should Act To Manage Exposures

As a part of these efforts, steps that plan sponsors and fiduciaries generally should take include.

Having plan documents and other plan materials and communications carefully review and drafted to meet mandates and mitigate risks;
Using care in when selecting and contracting with plan insurers or other vendors, by conducting appropriate documented review and credentialing of each vendor and its practices, as well as reviewing and negotiating administrative, insurance or other vendor agreements to appropriately name and allocate fiduciary status as well as include provisions requiring insurers, administrators and other group health plan vendors appropriately designate to provide contractual commitments that the policies and other plan documentation, systems and practices provided by the vendor are and will be administered in accordance with the out-of-pocket and other legal mandates, to provide certification of compliance and notice of violations, correction and indemnification of compliance deficiencies, and other related assurances and taking other documented prudent safeguards to require compliant practices;
Auditing as part of the vendor selection and renewal process and at other times throughout the year the operational compliance of the administration of the group health plan and taking corrective action as needed;
Ensuring that stop-loss, group or other insurance coverages are drafted to include catchall language to help ensure that the employer does not get left unexpectedly self-insuring the cost of funding benefits mandated by law that the carrier asserts fall outside the policy coverage because of gaps between drafting and the law;
Arranging for fiduciary liability, directors and officers or other coverage, indemnification from financially secure vendors, or other backup funding to help protect or mitigate the potential costs or liabilities that the sponsoring employer or its plan fiduciaries can expect to incur in the event of a challenge to the compliance of their group health plan or its practices; and
Learning and using appropriate processes to document prudent efforts to appropriately administer the plan in a compliant, legally defensible manner throughout the year.

For Legal or Consulting Advice, Legal Representation, Training Or More Information

About Solutions Law Press, Inc.™

Comments Off on Legal Review Of Health Plan Documents, Processes Needed To Mitigate Employer’s Excise Tax & Other Health Plan Risks | 4980H, 6039D, ACA, Appeals, Attorney-Client Privilege, board of directors, Brokers, Claims, Health Benefits, health insurance, health insurance marketplace, health plan, Health Plans, Patient Protection & Affordable Care Act, Patient Protection and Affordabel Care Act, Patient Protection and Affordable Care Act | Tagged: ACA, Affordable Care Act, compliance, Corporate Compliance, corporate liability, D&O, Directors & Officers, Employee Benefits, Employer, Employers, Employment, employment law, ERISA, Fiduciary Liability, Health Care Reform, Health Insurance, Health Plan, Health Plans, Human Resources, Management, Risk Management, Worker Classification | Permalink
Posted by Cynthia Marcotte Stamer

Careful Selection & Contracting With Vendors Critical Part of Health Plan Renewals

October 8, 2013

In the rush to finalize their health plan designs, contracts and documents for the upcoming 2014 plan year, employer and other health plan sponsors and fiduciaries should use care to review their insurance, broker, administrator and other health plan vendor agreements and vendor-provided plan documents, communications and processes to verify that vendor agreements and the plan designs, documentation, communications and processes they put in place appropriately hold service providers accountable, are legally compliant, appropriately tailored to defensably administer the plan in accordance with expectations, implement appropriate fiduciary and other performance and risk allocations and manage other exposures.

Many employer and other plan sponsors unknowingly expose themselves and management personnel participating in plan related decision-making to liability and costs by allowing costs or personality preferences to guide their vendor choices, rather than conducting a well-documented prudent review of their brokers and consultants, health plan insurers and other service providers, their bonding and other credentials, and the vendor-recommended plan designs, documentation, communications, credentials and processes.

Careful Vendor Selection & Contracting Foundation of Health Plan Compliance & Risk Management

As an initial matter, employers or others selecting plan vendors generally need to credential service providers to manage exposures under the fiduciary responsibility rules of the Employee Retirement Income Security Act of 1974 (ERISA). The fiduciary responsibility rules of ERISA generally impose upon the employer, member of its management or other parties possessing or exercising discretionary authority or control over the selection of plan service providers or vendors legal responsibility for the prudent selection and oversight of the service providers, their bonding and other credentials. Failing to conduct and keep documentation of this critical review can expose those participating in the vendor selection process to personal liability if plan funds or administration are mishandled as a result of the improper selection and oversight of the vendor.

Second, even when a vendor has a great reputation and credentials, employers or others also should carefully review the plan documentation, agreements, and communications provided by their brokers, administrative services providers, insurers and other health plan service providers to confirm that these materials are legally compliant, properly reflect the plan sponsors’ expectations about the plan terms, costs, and obligations, and otherwise designed to protect the employer’s goals and interests. While most plan sponsors and their management assume that the arrangements put in place by their broker, consultant or other service provider will take the necessary steps to properly document and implement the plan design, inadequacies in plan documentation, communications, administrative forms, processes and even plan design are common.

Even where plan vendors and advisors have the best of intentions, plan designs and documentation often fail to comply with applicable federal mandates, incorporate undesirable terms, or incorporate other provisions or deficiencies that unnecessarily leave the plan sponsor or members of its management exposed to avoidable fiduciary responsibility and liability for actions that the service provider is being paid to perform, exculpate vendors from liability for failing to competently perform responsibilities, expose the plan or its sponsors to unnecessary penalties or other costs, have other weaknesses that leave the sponsor or its management exposed to significant costs, liabilities or both.

For these reasons and others, employer and other plan sponsors should make time to conduct a well-documented documented review of the fiduciary eligibility, bonding and other credentials, services agreements, plan documentation, communications, processes, and procedures proposed by their health plan vendors before finalizing vendor selections and implementing those documents.

Credentialing & Vendor Contracting Tips

To help determine the scope of review and risk, most employer or other plan sponsors and their management will find it helpful to begin by critically evaluating the credentials and contracts of the health plan brokers, consultants and service providers. This review should both verify these advisors have the bonding and other legal credentials to qualify to perform the role desired under ERISA, the scope of services and accountability undertaken by the service providers, and the responsibilities for which the employer or other appointing party will continue to bear for the proper documentation and administration of the plan after hiring these vendors.

The following are some basic guidelines that management or others making health plan vendor and design decisions generally will want to consider and document as part of their analysis when reviewing proposed health plan vendors and the plan designs, documentation, communications and procedures.

A formal background check performed with the consent of the service provider should prove that the service provider and all of its employees and agents should be qualified to serve in a fiduciary role, are not disqualified or under investigation or other action that would disqualify them to act as a fiduciary or be bonded as required by ERISA, have no material complaint or dispute history with current or former clients or vendors, the Department of Labor, Department of Insurance, Internal Revenue Service or other relevant authorities, and have appropriate licensure, certifications, experience and reputation.
The service provider and its employees should enjoy an excellent reputation, verified by both broad background checks and detailed reference checks with both current and former clients, including clients who are not necessarily on the official reference list provided by the prospective service provider.
The service provider, its team, processes and procedures should have a history and currently be financially and operationally sound with significant experience and ability in the area.
The service provider should possess and be able to provide appropriate documentation of licensure, bonding, certifications and other credentials.
Due diligence should verify that the service provider has the skill, equipment, staff, procedures, processes, qualifications and other capabilities to properly and reliably perform the tasks contemplated prudently and in accordance with applicable legal responsibilities.

Beyond credentialing the service provider and its personnel, a plan sponsor or other party participating in the selection of a service provider or its recommended plan designs or services also should critically review the proposed services agreement to verify that it properly protects the expectations and interests of the plan sponsor, its plan fiduciaries and other associated parties participating in the plan design and vendor selection process. Among other things, a review of the contract generally should verify that the following criteria are met:

The contract should clearly document the scope of plan services that the service provider will provide under the agreement, the services that the service provider will not provide, and the services that the service provider only will provide at an additional charge, all charges and other requirements, and any other material expectations.
The contract should require the service provider to deliver plan services prudently in a manner that delivers the desired health benefits in a manner consistent with the purposes that justify the plan sponsor’s continued provision of the health benefits in accordance with the legal, operational, benefit and cost parameters applicable to the employer and its plan
The contract should provide plan services in a manner consistent with the plan sponsor’s overall plan design and related business practices.
The contract should deliver plan services in a manner consistent with the federal and state tax, labor, health care, contractual and other legal obligations applicable to the plan sponsor.
The contract should document the bonding, liability insurance, credentials and other qualifications of the service provider and require notification and appropriate recourse in the event of a material change in those credentials.
The contract should adequately minimize the exposure of the plan sponsor to legal liabilities arising from its participation in the contract, including fiduciary liability, vicarious liability, corporate negligence, and contractual liability.
The contract should establish and document the framework for an effective working relationship.
The contract should establish and document clear performance obligations applicable to the parties; the way compliance will be measured; and the consequences of any breach of those obligations.
The contract should incorporate the necessary provisions to fulfill the business associate agreement and other requirements concerning the creation, use, protection, access and disclosure of personal health information and other sensitive information about plan participants, beneficiaries and their costs needed to comply with the privacy and data security requirements of the Health Insurance Portability & Accountability Act privacy, security, breach notification, accounting and other individual rights, and business associate rules as updated in new regulations published in 2013 by the Office of Civil Rights.
The contract should provide access to necessary information including all records necessary to monitor and defend the plan, its design and administration, its compliance and prudent administration, including all disclosure, audit and reporting requirements.
The contract should define the breach notification and dispute resolution procedures, if any, that apply to disputes between the parties in a manner that does not unduly prejudice the plan sponsor’s ability to administer the plan; fulfill its legal obligations to covered persons and relevant regulators, or conduct other business activities.
The contract should clearly document the relationship between the standard plan provisions and the managed care procedures as well as fiduciary responsibility and accountability for, appropriately updated to comply with updated claims, appeals, and independent review organization requirements implemented since the enactment of the Patient Protection & Affordable Care Act, This should include a discussion regarding the extent to which the plan’s standard utilization, precertification, and medical necessity review procedures, coverage limitations and exclusions, proof of loss, and other provisions or replaced for care obtained under the managed care plan, as well as procedures and liability for deficiencies in administration resulting in liability to contracted physicians under managed care contracts pursuant to state law, loss of discounts, penalties or stop-loss coverage resulting from errors in administration and other federal and state liability risks of the plan, its fiduciaries and the employer.
The contract should require a third party administrator (TPA_ ensure that its provider contracts do not contain terms or provisions (other than as intended by the plan sponsor) that would undermine the enforceability of the plan sponsor’s benefit design.
The contract should require the service provider to ensure that contracting providers understand that their entitlement to payment or benefits depends upon satisfaction of all applicable terms and conditions of the plan and incorporate procedures to ensure the enforceability of these commitments.
The contract should bind the service provider to change its procedures in response to changes in the law or regulations that may be adopted from time to time.
The contract, if applicable, should require prudent processes to verify eligibility, coordinate coverage and perform other required functions.
The contract should include terms that preserve the subrogation rights of the plan.
The contract should require the TPA to warrant its authority to bind contracting providers and other parties whose cooperation and performance is required under the contract as part of the package of services to be delivered under the TPA’s proposal.
The contract should require the service provider to warrant that its agreement with other contracting providers does not conflict with the terms of the contract and ensures that these related providers are bound to perform in the manner contemplated by the contract.
The contract should require the service provider to perform all duties to prudently and in accordance with the law and hold the service provider legally accountable for liabilities and costs resulting from its omission to do so.
The contract should incorporate all performance guarantees including suitable accountability for noncompliance.
The contract should keep the right of the plan sponsor or fiduciary to terminate the vendor where prudent or otherwise legally required to fulfill responsibilities without inappropriate restrictions inconsistent with legal or operational responsibilities.
The contract should require appropriate indemnification or other accountability for non-performance with legal or other requirements and expectations.
The contract should include appropriate provisions to preserve access to plan administration and associated data as necessary to monitor plan costs, make future design decisions, and administer the plan and associated responsibilities even in the event of a termination of the vendor relationship.

While the credentialing questions and processes don’t eliminate all health plan related risks, they can help eliminate and manage many common legal and operational risks that often arising from health contracts and can help position an employer and members of its management to mitigate other potential exposures. The benefits of this careful credentialing and contract should be carried forward by careful crafting of plan documents and communications to match the allocations of responsibilities decided upon in the contracting process, the use of appropriate procedures to ensure that the appointed party handles those responsibilities and their associated communications, and the proper coordination of responses to potential problems in a manner that provides for defensible administration without blurring carefully crafted fiduciary and other role assignments.

In some instances, it may not be possible to secure the ideal contractual provisions. When this occurs, the documentation of the negotiations and the analysis of the advisability of proceeding with the contract, including any prudent backup arrangements needed to justify continuation should be maintained. Too often, brokers and consultants disparage contract negotiation and review recommendations of legal counsel by suggesting this is standard in the industry or that the request for negotiation and review suggests some lack of experience or other improper expectation by legal counsel or others suggesting the review. Such suggestions should be carefully scrutinized. While ideal provisions cannot always be obtained, it is rare that some improvement in the agreements is not possible. Even where this progress is not obtained, however, existing judicial and Labor Department enforcement clearly shows that the process of prudent review and analysis of proposed vendors and services is a required and necessary element of the vendor selection process for which parties making the decisions may face liability if they cannot prove the selection or retention was prudently conducted.

For Help or More Information

If you need help understanding or dealing with reviewing or negotiating your vendor agreements, or with other 2014 health plan decision-making or preparation, or with reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. Her widely respected publications and programs include more than 25 years of publications on health plan contracting, design, administration and risk management including a “Managed Care Contracting Guide” published by the American Health Lawyers Association and numerous other works on vendor contracting. You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Helpful Resources & Other Information

We hope that this information is useful to you. If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here . You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,” using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Recent examples of these publications include:

For important information about this communication click here.

Comments Off on Careful Selection & Contracting With Vendors Critical Part of Health Plan Renewals | Employee Benefits, Employers, Health Plans, HIPAA, Human Resources, Patient Protection and Affordable Care Act | Tagged: Data Security, Fiduciary Liability, Health Care Reform, Health Insurance, Health Insurance Exchange, Health Insursance Marketplace, Health Plans, health reform, Helath Care Providers, HHS, HIE, HIPAA, Obama Care, Obamacare, OIG, Patient Protection & Affordable Care Act, Privacy, Risk Management, Vendor Contracting | Permalink
Posted by Cynthia Marcotte Stamer

Avoiding Liability For Another’s Health Plan Fraud

February 25, 2011

TPA’s Embezzlement Guilty Plea Reminds Plan Sponsors, Fiduciaries & Service Providers To Ensure Fiduciaries, Administrators & Staff Prudently Selected, Monitored & Bonded

The guilty plea of an Ohio-based third-party administrator to embezzlement of $1 million in plan assets reminds employers and other employee benefit plan sponsors and members of their management participating in plan related activities, plan administrators and other plan fiduciaries and plan service providers (“plan decision-makers”) of the importance of ensuring appropriate, well-documented credentialing and selection, oversight, auditing and bonding the individuals and companies acting as fiduciaries and others participating in administration of plans or their assets (“plan workforce members”) to minimize their potential exposure to potential personal liability as a result of the fraud under the Employee Retirement Income Security Act (ERISA).

Cox Prosecution Reflective DOL Readiness To Prosecute Parties For Misuse of Plan Monies & Other Plan Fraud

According to a February 23, 2011 U.S. Department of Labor (DOL) announcement, Rhonda Sue Irvin Cox, owner of Irvin Administrative Solutions LLC (IAS), pleaded guilty to the embezzlement of $1 million of retirement plan assets from client plans administered by IAS. The DOL reports that between January 2003 and April 2007, Cox plead guilty to using used her position with ISC to embezzle the funds from 12 of 59 plans for which IAS served as a third party administrator. Cox also pleaded guilty to one count of making false statements in documents required under ERISA to be kept and certified by the plans’ administrator. Scheduled to be sentenced on June 1, 2011, Cox faces a maximum of five years in prison on each criminal count, a $250,000 fine and a special assessment. Cox is scheduled to be sentenced on June 1, 2011.

The DOL and Justice Department have a long-standing record of aggressive investigation and prosecution of embezzlement or other fraud impacting health and other employee benefit plans. Their criminal and civil enforcement and prosecution record makes clear this commitment remains strong.

Plan Sponsors, Fiduciaries & Service Providers May Face Civil Liability From When Others Defraud Their Plans

While plan decision-makers generally are aware that individuals defrauding health or other employee benefit plans risk criminal and civil prosecution, many fail to recognize their own potential civil liability exposures that may arise out of the fraudulent acts or other misconduct of another plan workforce member.

Embezzlement of plan assets is one of many acts of misconduct that can create potential fiduciary liability exposure for plan decision-makers under ERISA. Until confronted with potential fraud, misconduct or other misfeasance by a plan fiduciary, service provider or other plan workforce member, many plan decision-makers lack an adequate appreciation of the personal liability they may incur if they cannot demonstrate appropriate steps were taken to protect their health plan from this misconduct.

Under ERISA’s fiduciary responsibility rules, embezzlement or other misuse of employee contributions or other plan assets as well as certain other misconduct or misfeasance by a plan fiduciary, service provider or other plan workforce member can create personal liability exposures for plan decision-makers with responsibility or discretionary authority over the selection, retention, or management of plan workforce members if the plan decision-maker cannot demonstrate appropriate steps were taken to select, monitor and bond the plan workforce and other prudent action was taken to prevent and redress the fraud. Accordingly, health plans, their sponsors, fiduciaries, service providers, their management, and others serving as, or selecting, managing or retaining companies or individuals that participate in the handling of health plan assets or administration should act to strengthen their health plans and themselves against these exposures.

Risk Management Strategies & Tips

When embezzlement or other concern affecting their health plan arises, plan decision-makers concerned about protecting their health plans and themselves must act promptly in a carefully documented, prudent manner to investigate and respond to the concern. They should be prepared to present well-documented evidence of the scope and limits of their responsibility, authority, awareness, and potential for the selection, monitoring and oversight of the plan workforce member or others responsible for the performance of those actions, the adequacy of the bonding arrangements for the plan, and other efforts to prudently protect the plan before, during and after the discovery of the concern. While these and other steps can help strengthen the ability of a plan decision-maker to liability exposures that can result from the other plan workforce member’s embezzlement of plan assets or other misconduct, plan sponsors and plan decision-makers also should acquire suitable fiduciary and other liability insurance coverage and make other arrangements to help provide for the potential financial costs and other demands that are likely to arise in the event that it becomes necessary to investigate or redress fraud or other misconduct. Learn more here.

For Help With Investigations, Policy Review & Updates Or Other Needs

If you need help investigating or responding to fraud or other misconduct affection a health or other employee benefit plan, dealing with an employee benefit plan investigation or enforcement action by the Labor Department, private plaintiffs or another public or private party, reviewing current or proposed health plan processes or procedures, or responding to other employee benefit, labor and employment or other related controls and practices, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.

The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on HIPAA and other privacy and data security, health plan, health care and other human resources and workforce, employee benefits, compensation, internal controls and related matters.

For more than 23 years, Ms. Stamer has counseled, represented and trained employers and other employee benefit plan sponsors, plan administrators and fiduciaries, insurers and financial services providers, third party administrators, human resources and employee benefit information technology vendors and others privacy and data security, fiduciary responsibility, plan design and administration and other compliance, risk management and operations matters. In connection with this work, Ms. Stamer regularly counsels and helps clients to defend a broad range of clients about employee benefit plan fraud and other fiduciary responsibility concerns. Throughout her career, she has represented and served as special counsel to health and other employee benefit plans, plan sponsors, plan service providers, officers, directors and other management officials, bankruptcy trustees, debtors and creditors, and others in connection with health and other employee benefit plan fraud and other fiduciary responsibility and related investigations, prosecutions and other actions involving the Labor Department, IRS, HHS, Justice Department, state insurance and attorneys general, bankruptcy actions, and participant, beneficiary and vendor disputes. She also is recognized for her publications, industry leadership, workshops and presentations on these and other employee benefits, insurance and human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on health care, human resources, employee benefits, data security and privacy, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here. To unsubscribe, e-mail here.

Comments Off on Avoiding Liability For Another’s Health Plan Fraud | Defined Benefit Plans, Defined Contribution Plans, Disability Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Human Resources, Insurance, Internal Controls, Internal Investigations, Malpractice, Professional Liability, Retirement Plans, Risk Management | Tagged: co-fiduciary liability, embezzlement, employee benefit, ERISA, Fiduciary Liability, fraud, Health Plan | Permalink
Posted by Cynthia Marcotte Stamer

Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders

December 18, 2009

By Cynthia Marcotte Stamer

Business owners, executives, board members, and other business leaders of companies facing financial challenges should heed a mounting series of recent fiduciary liability settlement orders, judgments and prosecutions as strong reminders of the potential personal risk they may face if their health, 401(k) or other employee benefit programs are not appropriately funded and administered as required by the Employee Retirement Income Security Act of 1974, as amended (ERISA).

Businesses leaders struggling to deal with economic setbacks frequently may be tempted to use employee benefit plan contributions or funds for added liquidity or otherwise fail to take appropriate steps to protect and timely deposit plan contributions or other plan assets. A long and ever-mounting series of decisions demonstrates the risks of yielding to these temptations for businesses that sponsor these plans and the business leaders that make these decisions.

EBSA Prosecutes Businesses & Executives That Bungle ERISA Obligations

The mishandling of employee benefit obligations by financially distressed companies during the ongoing economic downturn is fueling an increase in Department of Labor Employee Benefit Security Administration (EBSA) enforcement actions against distressed or bankrupt companies and their officers or directors for alleged breaches of fiduciary duties or other mishandling of medical, 401(k) or other pension, and other employee benefit programs sponsored by their financially distressed companies.

EBSA enforcement activities during 2009 continue to highlight the longstanding and ongoing policy of aggressive investigation and enforcement of alleged misconduct by companies, company officials, and service providers in connection with the maintenance, administration and funding of ERISA-regulated employee benefit plans. A review of the Labor Department’s enforcement record makes clear that where the Labor Department perceives that a plan sponsor or its management fails to take appropriate steps to protect plan participants, the Labor Department will aggressively pursue enforcement regardless of the size of the plan sponsor or its plan, or the business hardships that the plan sponsor may be facing.

EBSA reports enforcing $1.3 billion in recoveries related to pension, 401(k), health and other benefits during fiscal year 2009. EBSA has filed numerous lawsuits to compel distressed companies and/or members of their management to pay restitution or other damages for alleged breaches of ERISA fiduciary duties, to appoint independent fiduciaries, or both for plans sponsored by bankrupt or financially distressed companies.

Recent settlements and judgments obtained by the Labor Department and through private litigation document that officers and other members of management participating, or possessing authority to influence, the handling of heath, 401(k) and other pension, or other employee benefit plans regulated by ERISA may be exposed to personal liability if these benefit programs are not maintained and administered appropriately. This risk is particularly grave when the sponsoring company becomes financially distressed or goes bankrupt, as the handling of employee benefit and other responsibilities becomes particularly disrupted and the lack of company liquidity often leaves executives and service providers as the only or best source of recovery for government officials and private plaintiffs.

Executives Ordered To Pay To Make Things Right

In the December 2, 2009 decision in Solis v. Struthers Industries Inc., for instance, a federal district judge ordered business leader Jomey B. Ethridge liable to pay $303,084.61 to restore assets belonging to the 401(k) plan of bankrupt Struthers Industries in an ERISA fiduciary responsibility action filed by the U.S. Department of Labor’s Employee Benefits Security Administration (EBSA). Filed by the EBSA in the U.S. District Court for the Southern District of Mississippi, the Struthers Industries lawsuit alleged that Ethridge and Struthers Industries allowed employee contributions to be used for purposes other than providing benefits resulting in losses of $310,084.57. According to court documents, Struthers Industries designed and built heat transfer and pressure vessels at its Gulfport facility. In 2001, its 401(k) plan had 278 participants and assets totaling $8,279,083. The company filed for bankruptcy in 2003, and its assets were auctioned off in 2005. An independent fiduciary was appointed by the court in 2007 to manage the plan’s assets. The ordered Ethridge personally to pay $303,084.61 in restitution to the plan for his involvement in the mishandling of the plan’s assets. The order also bars Ethridge from acting as a benefit plan fiduciary in the future.

The Struthers Industries decision comes on the heels of EBSA’s success in Solis v. T.E. Corcoran Co. Inc. last month in recovering more than $89,000 from business owners and operators found to have breached fiduciary duties to the participants of the T.E. Corcoran Co. Inc. Profit Sharing Plan by improperly loaning plan assets to he plan sponsor and an affiliated company. The Labor Department sued T.E. Corcoran Co. and its owners, John F. Corcoran and Thomas E. Corcoran Jr., alleging that the company and its owners caused the plan to lend money to the two companies at below market interest rates, without terms of payment and without documentation in violation of ERISA. The suit filed in the U.S. District Court for the District of Massachusetts, also named as a defendant Coran Development Co. Inc., a company co-owned by the Corcorans. T.E. Corcoran Co. Inc. was the sponsor and administrator of the plan, while John and Thomas Corcoran were trustees of the plan, making all three fiduciaries and parties in interest with respect to the plan. ERISA specifically prohibits the use of employee benefit plan funds to benefit parties in interest.

The Corcoran judgment requires that the plan account balances of defendants John F. Corcoran and Thomas E. Corcoran Jr. be offset in the amount of $89,273 plus interest to be allocated to the accounts of the other plan participants. The offset will make whole all of the accounts of the non-trustee participants. In addition, the court order appoints an independent trustee to oversee the final distribution of the plan’s assets and the proper termination of the plan, requires the defendants to cooperate fully with the independent trustee in this process, and then prohibits them from serving as fiduciaries to any ERISA-covered plan for 10 years.

A complex maze of ERISA, tax and other rules make the establishment, administration and termination of employee benefit plans a complicated matter. When the company sponsoring a plan goes bankrupt or becomes distressed, the rules, as well as the circumstances can make the administration of these responsibilities a powder keg of liability for all involved. Companies and other individuals that in name or in function possess or exercise discretionary responsibility or authority over the maintenance, administration or funding of employee benefit plans regulated by ERISA frequently are found to be accountable for complying with the high standards required by ERISA for carrying out these duties based on their functional ability to exercise discretion over these matters, whether or not they have been named as fiduciaries formally.

Despite these well-document fiduciary exposures and a well-established pattern of enforcement by the Labor Department and private plaintiffs, many companies and their business leaders fail to appreciate the responsibilities and liabilities associated with the establishment and administration of employee benefit plans. Frequently, companies sponsoring their employee benefit plans and their executives mistakenly assume that they can rely upon vendors and advisors to ensure that their programs are appropriately established the establishment and maintenance of these arrangements with limited review or oversight by the sponsoring company or its management team.

In other instances, businesses and their leaders do not realize that the functional definition that ERISA uses to determine fiduciary status means that individuals participating in discretionary decisions relating to the employee benefit plan, as well as the plan sponsor, may bear liability under many commonly occurring situations if appropriate care is not exercised to protect participants or beneficiaries in these plans.

For this reason, businesses providing employee benefits to employees or dependents, as well as members of management participating in, or having responsibility to oversee or influence decisions concerning the establishment, maintenance, funding, and administration of their organization’s employee benefit programs need a clear understanding of their responsibilities with respect to such programs, the steps that they should take to demonstrate their fulfillment of these responsibilities, and their other options for preventing or mitigating their otherwise applicable fiduciary risks.

If you have questions about or need assistance evaluating, commenting on or responding to these or other employment, health or other employee benefit, workplace health and safety, corporate ethics and compliance or other concerns or claims, please contact the author of this article, Curran Tomko Tarski LLP Labor & Employment Practice Group Chair Cynthia Marcotte Stamer. Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization and Chair of the American Bar Association RPTE Employee Benefits & Other Compensation Group, Ms. Stamer is experienced with assisting employers and others about compliance with federal and state equal employment opportunity, compensation and employee benefit, workplace safety, and other labor and employment, as well as advising and defending employers and others against tax, employment discrimination and other labor and employment, and other related audits, investigations and litigation, charges, audits, claims and investigations by the IRS, Department of Labor and other federal and state regulators. Ms. Stamer has advised and represented employers on these and other labor and employment, compensation, employee benefit and other personnel and staffing matters for more than 20 years. Ms. Stamer also speaks and writes extensively on these and other related matters. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly. For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

Other Information & Resources

We hope that this information is useful to you. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information here or registering to participate in the distribution of our Solutions Law Press HR & Benefits Update distributions here. Some other recent updates that may be of interested include the following, which you can access by clicking on the article title:

For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject here.

Comments Off on Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders | Bankruptcy, Corporate Compliance, Defined Benefit Plans, Employee Benefits, Employers, ERISA, Fiduciary Responsibility, Health Plans, Internal Controls, Internal Investigations, Professional Liability, Restructuring, Retirement Plans | Tagged: Bankruptcy, Corporate Compliance, Distressed Company, E&O Liability, EBSA, ERISA, Fiduciary Liability, Fiduciayr Responsibility, Officers & Directors Liability, Reorganization, Restructuring | Permalink
Posted by Cynthia Marcotte Stamer

Brace For Health Plan OCR HIPAA Audits

Legal Review Of Health Plan Documents, Processes Needed To Mitigate Employer’s Excise Tax & Other Health Plan Risks

Careful Selection & Contracting With Vendors Critical Part of Health Plan Renewals

Avoiding Liability For Another’s Health Plan Fraud

Mishandling Employee Benefit Obligations Creates Big Liabilities For Distressed Businesses & Their Business Leaders

Email Subscription

Pages

Recent Posts

Archives

Share this blog

Blogroll

Solutions Law

Solutions Law Press HR & Benefits Update