Careful Selection & Contracting With Vendors Critical Part of Health Plan Renewals

October 8, 2013

In the rush to finalize their health plan designs, contracts and documents for the upcoming 2014 plan year, employer and other health plan sponsors and fiduciaries should use care to review their insurance, broker, administrator and other health plan vendor agreements and vendor-provided plan documents, communications and processes to verify that vendor agreements and the plan designs, documentation, communications and processes they put in place appropriately hold service providers accountable, are legally compliant, appropriately tailored to defensably administer the plan in accordance with expectations, implement appropriate fiduciary and other performance and risk allocations and manage other exposures.

Many employer and other plan sponsors unknowingly expose themselves and management personnel participating in plan related decision-making to liability and costs by allowing costs or personality preferences to guide their vendor choices, rather than conducting a well-documented prudent review of their brokers and consultants, health plan insurers and  other service providers, their bonding and other credentials, and the vendor-recommended plan designs, documentation, communications, credentials and processes.

Careful Vendor Selection & Contracting Foundation of Health Plan Compliance & Risk Management

As an initial matter, employers or others selecting plan vendors generally need to credential service providers to manage exposures under the fiduciary responsibility rules of the Employee Retirement Income Security Act of 1974 (ERISA). The fiduciary responsibility rules of ERISA generally impose upon the employer, member of its management or other parties possessing or exercising discretionary authority or control over the selection of plan service providers or vendors legal responsibility for the prudent selection and oversight of the service providers, their bonding and other credentials. Failing to conduct and keep documentation of this critical review can expose those participating in the vendor selection process to personal liability if plan funds or administration are mishandled as a result of the improper selection and oversight of the vendor.

Second, even when a vendor has a great reputation and credentials, employers or others also should carefully review the plan documentation, agreements, and communications provided by their brokers, administrative services providers, insurers and other health plan service providers to confirm that these materials are legally compliant, properly reflect the plan sponsors’ expectations about the plan terms, costs, and obligations, and otherwise designed to protect the employer’s goals and interests.  While most plan sponsors and their management assume that the arrangements put in place by their broker, consultant or other service provider will take the necessary steps to properly document and implement the plan design, inadequacies in plan documentation, communications, administrative forms, processes and even plan design are common.

Even where plan vendors and advisors have the best of intentions, plan designs and documentation often fail to comply with applicable federal mandates, incorporate undesirable terms, or incorporate other provisions or deficiencies that unnecessarily leave the plan sponsor or members of its management exposed to avoidable fiduciary responsibility and liability for actions that the service provider is being paid to perform, exculpate vendors from liability for failing to competently perform responsibilities, expose the plan or its sponsors to unnecessary penalties or other costs, have other weaknesses that leave the sponsor or its management exposed to significant costs, liabilities or both.

For these reasons and others, employer and other plan sponsors should make time to conduct a well-documented documented review of the fiduciary eligibility, bonding and other credentials, services agreements, plan documentation, communications, processes, and procedures proposed by their health plan vendors before finalizing vendor selections and implementing those documents.

Credentialing & Vendor Contracting Tips

To help determine the scope of review and risk, most employer or other plan sponsors and their management will find it helpful to begin by critically evaluating the credentials and contracts of the health plan brokers, consultants and service providers.  This review should both verify these advisors have the bonding and other legal credentials to qualify to perform the role desired under ERISA, the scope of services and accountability undertaken by the service providers, and the responsibilities for which the employer or other appointing party will continue to bear for the proper documentation and administration of the plan after hiring these vendors.

The following are some basic guidelines that management or others making health plan vendor and design decisions generally will want to consider and document as part of their analysis when reviewing proposed health plan vendors and the plan designs, documentation, communications and procedures.

  • A formal background check performed with the consent of the service provider should prove that the service provider and all of its employees and agents should be qualified to serve in a fiduciary role, are not disqualified or under investigation or other action that would disqualify them to act as a fiduciary or be bonded as required by ERISA, have no material complaint or dispute history with current or former clients or vendors, the Department of Labor, Department of Insurance, Internal Revenue Service or other relevant authorities, and have appropriate licensure, certifications, experience and reputation.
  • The service provider and its employees should enjoy an excellent reputation, verified by both broad background checks and detailed reference checks with both current and former clients, including clients who are not necessarily on the official reference list provided by the prospective service provider.
  • The service provider, its team, processes and procedures should have a history and currently be financially and operationally sound with significant experience and ability in the area.
  • The service provider should possess and be able to provide appropriate documentation of licensure, bonding, certifications and other credentials.
  • Due diligence should verify that the service provider has the skill, equipment, staff, procedures, processes, qualifications and other capabilities to properly and reliably perform the tasks contemplated prudently and in accordance with applicable legal responsibilities.

Beyond credentialing the service provider and its personnel, a plan sponsor or other party participating in the selection of a service provider or its recommended plan designs or services also should critically review the proposed services agreement to verify that it properly protects the expectations and interests of the plan sponsor, its plan fiduciaries and other associated parties participating in the plan design and vendor selection process.  Among other things, a review of the contract generally should verify that the following criteria are met:

  • The contract should clearly document the scope of plan services that the service provider will provide under the agreement, the services that the service provider will not provide, and the services that the service provider only will provide at an additional charge, all charges and other requirements, and any other material expectations.
  • The contract should require the service provider to deliver plan services prudently in a manner that delivers the desired health benefits in a manner consistent with the purposes that justify the plan sponsor’s continued provision of the health benefits in accordance with the legal, operational, benefit and cost parameters applicable to the employer and its plan
  • The contract should provide plan services in a manner consistent with the plan sponsor’s overall plan design and related business practices.
  • The contract should deliver plan services in a manner consistent with the federal and state tax, labor, health care, contractual and other legal obligations applicable to the plan sponsor.
  • The contract should document the bonding, liability insurance, credentials and other qualifications of the service provider and require notification and appropriate recourse in the event of a material change in those credentials.
  • The contract should adequately minimize the exposure of the plan sponsor to legal liabilities arising from its participation in the contract, including fiduciary liability, vicarious liability, corporate negligence, and contractual liability.
  • The contract should establish and document the framework for an effective working relationship.
  • The contract should establish and document clear performance obligations applicable to the parties; the way compliance will be measured; and the consequences of any breach of those obligations.
  • The contract should incorporate the necessary provisions to fulfill the business associate agreement and other requirements concerning the creation, use, protection, access and disclosure of personal health information and other sensitive information about plan participants, beneficiaries and their costs needed to comply with the privacy and data security requirements of the Health Insurance Portability & Accountability Act privacy, security, breach notification, accounting and other individual rights, and business associate rules as updated in new regulations published in 2013 by the Office of Civil Rights.
  • The contract should provide access to necessary information including all records necessary to monitor and defend the plan, its design and administration, its compliance and prudent administration, including all disclosure, audit and reporting requirements.
  • The contract should define the breach notification and dispute resolution procedures, if any, that apply to disputes between the parties in a manner that does not unduly prejudice the plan sponsor’s ability to administer the plan; fulfill its legal obligations to covered persons and relevant regulators, or conduct other business activities.
  • The contract should clearly document the relationship between the standard plan provisions and the managed care procedures as well as fiduciary responsibility and accountability for, appropriately updated to comply with updated claims, appeals, and independent review organization requirements implemented since the enactment of the Patient Protection & Affordable Care Act,   This should include a discussion regarding the extent to which the plan’s standard utilization, precertification, and medical necessity review procedures, coverage limitations and exclusions, proof of loss, and other provisions or replaced for care obtained under the managed care plan, as well as procedures and liability for deficiencies in administration resulting in liability to contracted physicians under managed care contracts pursuant to state law, loss of discounts, penalties or stop-loss coverage resulting from errors in administration and other federal and state liability risks of the plan, its fiduciaries and the employer.
  • The contract should require a third party administrator (TPA_ ensure that its provider contracts do not contain terms or provisions (other than as intended by the plan sponsor) that would undermine the enforceability of the plan sponsor’s benefit design.
  • The contract should require the service provider to ensure that contracting providers understand that their entitlement to payment or benefits depends upon satisfaction of all applicable terms and conditions of the plan and incorporate procedures to ensure the enforceability of these commitments.
  • The contract should bind the service provider to change its procedures in response to changes in the law or regulations that may be adopted from time to time.
  • The contract, if applicable, should require prudent processes to verify eligibility, coordinate coverage and perform other required functions.
  • The contract should include terms that preserve the subrogation rights of the plan.
  • The contract should require the TPA to warrant its authority to bind contracting providers and other parties whose cooperation and performance is required under the contract as part of the package of services to be delivered under the TPA’s proposal.
  • The contract should require the service provider to warrant that its agreement with other contracting providers does not conflict with the terms of the contract and ensures that these related providers are bound to perform in the manner contemplated by the contract.
  • The contract should require the service provider to perform all duties to prudently and in accordance with the law and hold the service provider legally accountable for liabilities and costs resulting from its omission to do so.
  • The contract should incorporate all performance guarantees including suitable accountability for noncompliance.
  • The contract should keep the right of the plan sponsor or fiduciary to terminate the vendor where prudent or otherwise legally required to fulfill responsibilities without inappropriate restrictions inconsistent with legal or operational responsibilities.
  • The contract should require appropriate indemnification or other accountability for non-performance with legal or other requirements and expectations.
  • The contract should include appropriate provisions to preserve access to plan administration and associated data as necessary to monitor plan costs, make future design decisions, and administer the plan and associated responsibilities even in the event of a termination of the vendor relationship.

While the credentialing questions and processes don’t eliminate all health plan related risks, they can help eliminate and manage many common legal and operational risks that often arising from health contracts and can help position an employer and members of its management to mitigate other potential exposures.   The benefits of this careful credentialing and contract should be carried forward by careful crafting of plan documents and communications to match the allocations of responsibilities decided upon in the contracting process, the use of appropriate procedures to ensure that the appointed party handles those responsibilities and their associated communications, and the proper coordination of responses to potential problems in a manner that provides for defensible administration without blurring carefully crafted fiduciary and other role assignments.

In some instances, it may not be possible to secure the ideal contractual provisions.  When this occurs, the documentation of the negotiations and the analysis of the advisability of proceeding with the contract, including any prudent backup arrangements needed to justify continuation should be maintained.  Too often, brokers and consultants disparage contract negotiation and review recommendations of legal counsel by suggesting this is standard in the industry or that the request for negotiation and review suggests some lack of experience or other improper expectation by legal counsel or others suggesting the review.  Such suggestions should be carefully scrutinized.  While ideal provisions cannot always be obtained, it is rare that some improvement in the agreements is not possible.  Even where this progress is not obtained, however, existing judicial and Labor Department enforcement clearly shows that the process of prudent review and analysis of proposed vendors and services is a required and necessary element of the vendor selection process for which parties making the decisions may face liability if they cannot prove the selection or retention was prudently conducted.

For Help or More Information

 If you need help understanding or dealing with reviewing or negotiating your vendor agreements, or  with other 2014 health plan decision-making or preparation, or with reviewing and updating, administering or defending your group health or other employee benefit, human resources, insurance, health care matters or related documents or practices, please contact the author of this update, Cynthia Marcotte Stamer.

A Fellow in the American College of Employee Benefit Council, immediate past Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and current Co-Chair of its Welfare Benefit Committee, Vice-Chair of the ABA TIPS Employee Benefits Committee, a council member of the ABA Joint Committee on Employee Benefits, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is recognized, internationally, nationally and locally for her more than 25 years of work, advocacy, education and publications on cutting edge health and managed care, employee benefit, human resources and related workforce, insurance and financial services, and health care matters.

A board certified labor and employment attorney widely known for her extensive and creative knowledge and experienced with these and other employment, employee benefit and compensation matters, Ms. Stamer continuously advises and assists employers, employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators, service providers, insurers and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend medical and other welfare benefit, qualified and non-qualified deferred compensation and retirement, severance and other employee benefit, compensation, and human resources, management and other programs and practices tailored to the client’s human resources, employee benefits or other management goals. A primary drafter of the Bolivian Social Security pension privatization law, Ms. Stamer also works extensively with management, service provider and other clients to monitor legislative and regulatory developments and to deal with Congressional and state legislators, regulators, and enforcement officials about regulatory, investigatory or enforcement concerns.

Recognized in Who’s Who In American Professionals and both an American Bar Association (ABA) and a State Bar of Texas Fellow, Ms. Stamer serves on the Editorial Advisory Board of Employee Benefits News, HR.com, Insurance Thought Leadership, Solutions Law Press, Inc. and other publications, and active in a multitude of other employee benefits, human resources and other professional and civic organizations. She also is a widely published author and highly regarded speaker on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, Modern and many other national and local publications. Her widely respected publications and programs include more than 25 years of publications on health plan contracting, design, administration and risk management including a “Managed Care Contracting Guide” published by the American Health Lawyers Association and numerous other works on vendor contracting.  You can learn more about Ms. Stamer and her experience, review some of her other training, speaking, publications and other resources, and register to receive future updates about developments on these and other concerns from Ms. Stamer here.

Other Helpful Resources & Other Information

We hope that this information is useful to you.   If you found these updates of interest, you also be interested in one or more of the following other recent articles published on the Coalition for Responsible Health Care Reform electronic publication available here, our electronic Solutions Law Press Health Care Update publication available here, or our HR & Benefits Update electronic publication available here .  You also can get access to information about how you can arrange for training on “Building Your Family’s Health Care Toolkit,”  using the “PlayForLife” resources to organize low-cost wellness programs in your workplace, school, church or other communities, and other process improvement, compliance and other training and other resources for health care providers, employers, health plans, community leaders and others here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail by creating or updating your profile here. You can reach other recent updates and other informative publications and resources.

Recent examples of these publications include:

For important information about this communication click here.

©2013 Cynthia Marcotte Stamer.  Nonexclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.


Tighten Disability Discrimination Defenses As National Disability Employment Awareness Month Promises To Whip Up New Claims & Awareness

October 1, 2012

President Obama’s declaration today (October 1, 2012) of October as National Disability Employment Awareness Month reminds business that U.S. businesses and their leaders need to tighten their disability discrimination risk management and compliance in light of the Obama Administration’s emphasis on aggressively interpreting and enforcing disability discrimination laws, rising private plaintiff lawsuits and other recent regulatory and judicial changes.  With the Administration expected to step up further its already substantial educational outreach to the disabled and their advocates, U.S. employers should brace for this month’s celebration to fuel even more disability discrimination claims and other activity by the disabled and their activists.

Since taking office, President Obama has make enforcing and expanding the rights of the disabled in employment and other areas a leading priority. 

In his proclamation today, President Obama reaffirmed his often stated commitment to the aggressive enforcement of disability laws and other efforts to promote opportunities for disabled individuals, stating:

“[My Administration remains committed to helping our businesses, schools, and communities support our entire workforce. To meet this challenge,… we are striving to make it easier to get and keep those jobs by improving compliance with Section 508 of the Rehabilitation Act.”

As the administration marks the month, U.S. employers and other business leaders can expect the Obama Administration will be stepping up its already aggressive outreach to disabled Americans to promote awareness of their disability law rights and tools for asserting and enforcing these rights.  See, e.g. October Is National Disability Employment Awareness Month (NDEAM).

Business Faces Growing Employment Disability Exposures

As part of his administration’s commitment, the Obama Administration has moved to aggressively enforce the disability and accommodations of the Americans With Disabilities Act (ADA), Section 508 of the Rehabilitation Act, and other federal disability discrimination laws.  The reach and effectiveness of these efforts has been enhanced by statutory and regulatory changes that require employers to exercise greater efforts to meet their compliance obligations and manage their disability and other discrimination risks.

ADA Exposures Heightened

The ADA, for instance, generally prohibits disability discrimination and requires employers to make reasonable accommodations to employees’ and applicants’ disabilities as long as this does not pose an undue hardship.  Violations of the ADA can expose businesses to substantial liability. Violations of the ADA may be prosecuted by the EEOC or by private lawsuits.  Employees or applicants that can prove they experienced prohibited disability discrimination under the ADA generally can recover actual damages, attorneys’ fees, and up to $300,000 of exemplary damages (depending on the size of the employer).   

In recent years, amendments to the original provisions of the ADA have made it easier for plaintiffs and the EEOC to prove disabled status of an individual.  Businesses should exercise caution to carefully document legitimate business justification for their hiring, promotion and other employment related decisions about these and other individuals who might qualify as disabled.  Provisions of the ADA Amendments Act (ADAAA) that expand the definition of “disability” under the ADA,  As signed into law on September 25, 2008, the ADAAA amended the definition of “disability” for purposes of the disability discrimination prohibitions of the ADA to make it easier for an individual seeking protection under the ADA to establish that that has a disability within the meaning of the ADA.  The ADAAA retains the ADA’s basic definition of “disability” as an impairment that substantially limits one or more major life activities, a record of such an impairment, or being regarded as having such an impairment. However, provisions of the ADAAA that took effect January 1, 2009 change the way that these statutory terms should be interpreted in several ways. Most significantly, the Act:

  • Directs EEOC to revise that part of its regulations defining the term “substantially limits;”
  • Expands the definition of “major life activities” by including two non-exhaustive lists: (1) The first list includes many activities that the EEOC has recognized (e.g., walking) as well as activities that EEOC has not specifically recognized (e.g., reading, bending, and communicating); and (2) The second list includes major bodily functions (e.g., “functions of the immune system, normal cell growth, digestive, bowel, bladder, neurological, brain, respiratory, circulatory, endocrine, and reproductive functions”);
  • States that mitigating measures other than “ordinary eyeglasses or contact lenses” shall not be considered in assessing whether an individual has a disability;
  • Clarifies that an impairment that is episodic or in remission is a disability if it would substantially limit a major life activity when active;
  • Changes the definition of “regarded as” so that it no longer requires a showing that the employer perceived the individual to be substantially limited in a major life activity, and instead says that an applicant or employee is “regarded as” disabled if he or she is subject to an action prohibited by the ADA (e.g., failure to hire or termination) based on an impairment that is not transitory and minor; and
  • Provides that individuals covered only under the “regarded as” prong are not entitled to reasonable accommodation.

The ADAAA also emphasizes that the definition of disability should be construed in favor of broad coverage of individuals to the maximum extent permitted by the terms of the ADA and generally shall not require extensive analysis.In adopting these changes, Congress expressly sought to overrule existing employer-friendly judicial precedent construing the current provisions of the ADA and to require the EEOC to update its existing guidance to confirm with the ADAAA Amendments.  Under the leadership of the Obama Administration, the EEOC and other federal agencies have embraced this charge and have significantly stepped up enforcement of the ADA and other federal discrimination laws.

Recent enforcement, regulatory and other activities by the EEOC show that the EEOC is enthusiastically moving forward to exercise its regulatory and enforcement powers under these enhanced ADA provisions to tighten requirements for employers and to enforce its rules. See e.g.,  Leprino Foods To Pay $550K To Settle OFCCP Charge Pre-Hire Screening Test Illegally Discriminated « As EEOC Steps Up ADA Accommodation Enforcement, New DOD Apple App, Other Resources Released; Wal-Mart Settlement Shows ADA Risks When Considering Employee Return To Work Accommodation Requests & Inquiries; Employer Pays $475,000 To Settle ADA Discrimination Lawsuit Challenging Medical Fitness Testing For EMTs, Firefighters & Other Public Safety Worker’s.

Rising Rehabilitation Act Risks For Government Contractors

Beyond the generally applicable risks applicable to all employers of more than 15 employees under the ADA, federal and state government contractors face more responsibilities and risks. 

Subject to limited exceptions, government contractors providing services or supplies on ARRA or other government-funded contracts or projects must comply both with generally applicable employment discrimination requirements and special statutory and contractual nondiscrimination, affirmative action, and recordkeeping requirements applicable government contractors. For instance, federal law generally requires government contractors to comply with the special equal employment opportunity requirements of  Executive Order 11246 (EO 11246); Section 503 of the Rehabilitation Act of 1973 (Section 503); and the Vietnam Veterans’ Readjustment Assistance Act of 1974 (VEVRAA).   Pursuant to these laws, business with the federal government, both contractors and subcontractors, generally must follow a number of statutory and contractual requirements to follow the fair and reasonable standard that they not discriminate in employment on the basis of sex, race, color, religion, national origin, disability or status as a protected veteran. OFCCP generally audits and enforces these requirements. Memo to Funding Recipients: Compliance with Applicable Nondiscrimination and Equal Opportunity Statutes, Regulations, and Executive Orders.  

OFCCP has made clear that it will conduct compliance evaluations and host compliance assistance events to ensure that federal contractors comply and are aware of their responsibilities under EO 11246, Section 503 and VEVRAA. 

While many government contractors may be tempted to become complacent about OFCCP exposures based on reports of the OFCCP’s relatively low enforcement in the past, see Report Says OFCCP Enforcement Data Show Infrequent Veteran, Disability Bias Findings | Bloomberg BNA recent enforcement data documents OFCCP is getting much more serious and aggressive about auditing and enforcing compliance with its affirmative action and other requirements against government contractors under the Obama Administration.  See, OFCCP Enforcement Data is Available on a New DOL Website. See also, Affirmative Action Update: OFCCP Enforcement Statistics Show Increase in Violations.  The readiness of OFCCP to enforce its rules is illustrated by the settlement of an OFCCP action filed against federal contractor Nash Finch Co. (Nash Finch) announceed last week.  Under the settlement, Nash Finch to pay $188,500 in back wages and interest and offer jobs to certain women applicants who OFCCP charged Nash rejected for the entry-level position of order selector at the company’s distribution facility in Lumberton, Minnesota.  See Settlement of OFCCP Employment Discrimination Charge Reminder To ARRA, Other Government Contractors Of Heightened Enforcement Risks.

These government contractor disability discrimination risks are particularly acute where the government contractor works on or provides supplies on contacts or projects funded in whole or in part by monies provided under ARRA.    When the contract or project in question receives any funding out of the $787 billion of stimulus funding provided by ARRA, special OFCCP rules applicable to ARRA funded projects necessitates that federal contractors exercise special care to understand and meet their responsibilities and manage associated exposures.   See, e.g. Settlement of OFCCP Employment Discrimination Charge Reminder To ARRA, Other Government Contractors Of Heightened Enforcement Risks

GINA & Other Medical Information Nondiscrimination & Privacy Risks

Employers also need to use care to ensure that their hiring and other employment practices, as well as their employee benefits, workers’ compensation and wellness practices are up to date and properly managed to mitigate exposures under laws like the Genetic Information and Nondiscrimination Act (GINA),  the ADA’s medical information privacy requirements,  as well as the privacy and nondiscrimination rules of the Health Insurance Portability & Accountability Act and other relevant federal and state laws.

Signed into law by President Bush on May 21, 2008 and in effect since November 21, 2009, for instance, Title VII of GINA amended the Civil Rights Act to prohibit employment discrimination based on genetic information and to restrict the ability of employers and their health plans to require, collect or retain certain genetic information. Under GINA, employers, employment agencies, labor organizations and joint labor-management committees face significant liability for violating the sweeping nondiscrimination and confidentiality requirements of GINA concerning their use, maintenance and disclosure of genetic information. Employees can sue for damages and other relief like now available under Title VII of the Civil Rights Act of 1964 and other nondiscrimination laws.  For instance, GINA’s employment related provisions include rules that:

  • Prohibit employers and employment agencies from discriminating based on genetic information in hiring, termination or referral decisions or in other decisions regarding compensation, terms, conditions or privileges of employment;
  • Prohibit employers and employment agencies from limiting, segregating or classifying employees so as to deny employment opportunities to an employee based on genetic information;
  • Bar labor organizations from excluding, expelling or otherwise discriminating against individuals based on genetic information;
  • Prohibit employers, employment agencies and labor organizations from requesting, requiring or purchasing genetic information of an employee or an employee’s family member except as allowed by GINA to satisfy certification requirements of family and medical leave laws, to monitor the biological effects of toxic substances in the workplace or other conditions specifically allowed by GINA;
  • Prohibit employers, labor organizations and joint labor-management committees from discriminating in any decisions related to admission or employment in training or retraining programs, including apprenticeships based on genetic information;
  • Mandate that in the narrow situations where limited cases where genetic information is obtained by a covered entity, it maintain the information on separate forms in separate medical files, treat the information as a confidential medical record, and not disclosure the genetic information except in those situations specifically allowed by GINA;
  • Prohibit any person from retaliating against an individual for opposing an act or practice made unlawful by GINA; and
  • Regulate the collection, use, access and disclosure of genetic information by employer sponsored and certain other health plans.

These employment provisions of GINA are in addition to amendments to HIPAA, the Employee Retirement Income Security Act of 1974 (ERISA), the Public Health Service Act, the Internal Revenue Code of 1986, and Title XVIII (Medicare) of the Social Security Act that are effective for group health plan for plan years beginning after May 20, 2009.  Under these HIPAA and GINA rules, health plans generally may not make certain medical inquiries or discriminate against employees or their family members based on family or individual medical history or genetic information.  In addition, health plans and others are required to safeguard personal medical information and may only share that information only under very limited circumstances requiring specific documentation be in place and that the parties can prove that the access and use of that information is appropriately restricted.  Violation of these and other rules can have significant civil and in some cases even criminal liabilities for companies, plans, plan fiduciaries and company officials that take part in violations of these rules.

Businesses Should Act To Manage Risks

The ADAAA amendments, the Rehabilitation Act’s expanded reach, and the Obama Administration’s emphasis on enforcement make it likely that businesses generally will face more disability claims from a broader range of employees and will have fewer legal shields to defend themselves against these claims. These changes will make it easier for certain employees to qualify and claim protection as disabled under the ADA, the Rehabilitation Act, and other disability discrimination laws. 

All U.S. businesses should review and tighten the adequacy of their existing compliance and risk management practices to promote and document compliance.  These efforts should focus on all relevant hiring, recruitment, promotion, compensation, recordkeeping and reporting policies and practices internally, as well as those of any recruiting agencies, subcontractors or other business partners whose actions might impact on compliance.

In light of these and other developments and risks, businesses generally should act cautiously when dealing with applicants or employees with actual, perceived, or claimed physical or mental impairments to minimize exposures under the ADA, the Rehabilitation Act and other laws.  Management should exercise caution to carefully and appropriately assess and identify the potential legal significance of physical or mental impairments or conditions that might be less significant in severity or scope, correctable through the use of eyeglasses, hearing aids, daily medications or other adaptive devices, or that management might be tempted to assume fall outside the ADA’s scope.  

Likewise, businesses should be ready for the EEOC, OFCCP and the courts to treat a broader range of disabilities, including those much more limited in severity and life activity restriction, to qualify as disabling for purposes of the Act. Businesses should assume that a greater number of employees with such conditions are likely to seek to use the ADA as a basis for challenging hiring, promotion and other employment decisions.  For this reason, businesses generally should tighten job performance and other employment recordkeeping to enhance their ability to demonstrate nondiscriminatory business justifications for the employment decisions made by the businesses.

Businesses also should consider tightening their documentation regarding their procedures and processes governing the  collection and handling records and communications that may contain information regarding an applicant’s physical or mental impairment, such as medical absences, worker’s compensation claims, emergency information, or other records containing health status or condition related information.  The ADA generally requires that these records be maintained in separate confidential files and disclosed only to individuals with a need to know under circumstances allowed by the ADA. 

As part of this process, businesses also should carefully review their employment records, group health plan, family leave, disability accommodation, and other existing policies and practices to comply with, and manage exposure under  the genetic information nondiscrimination and privacy rules enacted as part of GINA, the health care privacy rules of the HIPAA, and the medical record privacy rules of the ADA.  Particular care should be used when planning wellness, health risk assessment, work-related injury, family or other medical leave or related programs, all of which raise particular risks and concerns.

In the face of the rising emphasis of OFCCP, the EEOC and other federal and state agencies on these audit and enforcement activities, government contractors should exercise additional compliance and risk management efforts beyond these generally recommended steps.   Among other things, these steps should include the following:

  • Government contractors and subcontractors should specifically review their existing or proposed contracts and involvements to identify projects or contracts which may involve federal or state contracts or funding that could trigger responsibility.  In this respect, businesses should conduct well-documented inquiries when proposing and accepting contracts to ensure that potential obligations as a government contractor are not overlooked because of inadequate intake procedures. Businesses also should keep in mind that ARRA and other federal program funds often may be filtered through a complex maze of federal grants or program funding to states or other organizations, which may pass along government contractor status and liability when subcontracting for services as part of the implementation of broader programs.  Since the existence of these obligations often is signaled by contractual representations in the contracts with these parties, careful review of contractual or bid specifications and commitments is essential.  However, it also generally is advisable also to inquire about whether the requested products or services are provided pursuant to programs or contracts subject to these requirements early in the process. 
  • In addition to working to identify contracts and arrangements that are covered by OFCCP or other requirements, government contractors and other businesses also should reconfirm and continuously monitor the specific reporting, affirmative action, and other requirements that apply to any programs that may be subject to OFCCP requirements to ensure that they fully understand and implement appropriate procedures to comply with these conditions as well as pass along  the obligation to make similarly necessary arrangements to any subcontractors or suppliers that the government contractor involves as a subcontractor. 
  • Throughout the course of the contract, the government contractor also should take steps to maintain and file all required reports and monitor and audit operational compliance with these and other requirements.  
  • The organization should develop and administer appropriate procedures for monitoring and investigating potential compliance concerns and maintaining documentation of that activity.  Any known potential deficiencies or complaints should be promptly investigated and redressed with the assistance of qualified counsel in a prompt manner to mitigate potential risks.
  • Documentation should be carefully retained and organized on a real time and continuous basis to faciliate efficiency and effectiveness in completing required reports, monitoring compliance indicators and responding to OFCCP, EEOC or private plaintiff charges as well as other compliance inquiries.
  • Any audit inquiries or charges should be promptly referred to qualified legal counsel for timely evaluation and response.
  • When available and affordable, management should consider securing appropriate employment practices liability coverage, indemnification from business partners and other liability protection and assurance to help mitigate investigagtion and defense costs.
  • Board members or other senior management should include periodic review of compliance in their agenda.

If you have any questions or need help reviewing and updating your organization’s employment and/or employee practices in response to the Rehabilitation Act, ADA, GINA or other applicable laws, or if we may be of help with regard to any other workforce management, employee benefits or compensation matters, please do not hesitate to contact the author of this update, Board Certified Labor and Employment Attorney and Management Consultant Cynthia Marcotte Stamer at 469.767.8872.

About The Author

Management attorney and consultant Cynthia Marcotte Stamer helps businesses, governments and associations solve problems, develop and implement strategies to manage people, processes, and regulatory exposures to meet their business and operational goals and manage legal, operational and other risks. Board certified in labor and employment law by the Texas Board of Legal Specialization, with more than 25 years human resource, employee benefits and management experience, Ms. Stamer helps businesses manage their people-related risks and the performance of their internal and external workforce though appropriate human resources, employee benefit, worker’s compensation, insurance, outsourcing and risk management strategies domestically and internationally. Recognized in the International Who’s Who of Professionals and bearing the Martindale Hubble AV-Rating, Ms. Stamer also is a highly regarded author and speaker, who regularly conducts management and other training on a wide range of labor and employment, employee benefit, human resources, internal controls and other related risk management matters.  Her writings frequently are published by the American Bar Association (ABA), Aspen Publishers, Bureau of National Affairs, the American Health Lawyers Association, SHRM, World At Work, Government Institutes, Inc., Atlantic Information Services, Employee Benefit News, and many others. For a listing of some of these publications and programs, see here. Her insights on human resources risk management matters also have been quoted in The Wall Street Journal, various publications of The Bureau of National Affairs and Aspen Publishing, the Dallas Morning News, Spencer Publications, Health Leaders, Business Insurance, the Dallas and Houston Business Journals and a host of other publications. Chair of the ABA RPTE Employee Benefit and Other Compensation Committee, a council member of the ABA Joint Committee on Employee Benefits, and the Legislative Chair of the Dallas Human Resources Management Association Government Affairs Committee, she also serves in leadership positions in many human resources, corporate compliance, and other professional and civic organizations. For more details about Ms. Stamer’s experience and other credentials, contact Ms. Stamer, information about workshops and other training, selected publications and other human resources related information, see here or contact Ms. Stamer via telephone at 469.767.8872 or via e-mail here.

Other Helpful Resources & Other Information

If you found these updates of interest, you also be interested in one or more of the following other recent articles published in this electronic Solutions Law publication available for review here including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here.

For important information concerning this communication click here.  If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to support@solutionslawyer.net.

©2012 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc.  All other  rights reserved. 


Labor Risks Rising For Employers Despite NLRB Loss Of Arizona Secret Ballot Challenge

September 6, 2012

Businesses concerned about Obama Administration-backed efforts to promote its pro-labor agenda must stay diligent despite the set back suffered by the National Labor Relations Board (NLRB) in its attempt to a Federal Judge to challenge state laws that purport to require secret balloting in union elections in NLRB v. State of Arizona.

Federal District Judge Frederick J. Martone handed the NLRB a temporary setback in its campaign to prevent states from enacting legislation that would interfere with NLRB efforts to  strengthen labor organizing powers by restricting secret ballot protections when he rejected the NLRB claims that an Arizona Constitutional Amendment mandating secret balloting in union elections was an unconstitutional infringement on the NLRB’s powers in his September 5, 2012 decision in NLRB v. State of Arizona,  the Court left the door open for a potentially successful challenge to the Arizona secret ballot amendment in the future depending on how Arizona applies the law.  Furthermore, considered in the context of the Obama Administration’s broader pro-union regulatory and enforcement agenda, the NLRB’s challenge to the Arizona and other state secret ballot laws reminds businesses  that their operation face a minefield of mounting labor-management relations risks icluding many that create traps for management sometimes even in the case of non-union workplaces.  In light of these expanding exposures, business leaders should update their policies and practices to mitigate the rising risks while keeping a close eye on the Obama Administration’s ongoing effort to expand the power of organized labor by challenging secret ballot mandates in Arizona and other states and the plethora of other pro-union regulatory and enforcement  efforts.

NLRB Attacks On Workers’ Secret Balloting Rights

Undermining worker’s secret ballot rights is a key initiative that organized labor with the support of the Obama Administration has promoted to help union organization efforts.

Secret balloting of workers in union organizing elections is designed to promote the ability of worker’s to vote their wishes free from the fear of retaliation by unions or management.  It has been a key element of the NLRA since its enactment.

The current method for workers to form a union in a particular workplace generally is a two-step process that begins with the submission by organizers to the NLRB of a petition or authorization card signed by at least 30% of the employees requesting recognition of the union. Under existing law, once the NLRB verifies that the organizers have met the petition or authorization card requirement, it generally orders a secret ballot election unless more than 50% of the workers have signed authorization cards and either:

  • The employer notifies the NLRB that it is waiving the secret ballot and voluntarily recognizing the union; or
  • The NLRB orders the employer to recognize a union based on the NLRB’s determination that the employer has engaged in unfair labor practices that make a fair election unlikely.

Since the Obama Administration came to power, however, labor with the support of the NLRB and the Obama Administration have included efforts to eliminate or get around secret balloting as part of their broader campaign to strengthen and promote unions and their power.  These efforts are reflected in the sharp increase in orders by the NLRB with new Obama appointees that employers recognize unions without balloting,  the Obama Administration and Congressional Democrats are pushing to enact the Employee Free Choice Act, which would make union recognition mandatory without any balloting when the NLRB verifies that over 50% of the employees signed authorization cards, and challenges to state laws that would impede these efforts like that brought against the State of Arizona.  While Congressional Democrats and the Administration have thus far failed to get the legislation passed, they continue to voice their support for and intention to pursue its enactment after the elections in November.

NLRB’s Challenge To Arizona Constitution’s Secret Ballot Provision

In NLRB v. State of Arizona, Judge Frederick J. Martone on September 5, 2012 handed the NLRB a temporary setback in its campaign to prevent states from enacting legislation that would interfere with its efforts to avoid or cut secret ballot protection when it granted the State of Arizona’s motion to dismiss the case but left the door open for future action.

As Federal legislation and enforcement actions that would limit workers’ rights to vote in a secret ballot rights have continued, Arizona and various other states have enacted laws to protect secret ballot rights in their states.

In January 2011, the NLRB advised Arizona and three other states that recently adopted “secret-ballot amendments” conflicted with longstanding federal labor law by restricting the methods by which employees can choose a union. When no agreement could be reached, the NLRB filed suit to have the Arizona amendment declared unconstitutional.

The Arizona lawsuit challenged a 2010 constitutional amendment to the Arizona Constitution that states”[t]he right to vote by secret ballot for employee representation is fundamental and shall be guaranteed where local, state or federal law permits or requires elections, designations or authorizations for employee representation.”  Arizona Constitution, Article 2 § 37.  In its lawsuit, the NLRB asked the Federal Court to declare Article 2 § 37 unconstitutional and preempted to the extent that it applies to private employers, private employees, and labor organizations subject to the NLRA on the grounds that the state secret ballot rule “creates a state forum to protect employee representation rights, a task which Congress assigned exclusively to the NLRB.

Among its other efforts to defend the statute, Arizona argued there was no preemption because the state’s “guarantee” of a secret ballot election would only apply if the voluntary recognition option is not selected.

In reaching its ruling, the Federal Court hung its hat on this argument.  “It is possible that state litigation invoking (the amendment) may impermissibly clash with the NLRB’s jurisdiction to resolve disputes over employee recognition, conduct secret ballot elections, and address unfair labor practices,” Judge Martone wrote.  However, because the amendment has not yet been applied, Judge Martone wrote that he could not assume that it would conflict with the NLRA.

Arizona Decision A Temporary Victory In Battle In Labor-Management Relations War

While the court rejected the NLRB challenge of the Arizona secret ballot requirement this week, the NLRB’s announced disagreement with the decision coupled with the limited scope of the ruling makes clear that businesses watch for another NLRB challenge based on the implementation of the law as well as other new regulatory and enforcement traps for employers. 

The court battle over Arizona’s secret ballot amendment is just one of the many areas where the NLRB under the Obama Administration is pursuing a pro-union agenda.  In addition to challenging state laws that might operate to restrict union organizing or other activities, the NLRB also has adopted and is promoting the adoption of other pro-labor rules as well as stepping up enforcement on behalf of labor. See e.g., NLRB Moves To Promote Non-Union Employee Use of Collective Action Rights By Launching Webpage; NLRB Report Shows Rise In Unfair Labor Practice Complaints  Formal Proceedings Comments Feed; NLRB Settlement Shows Care Necessary When Using Social Networking & Other Policies Restricting Employee Communications.  As part of these efforts, for instance, the NLRB increasingly is challenging the authority of employers to enforce mandatory arbitration provisions in employee handbooks or employment agreements, to regulate social media, and to engage in a broad range of other common employer practices while at the same time, it is using its regulatory powers to promote employer posting and other requirements designed to educate workers about their organizational rights.  As many of these new rules apply both to unionized workplaces and ununionized workplace, these and other evolving rules often leave all employers to significant and often underappreciated labor law risks in a broad range of circumstances.  This risk tends to take on particular significance for unorganized workforces  due to a low awareness or appreciation of these changes or their implications on unorganized workforces by their management team.  Mistakes are increasingly costly in the current enforcement environment.

Costly Consequences For Employers

The statistics show the cost of management mishandling of labor relations in today’s environment is expensive and growing.  This pro-labor regulatory and enforcement agenda as resulted in a significant rise in NLRB unfair labor practice charges in recent years.  According to NLRB statistics, the number of unfair labor practice charges brought by the NLRB steadily rose from 2009 to 2011.  The number of charges filed by was 1,342 in 2011, 1,242 in 2010, 1,166 in 2009 and 1,108 in 2008.  Moreover, NLRB statistics also document that backpay and other remedies also have risen sharply during this period.  For instance, in 2008, the NLRB ordered a total of $68,800,000 in backpay, fees, dues and fines in 9,400 cases.  In contrast, in 2009, the NLRB ordered $77,700,000 in backpay, fees, dues and fines against employers even though the number of cases dropped to 8,700,000 cases.  This trend continued in 2010, where out of 8,300 cases, the NLRB ordered employers to pay $86,100,000 in backpay, fees, dues and fines.  See NLRB Statistics. See also NLRB Case Decisions.

In light of this increased activism, employers should exercise care when using mandatory arbitration, compensation gag rule, or other similar provisions; dealing with requests for employee representation by union and non-union employees in organizing, contracting and even disciplinary actions; establishing and administering social networking, communication and other policies; and a wide range of other situations. In addition, employers concerned about these or other labor activities should consult competent counsel for advice about appropriate options and risks for dealing with these activities. 

If you have any questions or need help reviewing and updating your organization’s employment and/or employee practices in response to the NLRA or other applicable laws, or if we may be of assistance with regard to any other workforce management, employee benefits or compensation matters, please do not hesitate to contact the author of this update, Cynthia Marcotte Stamer.

About The Author

Management attorney and consultant Cynthia Marcotte Stamer helps businesses, governments and associations solve problems, develop and implement strategies to manage people, processes, and regulatory exposures to achieve their business and operational objectives and manage legal, operational and other risks.

Board certified in labor and employment law by the Texas Board of Legal Specialization, with more than 20 years human resource, labor and employment and employee benefits experience, Ms. Stamer helps businesses manage their people-related risks and the performance of their internal and external workforce though appropriate human resources, employee benefit, worker’s compensation, insurance, labor management, outsourcing and risk management strategies domestically and internationally.

Recognized in the International Who’s Who of Professionals and bearing the Martindale Hubble AV-Rating, Ms. Stamer also is a highly regarded author and speaker, who regularly conducts management and other training on a wide range of labor and employment, employee benefit, human resources, internal controls and other related risk management matters.  Her writings frequently are published by the American Bar Association (ABA), Aspen Publishers, Bureau of National Affairs, the American Health Lawyers Association, SHRM, World At Work, Government Institutes, Inc., Atlantic Information Services, Employee Benefit News, and many others. For a listing of some of these publications and programs, see here. Her insights on human resources risk management matters also have been quoted in The Wall Street Journal, various publications of The Bureau of National Affairs and Aspen Publishing, the Dallas Morning News, Spencer Publications, Health Leaders, Business Insurance, the Dallas and Houston Business Journals and a host of other publications. Chair of the ABA RPTE Employee Benefit and Other Compensation Committee, a council member of the ABA Joint Committee on Employee Benefits, and the Legislative Chair of the Dallas Human Resources Management Association Government Affairs Committee, she also serves in leadership positions in many human resources, corporate compliance, and other professional and civic organizations. For more details about Ms. Stamer’s experience and other credentials, contact Ms. Stamer, information about workshops and other training, selected publications and other human resources related information, see here or contact Ms. Stamer via telephone at 469.767.8872 or via e-mail to  cstamer@solutionslawyer.net

If you find this of interest, you also be interested reviewing some of Ms. Stamer’s other recent updates, including:

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile at here or e-mailing this information here.   

©2012 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc. All other rights reserved.


HR Key Player In Managing Countrywide & Other US Discrimination Exposures

December 23, 2011

This week’s announcement by the U.S. Justice Department of the  largest residential fair lending settlement in history on December 21, 2011 highlights the widening scope of exposures that U.S. businesses face under a broad range of federal Civil Rights and other discrimination laws.   The settlement shows that discrimination risks are rising and that employment discrimination is only part of the problem. In addition to managing employment discrimination exposures in their employment practices, many businesses and business leaders also need to take steps to adequately recognize and provide policies, management controls and training to maintain compliance with federal disability and other discrimination laws prohibiting discrimination against disabled or other customers or others with whom they do business. 

Human resources and other management leaders should move quickly to help their organizations manage these risks and responsibilities.

Countrywide Settlement

This week’s Justice Department settlement with Countrywide Financial Corporation and its subsidiaries (Countrywide) provides for payment of $335 million in compensation to the more than 200,000 qualified African-American and Hispanic borrowers that Federal officials allege were victims of the widespread pattern or practice of illegal discrimination against qualified African-American and Hispanic borrowers by Countrywide while Countrywide served as one of the nation’s largest single-family mortgage lenders and originated more than 4 million residential mortgage loans.  Bank of America now owns Countrywide.

Federal officials charged Countrywide engaged in discriminatory mortgage lending practices against more than 200,000 qualified African-American and Hispanic borrowers from 2004 through 2008.  The Justice Department claimed it uncovered a pattern or practice of discrimination involving victims in more than 180 geographic markets across 41 states and the District of Columbia. These discriminatory acts allegedly included widespread violations of the Fair Housing Act and the Equal Credit Opportunity Act, and resulted in African-American and Hispanic borrowers being charged higher rates for mortgage loans – solely because of their race or national origin.

According to Attorney General Eric Holder, today’s settlement will compensate the more than 200,000 African-American and Hispanic borrowers who were victims of discriminatory conduct, including more than 10,000 African-American or Hispanic borrowers who – despite the fact that they qualified for prime loans – were steered into subprime loans. Subprime borrowers pay higher penalties and higher interest rates, have a greater likelihood of default and foreclosure than with prime loans, and other damages.

When announcing the settlement, Attorney General Holder reaffirmed the Obama Administration’s commitment to finding and prosecuting businesses that engage in illegal discriminatory practices.  To read Attorney General Eric Holder’s remarks, click here.

Discrimination Obama Administration Priority

Enforcing disability discrimination laws is a high priority of the Obama Administration Business leaders increasingly recognize the need to tighten procedures to manage disability discrimination risks.  

Human resources and other business leaders often recognize human resource related discrimination risks as requiring management.  The heightened emphasis of the Obama Administration on disability regulation and enforcement clearly is raising business responsibilities and exposures under these employment laws.  In order to manage these exposures effectively, however, it is important that businesses and their human resources leaders do not take for granted the adequacy of their current compliance and risk management efforts in light of the Obama Administration’s aggressive regulatory and enforcement agenda in this area.  See e.g.,  Affordable Care Act To Require Health Plans Cover Contraception & Other Women’s Health Procedures In 2012; EEOC Finalizes Updates To Disability Regulations In Response to ADA Amendments Act; Update Employment Practices To Manage Genetic Info Discrimination Risks Under New EEOC Final GINA Regulations; EEOC Attacks Medical Leave Denials As Prohibited Disability Discrimination; Labor Secretary Comments Highlight Federal Protections & Resources To Support Veteran’s Employment Rights

Employment discrimination risks are not the only discrimination exposures that U.S. organizations need to be concerned about, however.  The Countrywide settlement joins a lengthy list of settlements and other actions by the Obama Administration against businesses and government entities for alleged violations of U.S. civil rights and other nondiscrimination laws.  See, e.g. Businesses Face Rising Disability Discrimination Enforcement RisksNew Obama Administration Affirmative Action Guidance Highlights Organization’s Need To Tighten Nondiscrimination Practices; OFCCP Proposed Increased Disability Hiring Targets, Other Tougher Government Contractor Rules another Sign Of Rising Employment Discrimination RisksIncentives To Get Employee Into Wellness Education Requires Legal Risk Management; New School Racial Accommodation Guidance Gives Important Insights For Schools & Other Organizations On Obama Administration Affirmative Action Enforcement; Justice Department Landlord Suit Shows Businesses Face Rising Disability Discrimination Enforcement Risks; Big Penalty for Lender Shows Risks of Violating Military Service or Vets Rights; OCR Requires Rhode Island DHS To Provide Translation, Other Services For Limited English, Other Language Impaired Accommodations.

These regulatory, audit, enforcement and other actions show that private businesses and state and local government agencies alike should exercise special care to prepare to defend their employment and other business practices  against potential disability or other Civil Rights discrimination challenges on a broad range of fronts. 

HR Key Player

Human resources professionals are key players to efforts to effectively manage their organization’s overall discrimination risks and responsibilities by managing compliance throughout the organization.

All organizations, whether public or private need to make sure both that their organizations, their policies, and people in form and in action understand and comply with current disability and other nondiscrimination laws.  When reviewing these responsibilities, many state and local governments and private businesses may need to update their understanding of current requirements.  

Federal nondiscrimination and other laws have been expanded or modified in recent years by statutory, regulatory or enforcement changes, risk management efforts should begin with an assessment of the adequacy of existing policies and practices in light of the latest rules and enforcement actions.  Based on this assessment, business and governmental organizations should update policies and procedures as required, tighten documentation, and conduct ongoing, well-documented audits and training to mitigate exposures.

Human resources and other management leaders should position their organizations to guard against rising enforcement of these laws by updating policies, oversight and training to ensure that their workers and business partners recognize and know how to conduct themselves properly to fulfill responsibilities to persons with disabilities or others with whom the business deals who may be protected under Federal or state disability discrimination laws.  In addition to adopting and training workers on policies requiring compliance with these laws, businesses should include contractual provisions requiring compliance with these laws in leases and other relevant business contracts.  Most businesses also may want to provide and post information about processes that customers or others who may have a concern about the needs of persons with these special needs to position the business to address concerns that otherwise might go unnoticed until they arise to the level of an agency or other legal  complaint.

If you need assistance in conducting a risk assessment of or responding to a challenge to your organization’s existing policies or practices for dealing with the issues addressed in these publications or other compliance, labor and employment, employee benefit, compensation, internal controls or other management practices, contact attorney Cynthia Marcotte Stamer.

For Help With Compliance, Risk Management & Defense

If you need help in auditing or assessing, updating or defending your organization’s compliance, risk manage or other  internal controls practices or actions, please contact the author of this update, attorney Cynthia Marcotte Stamer here or at (469)767-8872.  If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available at www.cynthiastamer.com.

Board Certified in Labor & Employment Law by the Texas Board of Legal Specialization, management attorney and consultant Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping employers and other management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; and others design, administer and defend innovative workforce, compensation, employee benefit  and management policies and practices. Her experience includes extensive work helping employers carry out, audit, manage and defend union-management relations, wage and hour, discrimination and other labor and employment laws, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions.  The Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee, a Council Representative on the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, re-engineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For more information about Ms. Stamer and her experience or to get access to other publications by Ms. Stamer see here or contact Ms. Stamer directly.

©2011 Cynthia Marcotte Stamer.  Non-exclusive right to republish granted to Solutions Law Press, Inc..  All other rights reserved.


EEOC Attacks Medical Leave Denials As Prohibited Disability Discrimination

October 19, 2010

Two new Equal Employment Opportunity Commission (EEOC) lawsuits filed against a Texas concrete manufacturer and Los Angeles garment manufacturer highlight the need for U.S. employers with more than 14 employees to consider and prepare to defend against potential disability discrimination exposures when dealing with medical leave requests by employees who might be considered disabled under the Americans with Disabilities Act (ADA) as well as other expanding ADA enforcement exposures.  Read more.

The lawsuits reflect that employers considering an employee’s request for medical leave should evaluate if the ADA requires the employer to grant the requested medical leave in addition to considering any otherwise applicable leave entitlement the requesting employee qualifies for under the Family & Medical Leave Act, state leave laws or otherwise applicable employer policies.  As a result, all employers of 15 or more employees generally should review and tighten their policies and processes for evaluating requests for medical leave to minimize their exposure to claims that the denial of a requested medical leave violated the ADA. 

Furthermore, employers also should consider the advisability of other more generalized policy or procedure updates to strengthen their defensibility against potential ADA and other disability claims generally in light of stepped up enforcement by the EEOC and private plaintiffs changes to the ADA made by the ADA Amendments Act of 2008 (ADAAA) that makes it easier for employees to win ADA suits. To mitigate growing exposures to these claims, employers covered by the ADA and/or the Rehabilitation Act of 1973 should review and strengthen their existing hiring and other employment practices and documentation to strengthen their defensibility in the face of these new challenges. 

If you need assistance responding an employee’s request for medical leave or other accommodations, or otherwise to review, update or defend your disability discrimination or other employment, compensation, benefits or other workforce, internal controls or risk management practices, please contact the author of this update, Board Certified Labor & Employment attorney Cynthia Marcotte Stamer at (469) 767-8872 or via e-mail here.

Other Resources

If you found this information of interest, you also may be interested in reviewing other recent Solutions Law Press updates including:

About Ms. Stamer

Management attorney and consultant Cynthia Marcotte Stamer helps businesses, governments and associations solve problems, develop and implement strategies to manage people, processes, and regulatory exposures to achieve their business and operational objectives and manage legal, operational and other risks. When working with clients, Ms. Stamer combines a client-oriented approach with an extensive practical and technical knowledge of human resources, insurance, employee benefits, health care, privacy & security, corporate compliance and other legal matters to assist clients to formulate and administer pragmatic operational and risk management strategies and effective internal controls taking into account the financial, operational, political, legal and other realities confronting the client.

Recognized in the International Who’s Who of Professionals and bearing the Martindale Hubble Premier AV-Rating, Ms. Stamer also is a highly regarded author and speaker who serves in the leadership of many professional and civil organizations.  She regularly conducts management and other training on a wide range of workforce management, employee benefits, compensation, risk management internal controls, and other related matters for businesses, trade and professional associations and others. Her insights on human resources risk management matters appear in The Wall Street Journal, various publications of The Bureau of National Affairs and Aspen Publishing, the Dallas Morning News, Spencer Publications, Health Leaders, Business Insurance, the Dallas and Houston Business Journals and a host of other publications.  To request Ms. Stamer’s assistance, for information about arranging for Ms. Stamer to provide workshops and other training, to access other publications or resources or for more details about Ms. Stamer’s experience and other credentials, contact Ms. Stamer at via telephone at 469.767.8872 or via e-mail at cstamer@solutionslawyer.net or see CynthiaStamer.com.

If you or someone else you know would like to receive future updates and notices about upcoming programs and events, please be sure that we have your current contact information – including your preferred e-mail- by creating or updating your profile at here.  To unsubscribe, send an e-mail with “Unsubscribe” in the subject here.  For important information concerning this communication see here.

©2010 Cynthia Marcotte Stamer.  License to reprint granted to Solutions Law Press.  All other rights reserved.


Stamer To Discuss “Health Care Reform’s Implications For Employers, Health Plans & Employee Benefits Practitioners” At May 5 Dallas Bar Association Meeting

March 22, 2010

Cynthia Marcotte Stamer will discuss “Health Care Reform:  Implications for Employers, Health Plans and Employee Benefits Practitioners” at the May 5, 2010 meeting of Dallas Bar Association Employee Benefits/Executive Compensation Section to be held from 12:00 noon – 1:00 p.m. in the Haynes & Boone Ballroom of Dallas Bar Association Belo Mansion located at 2101 Ross Avenue in Dallas, Texas.

Narrowly passed by Congress in March after a year of contentious debate, the comprehensive health care reform legislation imposes a complex array of reforms impacting employment based health plans, employers, and the insurers and other vendors and administrators of these programs.  Ms. Stamer will explore key elements of these reforms impacting employers and employment based health coverage and their implications for employers, employment based health plans, and employee benefits and other attorneys providing advice about these arrangements.

Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee, an ABA Joint Committee on Employee Benefits Council member, Chair of the Curran Tomko Tarski Labor, Employment & Employee Benefits Practice and former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group and the Dallas Bar Association Employee Benefits & Executive Compensation Section, Ms. Stamer is nationally recognized for more than 22 years of work with employer and other health plan sponsors, fiduciaries, administrative and other service providers, insurers, and other clients on health benefit program and product design, documentation, administration, compliance, risk management, and public policy matters.  The publisher of Solutions Law Press, Ms. Stamer also publishes, conducts training and speaks extensively on these and related concerns for the ABA, the Bureau of National Affairs and many other organizations.  For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.   For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

If you need assistance with evaluating or responding to this new legislation or other employee benefits, employment, compensation or other management concerns, wish to inquire about compliance, risk management or training, or need legal representation on other matters please contact Cynthia Marcotte Stamer at cstamer@cttlegal.com, 214.270.2402; or your other preferred Curran Tomko Tarski LLP attorney.

If you found this information of interest, you also may be interested in reviewing other updates and publications by Ms. Stamer including:

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here and learn more about  other Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press distributions here. For important information concerning this communication click here.    

©2010 Cynthia Marcotte Stamer. All rights reserved.


Stamer To Speak About TPA & Other Plan Services Agreement Contracting Strategies For Managing Risks & Improving Effectiveness At 2010 Great Lakes Benefits Conference

March 13, 2010

Curran Tomko Tarski LLP Labor & Employment Practice Chair and Solutions Law Press Publisher Cynthia Marcotte Stamer will discuss “TPA & Other Plan Services Agreements- Managing Risks & Improving Effectiveness” At 2010 Great Lakes Benefits Conference to be held at the Wyndham Chicago Hotel on June 16-17, 2010. 

Growing regulatory, fiduciary and other compliance risks magnify the importance of the careful negotiation and documentation of third party administration and other plan-related service agreements for plans, plan sponsors, plan fiduciaries and service providers. Careful credentialing, negotiation and documentation of administrative and other services relationships plays an increasingly key role in the ability of plan sponsors, plans, fiduciaries and service providers to allocate and efficiently manage plan operations, meet compliance obligations, and allocate and manage fiduciary and other legal risks.

Ms. Stamer’s workshop will examine key concerns like how administrative services contract terms, plan terms, the parties of actions and other factors help determine which parties are exposed to fiduciary and other liabilities; who is responsible for fiduciary, administrative, reporting and disclosure, bonding, indemnification and other responsibilities; and terms and processes that may help parties manage their relationships and legal risks by exploring some of the common issues and concerns that need to be considered when entering into these contractual arrangements.

Co-hosted by the Internal Revenue Service and ASPPA, this two day Conference features presentations on regulatory, legislative, administrative and actuarial and other employee benefit issues lead by local, regional and national government representatives from the Internal Revenue Service and the Department of Labor and nationally recognized employee benefit leaders from private industry. To register for the Conference or for additional information, see here.

Chair of the American Bar Association RPTE Employee Benefits & Compensation Committee, an ABA Joint Committee on Employee Benefits Council member, Chair of the Curran Tomko Tarski Labor, Employment & Employee Benefits Practice and former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer is nationally recognized for more than 22 years domestic work with employer and other plan sponsors, fiduciaries, administrative and other service providers, insurers, and other clients on employee benefit program and product design, documentation, administration, compliance, risk management, and public policy matters.  The publisher of Solutions Law Press, Ms. Stamer also publishes, conducts training and speaks extensively on these and related concerns.  For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.   For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

If you need assistance with vendor or other outsourcing contracts, or other employee benefits, employment, compensation or other management concerns, wish to inquire about compliance, risk management or training, or need legal representation on other matters please contact Cynthia Marcotte Stamer, CTT Labor & Employment Practice Chair at cstamer@cttlegal.com, 214.270.2402; or your other preferred Curran Tomko Tarski LLP attorney.

If you found this information of interest, you also may be interested in reviewing other updates and publications by Ms. Stamer including:

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here and learn more about  other Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press distributions here. For important information concerning this communication click here.    If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2010 Cynthia Marcotte Stamer. All rights reserved.


Privacy Rule Changes & Posting of Breach Notices On OCR Website Signal New Enforcement Risks For Health Plans, Their Sponsors & Business Associates

February 23, 2010

 By Cynthia Marcotte Stamer

The Department of Health and Human Services Office of Civil Rights (OCR) has begun disclosing on its website the employer and other health plans, health care providers, health care clearinghouses and their business associates (Covered Entities) that report breaches of unsecured protected health information (UPIC) affecting more than 500 individuals as required by new rules enacted as part of the Health Information Technology for Economic and Clinical Health Act (HITECH Act). This posting of Covered Entities reporting breaches comes just days after these and other Covered Entities became subject on February 17, 2010 to a host of other tighter federal requirements for the use, access, protection and disclosure of protected health information under Privacy & Security Standards of the Health Insurance Portability & Accountability Act (HIPAA) also enacted as part of the HITECH Act. As failing to comply with the amended rules effective February 17, 2010 can trigger obligations under the Breach Regulations and other exposures, prompt action to manage risk under both the Breach Regulations and the revised HIPAA rules is critical to minimize Covered Entity and business associate exposures under both these rules. With criminal, administrative and civil prosecutions of such violations increasing and likely to expand, timely action to manage compliance and other risks is warranted. Health plans and their business associates also should prepare for increased awareness and oversight of the adequacy of their medical information safeguards as these disclosures and other enforcement actions heighten interest and awareness of employees and others in these rules.

Covered Entity Breach Notification Requirements

OCR posted the initial list of Covered Entities disclosing these breaches on its website for the first time yesterday (February 22, 2010) to comply with breach notification requirements imposed by Section 164.408 of the interim “Breach Notification For Unsecured Protected Health Information” regulation (Breach Regulation) published here

The Breach Regulation requires Covered Entities subject to the Health Insurance Portability & Accountability Act (HIPAA) to notify affected individuals, OCR and certain other parties following a “breach” of “unsecured” protected health information occurring on or after September 23, 2009.  The Breach Regulation implements new breach notification requirements added to HIPAA by Section 13402(e)(3) of the Health Information Technology for Economic and Clinical Health Act (HITECH Act). It and the posting of Covered Entities reporting breaches of protected health information are part of the ongoing implementation and enforcement of new and stricter personal health information privacy and data security requirements for Covered Entities added to HIPAA under provisions of the HITECH Act and expanded remedies for violations signed into law on February 17, 2009 as part of American Recovery and Reinvestment Act of 2009 (ARRA).

You can review the list of Covered Entities that have reported breaches on the OCR website here.  Learn more about the Breach Regulation requirements here.

Broader & Stricter Medical Privacy Mandates Effective 2/17/210

Just last Wednesday (February 17, 2010) Covered Entities and their business associates also became subject to tighter federal requirements for the use, access, protection and disclosure of protected health information under amendments to HIPAA’s Privacy & Security Standards enacted by the HITECH Act. The changes that became effective on February 17, 2010 generally require that Covered Entities and their business associates make specific changes to update their written policies, operational procedures, privacy notices, business associate agreements, training, and other management procedures in several respects. For more details, see here.

While the HITECH Act gave Covered Entities and business associates a year to complete the necessary arrangements to comply with these HITECH Act changes, many Covered Entities and business associates have remain unnecessarily exposed under these new requirements by not completing or otherwise failing to adequately implement the necessary arrangements despite expanding liability exposures that can result from noncompliance. To mitigate these exposures, Covered Entities and their business associates should act quickly to review and update their policies, procedures, training, business associate and other services agreements, and other practices and procedures, as well as to implement the training, oversight, and other management necessary to comply with the HITECH Act changes and to mitigate other HIPAA risks.

Exposures Significant & Growing

Covered Entities and business associates failing to devote adequate attention and resources to  managing HIPAA compliance and associated risks risk increasing peril.  Aside from the potential implications that disclosures of violations may have on patients and others impacting their business, the legal risks of noncompliance for Covered Entities, business associates and others mishandling protected health information are real and growing.   

Timely action to comply with the amended HIPAA requirements and Breach Regulations is important both to preserve critical trust in the business, to avoid triggering breach notifications that can undermine this trust and fuel legal complaints, and to avoid exposure to an expanding range of sanctions that can result when a violation occurs. 

Amendments made under the HITECH Act have expanded the size and availability of remedies that can be imposed for HIPAA violations as well as the parties empowered to pursue these remedies.  Wrongful use, access or disclosure of protected health information in violation of HIPAA subjects participating health plans, health care providers, health care clearinghouses, their business associates and other workforce members and others to civil penalties,  criminal prosecution and, since February 17, 2009, civil lawsuits brought by state attorneys general on behalf of citizens of their states whose HIPAA rights were violated.  Since September 23, 2009, health plans and other HIPAA Covered Entities as well as their  business associates also became obligated to provide breach notification under new mandates imposed by the HITECH Act.  Coupled with increased enforcement emphasis by regulators, these expansions to HIPAA’s remedy provisions increase the risk that Covered Entities or business associates violating HIPAA face investigation and sanction.  Furthermore, the wrongful use, access or disclosure of protected health information or other confidential information also increasingly is the basis of civil or criminal actions brought under a variety of other federal and state laws.

Expanded HIPAA & Other Federal Prosecutions & Remedies

The expanded requirements imposed under the Breach Regulation and the other HITECH Act changes that took effect on February 17, 2010 follow the implementation changes to HIPAA’s civil and criminal sanctions that took effect on February 17, 2009, when President Obama signed the HITECH Act into law. The HITECH Act amendments to HIPAA’s remedies significantly increase the risk that health plans and other Covered Entities and their business associates will face civil lawsuits, civil or criminal penalties or other consequences for violating HIPAA. Noncompliance with these and other HIPAA requirements subjects Covered Entities and business associates to civil penalties, criminal prosecution, civil damage awards under lawsuits brought by state attorneys general, and other legal remedies.  In addition, timely update written policies, procedures, business associate agreements, training and documentation is imperative in order for Covered Entities and their business associates to fulfill their breach notification obligations under new rules enacted as part of the HITECH Act. 

HITECH Amendments Expand Liability Exposures

The expanded risks stem in part from the HITECH Act’s amendments to HIPAA’s remedy provisions.  Among other things, the HITECH Act amended HIPAA to:

  • Allow a State Attorney General to sue health plans or other Covered Entities, business associates or both that harm state citizens by committing HIPAA violations after February 16, 2009;
  • Expand the mandate by OCR to investigate violations and audit compliance with HIPAA;
  • Require Office of Civil Rights to impose civil sanctions against Covered Entities and business associates involved in violations of HIPAA in accordance with tightened standards added to HIPAA by the HITECH Act;
  • Revise the criminal sanctions that the Department of Justice can seek against Covered Entities, their business associates and others for violations of HIPAA; and
  • Amend HIPAA to make clear that HIPAA’s criminal sanctions also can imposed on business associates, workforce members and other persons that improperly use, access and disclose protected health information in violation of HIPAA.

State Attorney General Lawsuit Exposures

Covered Entities and their business associates now also need to be concerned about the potential that a state Attorney General may bring civil suit to remedy damages caused to state citizens by a breach of HIPAA. 

The HITECH Act empowers a state attorney general to sue Covered Entities or business associates engaging in HIPAA violations that harms citizens of the state for statutory damages equal to the sum of the number of violations multiplied by 100 up to a maximum of $25,000 per calendar year plus attorneys fees and costs

A HIPAA civil lawsuit filed on January 13, 2010 demonstrates the willingness of at least some states to exercise the new authority created by the HITECH Act on February 17, 2009 to sue Covered Entities and business associates that violate HIPAA for civil damages.

On January 13, 2010 Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc. (Health Net) for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees and promptly notify consumers endangered by the security breach.   The suit also names UnitedHealth Group Inc. and Oxford Health Plans LLC, who have acquired Health Net.  The first attorney general enforcement action brought based on amendments made to HIPAA under the HITECH Act, Connecticut charges that Health Net violated HIPAA by failing to safeguard protected medical records and financial information on almost a half million Health Net enrollees in Connecticut then allowing this information to remain exposed for at least six months before notifying authorities and consumers.

Stepped Up Federal Enforcement

Even before the HITECH Act amendments, however, OCR and Department of Justice already were stepping up HIPAA investigation and enforcement.  The Department of Justice has obtained a variety of criminal convictions against violators of HIPAA.  See, e.g., 2 New HIPAA Criminal Actions Highlight Risks From Wrongful Use/Access of Health InformationMeanwhile, OCR also is emphasizing HIPAA enforcement.  In February, 2009, for instance, OCR announced that CVS Pharmacies, Inc. would pay $2.25 million to resolve HIPAA charges.  This announcement followed OCR’s announcement in July, 2008 that Providence Health Care would pay $100,000 to resolve HIPAA violation charges.  OCR also has taken HIPAA enforcement actions against a broad range of other Covered Entities to redress HIPAA violations or other compliance concerns.  To review examples of these other actions, see hereWhile not resulting in the significant payments involved in CVS or Providence, all Covered Entities involved in these and other enforcement actions or investigations have incurred significant legal and other defense costs, loss of community trust, or both.

In addition to these HIPAA-specific exposures, wrongful use, access or disclosure of medical information also can give rise to liability for health plans and other Covered Entities, business associates, employees and other members of their workforce and others improperly using, accessing or disclosing protected health information.  Federal and state prosecutions may and increasingly do criminally prosecute individuals for improperly accessing or using medical or other personal information under a variety of other federal or state laws .  See e.g., Cybercrime & Identity Theft: Health Information Security Beyond HIPAA; NY AG Cuomo Announcement of 1st Settlement For Violation of NY Security Breach Notification Law; Woman Who Revealed AIDs Info Gets A YearAdditionally, State courts also increasingly are permitting individuals harmed by HIPAA violations to use HIPAA as the foundation of state law duties used to maintain state negligence, invasion of privacy, retaliation or other claims for damages. Read more here

State Civil Lawsuits

Along side these governmental actions, state courts also increasingly are willing to allow individual plaintiffs to rely on violations of HIPAA as the basis for bringing state privacy, retaliation or other actions.  While prior to the recent HITECH Act amendments, federal courts had ruled that private plaintiffs could not sue under HIPAA for damages they incurred from a Covered Entity’s violation of HIPAA, state courts have allowed private plaintiffs to use the obligations imposed by HIPAA as the basis of a Covered Entity’s duty for purposes of certain state law lawsuits.  In  Sorensen v. Barbuto, 143 P.3d 295 (Utah Ct. App. 2006), for example, a Utah appeals court ruled a private plaintiff could use HIPAA standards to establish that a physician owed a duty of confidentiality to his patients for purposes of maintaining a state law damages claim.  Similarly, the Court in Acosta v. Byrum, 638 S.E. 2d 246 (N.C. Ct. App. 2006) ruled that a plaintiff could use HIPAA to establish the “standard of care” in a negligence lawsuit.

Meanwhile, disgruntled employees or other business partners also increasingly raise alleged HIPAA misconduct as a basis of their legal complaints.  For instance, private plaintiffs employed by Covered Entities also are increasingly pointing to HIPAA as the basis for their retaliation or wrongful discharge claims. See, e.g.,  Retaliation For Filing HIPAA Complaint Recognized As Basis For State Retaliatory Discharge Claim.  Coupled with the HITECH Act changes, these and other enforcement actions signal growing potential hazards for Covered Entities and their business associates that  fail to properly manage their HIPAA compliance obligations and risks.

Given these and other developments, Covered Entities and their business associates generally should resist the temptation to underestimate their potential HIPAA exposure for a variety of reasons.  In fact, a number of factors demonstrate that the risks are significant and growing for Covered Entities, business associates and others that breach HIPAA’s mandates or otherwise inappropriately access protected health information. 

Covered Entities & Business Associates Urged To Act Promptly To Manage Expanded HIPAA Risks & Obligations

As a consequence of these collective HITECH Act changes and growing HIPAA-related and other exposures, Covered Entities, their business associates and business associates generally will find it necessary or advisable among other things to:

  • Conduct well-documented due diligence within the scope of attorney-client privilege on their own practices and procedures;
  • Review the adequacy of the practices, policies and procedures of the Covered Entities, business associates, and others that may come into contact with protected health information;;
  • Renegotiate their service provider agreements to detail the specific compliance obligations of each party relating to for auditing compliance, investigating potential breaches; providing required breach notifications; specify leadership and required cooperation in the event of a breach, charge, or other concern; indemnification and other liability allocations; and other related matters;
  • Update policies, privacy and other notices, practices, procedures, training and other practices as needed to promote compliance and defensibility;
  • Conduct well-documented training as necessary to ensure that business associates and other members of the Covered Entity’s workforce understand and are prepared to comply with the expanded requirements of HIPAA, can detect potential breaches or other compliance concerns, and understand and are prepared to follow appropriate procedures for reported suspected violations; and
  • Pursue appropriate liability and other protection as appropriate to improve their ability to demonstrate both their commitment to compliance and their realistic efforts to ensure that these commitments are both appropriately documented on paper and operationalized in performance.

As part of these compliance and risk management efforts, most Covered Entities and their business associates will find it advisable to devote significant attention to the business associate relationship and its associated business associate agreements. Proper management of the expanded compliance obligations and liability exposures created by the HITECH Act generally will necessitate that Covered Entities and their business associates focus significant attention on the reworking of their operating and contractual relationships including the definition of detailed procedures for monitoring, reporting, investigating, and resolving potential breaches or other compliance concerns.

Even before the impending HIPAA changes scheduled to take effect on February 17, 2010, a strong need for more detailed contracting and planning of these relationships already existed. Since the enactment of HIPAA, the practice of many Covered Entities and their business associates of appending generic “business associate” representations onto existing services contracts without specific tailoring and planning has created undesirable ambiguities in these agreements. Further updating and tailoring of these and other provisions of services agreements has become even more important over the past year in light of the new breach notification mandates that took effect under the HITECH Act in September, 2009, changes to HIPAA’s civil and criminal sanctions that took effect on February 17, 2009, and the impending extension by the HITECH Act to business associates of direct liability for compliance with HIPAA scheduled to occur on February 17, 2010.

These and other stepped up oversight and enforcement activities make it critical that all Covered Entities and their business associates update their policies and practices, conduct training, tighten their compliance and data breach monitoring processes, strengthen their internal controls and documentation, and take other steps to prepare to defend their actions under the newly strengthened Privacy Rules.  Covered Entities and their business associates more than ever must ensure their ability to demonstrate to federal regulators the effectiveness of their HIPAA compliance efforts by both adopting the written policies and procedures required by HIPAA and continuously monitoring and administering these safeguards.  Covered Entities should consider reviewing the adequacy of their current HIPAA Privacy and Security compliance practices taking into consideration the Corrective Action Plan, published OCR noncompliance and enforcement statistics, their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

For Assistance With Compliance Or Other Concerns

If your organization need advice or assistance in reviewing, updating, administering or defending its HIPAA or other privacy policies, practices, business associate or other agreements, notices or other related activities, consider contacting the author of this article, Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer at (214) 270-2402 or via e-mail  here

Ms. Stamer is nationally known for her work, training and presentations, and publications on privacy and security of health and other sensitive information in health and managed care, employment, employee benefits, financial services, education and other contexts. 

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 22 years experience advising clients about health and other privacy and security matters.  A popular lecturer and widely published author on privacy and data security and other related health care and health plan matters, Ms. Stamer is the Editor in Chief of the forthcoming 2010 edition of the Information Security Guide to be published by the American Bar Association Information Security Committee in 2010, as well as the author of “Protecting & Using Patient Data In Disease Management: Opportunities, Liabilities And Prescriptions,” “Privacy Invasions of Medical Care-An Emerging Perspective,” “Cybercrime and Identity Theft: Health Information Security Beyond HIPAA,” and a host of other highly regarded publications. She has continuously advises employers, health care providers, health insurers and administrators, health plan sponsors, employee benefit plan fiduciaries, schools, financial services providers, governments and others about privacy and data security, health care, insurance, human resources, technology, and other legal and operational concerns. Ms. Stamer also publishes and speaks extensively on health and managed care industry privacy, data security and other technology, regulatory and operational risk management matters.  Her insights on health care, health insurance, human resources and related matters appear in the Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Managed Healthcare, Health Leaders, and a many other national and local publications.  For additional information about Ms. Stamer, her experience, involvements, programs or publications, see here.  

Other Recent Developments

If you found this information of interest, you also may be interested in information about upcoming programs to be presented by Ms. Stamer, acquiring a copy of a recording or materials from previous programs she has presented, or arranging training for your organization.  For more information about these opportunities, contact Ms. Stamer directly.

If you found this information of interest, you also may be interested in reviewing some of the following recent Updates available online by clicking on the article title:

Curran Tomko Tarski LLP Can Help

If your organization need advice or assistance in reviewing, updating, administering or defending its HIPAA or other privacy policies, practices, business associate or other agreements, notices or other related activities, consider contacting Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer.

A widely published author and speaker on HIPAA and other employee benefit and human resources related matters, Ms. Stamer has extensive experience advising health plans, their employer and other sponsors, health insurers, TPAs and other business associates and others about HIPAA and other health plan and privacy matters. Currently serving as both Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and as an ABA Joint Committee on Employee Benefits Council representative and Former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer has more than 23 years experience assisting employers, insurers, plan administrators and fiduciaries and others to design, implement, draft and administer health and other employee benefit plans and to defend audits, litigation or other disputes by private parties, the IRS, Department of Labor, Office of Civil Rights, Medicare, state insurance regulators and other federal and state regulators. A nationally recognized author and lecturer, Ms. Stamer also speaks and writes extensively on these and other related matters. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.   For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

Other Information & Resources

We hope that this information is useful to you. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information here or registering to participate in the distribution of our Solutions Law Press HR & Benefits Update distributions here.  Examples of other recent updates that may be of interest include:

For important information concerning this communication click here.   If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject here.

 

©2010 Cynthia Marcotte Stamer. All rights reserved.


Stamer To Present “2010 Health Plan Checkup” At Annual DFW ISCEBS Employee Benefits Fundamentals Workshop

February 22, 2010

 

Cynthia Marcotte Stamer will discuss the latest changes and requirements affecting employer sponsored group health plans, their sponsors, fiduciaries, insurers and vendors during her presentation titled “2010 Health Plan Checkup” at the Dallas/Fort Worth ISCEBS Annual Fundamentals Workshop currently scheduled for May 13, 2010 in Dallas. 

With Congress and federal regulators turning up the heat on health care, keeping up to date with the latest developments is both critical and increasingly challenging for employers, their employee benefits and human resources staff, and the fiduciaries, insurers, administrators and others dealing with health plan design and administration. Coming as U.S. employers continue to struggle to provide health benefits in the face of skyrocketing health benefit costs, tighter health plan medical privacy, nondiscrimination, mental health and other benefit mandates, and a host of other tighter new federal regulations impacting employment-based health plans and their sponsoring businesses, fiduciaries and administrators increasingly are forcing U.S. business leaders to make appropriate health plan cost and compliance management a key management priority. Ms. Stamer will discuss key developments, highlight new developments on the horizon, and provide tips to participants for monitoring and responding to these and other developments.  To register or for additional information, contact the Dallas/Fort Worth ISCEBS here.

Nationally recognized for her more than 22 years of work on managed care and other health and other employee benefits, human resources, insurance, and health care matters, Ms. Stamer assists employee benefit plans, their sponsoring employers, fiduciaries, insurers, administrators and others to monitor and respond to evolving legal and operational requirements and to design, administer, document and defend managed care and other medical benefit programs and practices. She also regularly advises and assists these and other clients to monitor and respond to evolving legislation, regulations, enforcement activities by federal and state regulators, evolving product and market changes, and private litigation and other disputes.  Past Chair of the American Bar Association (ABA) Health Law Section Managed Care & Insurance Interest Group and the Current Chair of the ABA RPTE Employee Benefits & Compensation Committee, an ABA Joint Committee on Employee Benefits Council member, Chair of the Curran Tomko Tarski Labor, Employment & Employee Benefits Practice and Board Certified in Labor & Employment Law, Ms. Stamer also is a widely published author and highly regarded speaker on these and other employee benefit and human resources matters.  Some other recent updates on these topics recently published by Ms. Stamer include :

For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.   For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

If you need assistance with these or other compliance concerns, wish to inquire about federal or state regulatory compliance audits, risk management or training, assistance investigating or responding to a known or suspected compliance or risk management concern, or need legal representation on other matters please contact the author of this update, Cynthia Marcotte Stamer, CTT Labor & Employment Practice Chair at cstamer@cttlegal.com, 214.270.2402; or your other preferred Curran Tomko Tarski LLP attorney.

You can review other recent human resources, employee benefits and internal controls publications and resources and additional information about the employment, employee benefits and other experience of Ms. Stamer here and learn more about  other Curran Tomko Tarski LLP attorneys here. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information to Cstamer@CTTLegal.com or registering to participate in the distribution of these and other updates on our Solutions Law Press distributions here. For important information concerning this communication click here.    If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2010 Cynthia Marcotte Stamer. All rights reserved.


Health Plan Liability Heats Up As Plans & Businesses Face New Obligations, Costs & Exposures under New HIPAA Privacy Rules Effective 2/17 & Other Expanding Federal Health Plan Mandates

February 17, 2010

Today (February 17, 2010), employer and other health plans and health insurers (“covered entities”) and service providers performing functions on behalf of these entities (“business associates”) must begin complying with tighter federal requirements for the use, access, protection and disclosure of protected health information under Privacy & Security Standards of the Health Insurance Portability & Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH Act). Coming as U.S. employers continue to struggle to provide health benefits in the face of skyrocketing health benefit costs, these and other new federal regulations impacting employment-based health plans and their sponsoring businesses, fiduciaries and administrators are forcing U.S. business leaders to make appropriate health plan cost and compliance management a key management priority.

2/17/10 & Other HIPAA Privacy Rule Changes Require Prompt Attention

The HIPAA Privacy Rule changes scheduled to take effect February 17, 2010 are likely to require that health plans and their business associates update their written policies, operational procedures, privacy notices and business associate agreements in several respects.

While the HITECH Act gave covered entities and business associates a year to complete the necessary arrangements to comply with these impending HITECH Act changes, many health plans and business associates have not completed the necessary arrangements despite expanding liability exposures that can result from noncompliance. To mitigate these exposures, covered entities and their business associates should act quickly both to update their services agreements, plans and policies, practices, and procedures, and to implement the training, oversight, and other management procedures necessary to comply with the HITECH Act changes and to mitigate other HIPAA risks.

The risks of noncompliance for health plans, business associates and others mishandling protected health information are real and growing. Wrongful use, access or disclosure of protected health information in violation of HIPAA subjects participating health plans, health care providers, health care clearinghouses, their business associates and other workforce members and others to civil penalties,  criminal prosecution and, since February 17, 2009, civil lawsuits brought by state attorneys general on behalf of citizens of their states whose HIPAA rights were violated.  Since September 23, 2009, health plans and other HIPAA covered entities as well as their  business associates also became obligated to provide breach notification under new mandates imposed by the HITECH Act. 

In addition to these HIPAA-specific exposures, wrongful use, access or disclosure of medical information also can give rise to liability for health plans and other covered entities, business associates, employees and other members of their workforce and others improperly using, accessing or disclosing protected health information.  Federal and state prosecutions may and increasingly do criminally prosecute individuals for improperly accessing or using medical or other personal information under a variety of other federal or state laws .  See e.g., Cybercrime & Identity Theft:Health Information Security Beyond HIPAA; NY AG Cuomo Annoucment of 1st Settlement For Violation of NY Security Breach Notification Law; Woman Who Revealed AIDs Info Gets A Year.  Additionally, State courts also increasingly are permitting individuals harmed by HIPAA violations to use HIPAA as the foundation of state law duties used to maintain state negligence, invasion of privacy, retaliation or other claims for damages. Read more here

To manage these and other HIPAA-related risks, sponsoring employers, fiduciaries, administrators, insurers and their vendors should begin with carefully and timely reviewing and updating existing plan documents, vendor agreements, privacy notices and other communications and associated practices and policies.  The focus of these efforts definitely should seek both to adopt the specific technical changes necessary to make the health plans and their contracts technically comply on paper with these and other HIPAA mandates, and to tailor these documents, communications and practices promote operational compliance and minimize exposure to associated risks.  In relation to these efforts, sponsoring employers, insurers, fiduciaries and administrators also should ensure that required certifications from employers and other plan sponsors, representations from business associates, training and other compliance conditions are properly in place.  In this respect, employers sponsoring health plans should not overlook the potential need to adopt appropriate policies and implement needed training and safeguards to enable the health plan and the employer demonstrate, if necessary that HIPAA’s requirements for sharing protected health information with members of the employer’s workforce for plan administration, underwriting or certain other purposes have been satisfied.

Other Health Plan Updates Also Required

The HIPAA Privacy Rule changes effective today are only part of the ever-growing list of federal mandates that group health plan sponsors, fiduciaries, insurers, administrators and service providers need to be concerned about.  In addition to the new HIPAA Privacy Rule requirements taking effect today, health plans, their sponsors, administrators, fiduciaries, insurers, business associates and other service providers face a host of other new federal health plan and privacy mandates that have taken effect over the past year, and will become subject to additional mandates in upcoming months.  Consequently, while focusing on HIPAA compliance, health plans, their employer or other sponsors, insurers, fiduciaries, administrators and service providers also should not overlook the need to review and update their health plans in response to a host of other changes in federal health plan mandates.

In addition to otherwise applicable civil damage awards and civil penalty exposures that can result from violations of these requirements, new Internal Revenue Service regulations that took effect January 1, 2010 also require that employers, health plans or others self-report violations of certain of these requirements and self assess and pay resulting excise taxes arising under the Internal Revenue Code.  See, e.g., COBRA, HIPAA, GINA, Mental Health Parity or Other Group Health Plan Rule Violations Trigger New Excise Tax Self-Assessment & Reporting Obligations

The highly volatile health plan regulatory environment makes it likely that many health plans are not appropriately updated to comply with these and other federal requirements. In recent months, health plans, their employer or other sponsors, administrators and others also have become obligated to comply with a host of other expanded federal health plan rules and requirements. See e.g., New Mental Health Parity Regulations Require Health Plan Review & Updates; New Labor Department Rule Allows Employers 7 Days To Deliver Employee Contributions To Employee Benefit Plans; Newly Extended COBRA Subsidy Rules Require Employers, Administrators Send Required Notices & Update Health Plan Documents & Procedures Quickly;  Employer & Other Health Plans & Other HIPAA-Covered Entities & Their Business Associates Must Comply With New HHS Health Information Data Breach Rules By September 23.

These and other developments make it imperative that health plans, their employer or other  sponsors, administrators, insurers, fiduciaries and service providers get serious about complying with these and other federal health plan mandates and managing health plan related liabilities and costs. Sponsors, insurers, fiduciaries and administrators should ensure that health plan documents, insurance and other vendor contracts, policies, procedures and communications are timely updated to comply with these and other emerging mandates.  When implementing these updates, parties concerned about costs or liabilities also should exercise care to ensure that plan documents, communications, contracts, administrative forms and procedures are optimally designed and drafted not only to be technically compliant, but also to support the enforceability of plan design and cost expectations, minimize administrative and other avoidable costs, and minimize liability exposures.  In furtherance of these efforts, employer and other plan sponsors also should consider tightening their practices and requirements for credentialing, selection, oversight and contracting with administrators and vendors, and take other prudent steps to manage health plan related risks.

Curran Tomko Tarski LLP Can Help

If your organization need advice or assistance in reviewing, updating, administering or defending its HIPAA or other privacy policies, practices, business associate or other agreements, notices or other related activities, consider contacting Curran Tomko Tarski LLP Partner Cynthia Marcotte Stamer.

A widely published author and speaker on HIPAA and other employee benefit and human resources related matters, Ms. Stamer has extensive experience advising health plans, their employer and other sponsors, health insurers, TPAs and other business associates and others about HIPAA and other health plan and privacy matters. Currently serving as both Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Group and as an ABA Joint Committee on Employee Benefits Council representative and Former Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer has more than 23 years experience assisting employers, insurers, plan administrators and fiduciaries and others to design, implement, draft and administer health and other employee benefit plans and to defend audits, litigation or other disputes by private parties, the IRS, Department of Labor, Office of Civil Rights, Medicare, state insurance regulators and other federal and state regulators. A nationally recognized author and lecturer, Ms. Stamer also speaks and writes extensively on these and other related matters. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.   For additional information about the experience and services of Ms. Stamer and other members of the Curran Tomko Tarksi LLP team, see here.

Other Information & Resources

We hope that this information is useful to you. If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here or e-mailing this information here or registering to participate in the distribution of our Solutions Law Press HR & Benefits Update distributions here.  Examples of other recent updates that may be of interest include:

For important information concerning this communication click here.   

 ©2010 Cynthia Marcotte Stamer. All rights reserved.