The notices can be found here:

http://www.dol.gov/ebsa/COBRAmodelnotice.html

With all of the other changes made by House Bill 2325, many employers have not realized the importance of this change.  This change is effective for all group plans subject to the continuation laws that are issued, delivered, amended or renewed after June 18, 2009.

This means that if an employer renews its policy after June 18, 2009, all individuals currently receiving state continuation coverage would be entitle to an additional 3 months of coverage, regardless of the date the individual first elected state continuation coverage .

All employers should be aware of this change and update their current procedures to accolade this change.  Additionally, employers should notify all employees and all former employees who are subject to the extension of this new length of continuation coverage.

The letter indicates an employer’s requirement that employees participate in a health risk assessment in order to obtain coverage under the employer’s self-funded health plan violates the ADA.  The circumstances that the EEOC official assessed were where the employer had employees take an assessment that involved answering a short health-related questionnaire, taking a blood pressure test, and providing blood for use in a blood panel screen.  Information from the assessment went directly and exclusively to the employee, and the employer received only aggregate information.  Employees who declined to participate in the assessment and their family members became ineligible for coverage under the health plan.

The ADA requires disability-related questions or medical examinations to be job-related and consistent with necessity or, part of a voluntary wellness program.  The EEOC stated that in the above instance, the HRA was neither job-related nor consistent with necessity.  As part of a wellness plan, refusing to participate in an HRA would penalize an employee, violating ADA.

However, the letter did reaffirm that disability-related inquiries and medical examinations are permitted as part of a voluntary wellness program, and that a wellness program is voluntary if employees are neither required to participate nor penalized for non-participation.  In the case the EEOC considered, employees were both required to participate and were penalized for non-participation.  The opinion letter may be found here.

This is important guidance in clarifying what an employer can and cannot do with regarding to its wellness efforts.  Please contact us if you have any questions or need more information on this letter or other wellness guidance.

The letter indicates an employer’s requirement that employees participate in a health risk assessment in order to obtain coverage under the employer’s self-funded health plan violates the ADA.  The circumstances that the EEOC official assessed were where the employer had employees take an assessment that involved answering a short health-related questionnaire, taking a blood pressure test, and providing blood for use in a blood panel screen.  Information from the assessment went directly and exclusively to the employee, and the employer received only aggregate information.  Employees who declined to participate in the assessment and their family members became ineligible for coverage under the health plan.

The ADA requires disability-related questions or medical examinations to be job-related and consistent with necessity or, part of a voluntary wellness program.  The EEOC stated that in the above instance, the HRA was neither job-related nor consistent with necessity.  As part of a wellness plan, refusing to participate in an HRA would penalize an employee, violating ADA.

However, the letter did reaffirm that disability-related inquiries and medical examinations are permitted as part of a voluntary wellness program, and that a wellness program is voluntary if employees are neither required to participate nor penalized for non-participation.  In the case the EEOC considered, employees were both required to participate and were penalized for non-participation.  The opinion letter may be found here.

This is important guidance in clarifying what an employer can and cannot do with regarding to its wellness efforts.  Please contact us if you have any questions or need more information on this letter or other wellness guidance.

Numerous changes and updates were made to the existing I-9 form.  Some of the most noteworthy changes include:

• Expired documents are no longer acceptable for Form I-9 purposes. Employers may no longer accept expired U.S. passports or List B documents as proof of identity and/or employment authorization.
• The Section 1 status boxes now include separate selections for U.S. nationals and U.S. citizens. Prior to this update, Form I-9 grouped U.S. nationals and U.S. citizens into one category. The new form now separates these individuals into separate categories. U.S. nationals are individuals born in American Samoa, certain former citizens of former Trust Territory of the Pacific Islands, and certain children of U.S. nationals born abroad.
• Certain List A identity and authorization documentations have been eliminated. Forms I-688 (Temporary Resident Card), I-688A (Employment Authorization Card) and I-688B (Employment Authorization Card) have been eliminated from List A. These Forms are older employment authorization documents and are no longer issued.
• Valid passports for certain individuals have been added to the List A evidence of identity and employment authorization. The final regulations add valid passports for citizens of the Federated States of Micronesia (FSM) and the Republic of the Marshall Islands (RMI), as well as Form I-94 and Form I-94A nonimmigrant admission under the Compact of Free Association between the U.S. and the FSM or RMI to the List A documents to prove identity and employment authorization.
• Foreign passports containing certain machine-readable immigrant visas have been added to the List A evidence of identity and employment authorization. A temporary I-551 printed notation on a machine-readable immigrant visa in addition to the foreign passport with a temporary I-551 stamp has been added to the List of Acceptable Documents on List A.

The current Form I-9, dated 06/05/07 will no longer be valid for use on or after April 3, 2009.  The revised I-9 form can be found at: http://www.uscis.gov/files/form/i-9.pdf.

Please contact our office for more information about compliance with the new Form I-9 requirements or for any other employment or employee benefits matter.

The new law gives provides for added flexibility in order to cover children whose annual family income exceeds 200% of the federal poverty level ($22,050 for a family of four in 2009).  In addition to the income changes, the new law also includes a provision allowing legal aliens to participate in CHIP.  These changes will result in up to 4 million additional children being covered by CHIP.

In order to encourage more cost-effective coverage of CHIP-eligible individuals, the new law permits (but does not require) states to provide premium assistance to qualifying children (and, in some cases, their employed parents) to help pay employer group health plan premiums.  It is unknown how many states will adopt such a program or when the programs will be operational.  According to a recent Kaiser Family Foundation study, currently six states have state assistance programs – Florida, Idaho, Illinois, Oregon, Utah, and Virginia.

Qualified Coverage

CHIP applies to “qualified employer-sponsored coverage”, which is defined as group health plan or health insurance coverage offered through the employer which meets the following requirements:

• The coverage must be “creditable coverage” for Health Insurance Portability and Accountability Act (HIPAA) purposes;
• The employer contribution toward the cost of any premium for the coverage must be at least 40%; and
• The coverage must be available to individuals in a manner that would be considered to be a nondiscriminatory group for eligibility purposes under Internal Revenue Code’s Section 105(h) rules.

Qualified employer-sponsored coverage does not include:

• A health flexible spending arrangement (such as a Health Flexible Spending Account or a Medical Reimbursement Account); or
• A high deductible health plan (for Health Savings Account purposes).

Premium Assistance

The permitted premium assistance available for employers to offer to qualifying children is the incremental difference in cost to the employee between the cost of enrolling only the employee under the employer sponsored coverage and the cost of enrolling the employee and the low-income child under the employer-sponsored coverage.  If premium assistance is also provided to the parent of a low-income child, the amount of the subsidy is increased to take into account the cost of enrollment of the parent (or the family, if allowed by the state) in the employer-sponsored coverage.  A state is allowed to provide the premium assistance subsidy either as a direct reimbursement to an employee for out-of-pocket expenditures, or as a reimbursement to the employee’s employer.

Under the new law, employers are allowed to opt-out of being reimbursed for the premium subsidy.  If an employer chooses to opt-out, the employer is effectively removed from the subsidy process, and the state will then make its reimbursement for the subsidy directly to the employee.  This opt-out option will allow the employer to continue to withhold the full amount of the employee contribution required for coverage of the employee and the low-income child under the employer’s group health plan.

Special Enrollment Period

The new law also creates a new HIPAA special enrollment period to allow employees and dependents to enroll in an employer group health plan when they either lose Medicaid or CHIP eligibility or first become eligible for state premium assistance.  Employers will have to notify employees of the availability of state premium assistance and respond to state agency requests for information about an employee’s or a family member’s plan coverage.  The special enrollment provisions take effect April 1, 2009.  However, the premium assistance notice and disclosure provisions won’t be effective until model notices and forms are issued.

Under existing HIPAA rules, most group health plans (whether insured or self-insured) are required to allow employees to enroll themselves and certain family members in employer plan coverage under certain circumstances (such as loss of other coverage or adding dependents due to marriage, birth, adoption or placement for adoption).  Group health plans must notify employees of these special enrollment rights either before or at the time of enrollment in the plan.

The expanded CHIP law gives employees and their dependents who are eligible for but not enrolled in an employer group health plan a special enrollment period if either of two events occurs:

• They lose Medicaid or CHIP coverage because they are no longer eligible, or
• They become eligible for a state’s premium assistance program.

Unlike the existing HIPAA special enrollment rights, which allow a 30-day enrollment period after a qualifying event, under the new CHIP requirements, employees have 60 days from the date of the Medicaid/CHIP event to request enrollment in the employer’s group health plan.  In order to qualify for this midyear enrollment right, individuals must experience a Medicaid/CHIP qualifying event and provide the plan timely notice of the event and an enrollment request.

Current HIPAA rules require plans to provide notice of employees’ special enrollment rights at or before the time they can enroll in the plan.  CHIP does not address how or when employers should provide notice of the new special enrollment rights.  However, because the new Medicaid/CHIP qualifying event amends the HIPAA special enrollment provisions, it is believed that employers must revise their current notices of special enrollment to describe the new Medicaid/CHIP provisions – including the 60-day period to request enrollment.  At the very least, employers should include updated notices in enrollment materials for newly eligible employees beginning on April 1, 2009.  Additionally, employers may wish to notify all employees about their new special enrollment rights on or before the provision’s April 1, 2009 effective date.

Many employers that sponsor group health plans offer Section 125 cafeteria plans.  Under current cafeteria plan rules for electing benefits paid with pretax contributions, plans may allow employees to make midyear elections if they (or their family members) experience certain life events or status changes, such as gaining or losing Medicare or Medicaid eligibility or losing CHIP coverage.  Cafeteria plan rules also permit midyear elections for events triggering any mandated HIPAA special enrollment right, which will now include Medicaid/CHIP triggering events.

However, in contrast to the mandatory special enrollment period triggered by HIPAA-specified events, midyear cafeteria plan elections are completely optional – employers may choose to include some, all or none of the IRS-approved status change events in their cafeteria plans.  Therefore, an employee could have a HIPAA special enrollment right to join an employer’s health plan, but unless the employer’s cafeteria plan recognizes eligibility for HIPAA special enrollment as a status change allowing midyear elections, the employee will have to pay for health coverage using after-tax contributions.  Employers that already include HIPAA special enrollment events as grounds to permit midyear cafeteria plan elections may need to update their existing documentation and communication materials to make the scope of these events clear.  Employers that do not currently allow employees to make midyear pretax election changes for HIPAA special enrollments may want to consider adding them now.

Employer Notice and Disclosure Obligations

CHIP requires employers to notify employees about the availability of state premium assistance.  Additionally, employers must respond to any requests from state agencies about the group health plan coverage provided to specific employees and family members.  However, it appears that neither of these requirements is immediately effective.

The Departments of Labor and Health and Human Services must jointly develop and issue model national and state-specific notices within one year of CHIP’s enactment (February 4, 2009) for employers’ use.  Employers must provide the notice to employees starting with the first plan year beginning on or after the date the model notices are issued in final form.  Once the notice obligations become effective, employers may include these notices when distributing certain other benefits information to employees, such as:

• Plan materials informing employees that they are eligible for group health plan coverage;
• Annual open enrollment materials; and
• Summary plan descriptions (SPDs).

Under the new law, employers will be required to respond to state agency requests for information about an employee’s or a family member’s plan coverage.  There is currently no deadline for when the model form for such responses will be issued.  However, once the model form is issued, employers must use it for any state agency requests in the first plan year starting on or after the issue date of the model form.

Once issued, the model form will require the following information from the group health plan:

• Employee/dependent eligibility for group health plan coverage;
• The plan administrator’s name and contact information;
• A description of the plan’s benefits;
• Premiums and cost-sharing amounts for plan coverage; and
• Other relevant plan information.

Unfortunately, the law does not address how employers should respond to state requests for information prior to the model form being issued.

Penalties

CHIP does provide for non-compliance penalties.  Employers that fail to provide the required employee notice may be subject to a penalty of $100 per day for each violation.  Each employee who does not receive the notice is considered a separate violation.  Additionally, plan administrators that do not respond to state information requests face similar penalty assessments.

Next Steps for Employers

Because the new Medicaid/CHIP special enrollment right’s effective date is just around the corner, employers need to take several steps immediately.

1.    Confirm with vendors that qualifying employees and family members will be able to enroll in group health plans.

2.    Revise existing HIPAA special enrollment rights notices to include Medicaid/CHIP triggering events by the April 1, 2009 effective date.

3.    Revise any other employee communications that describe HIPAA special enrollment rights (such as SPDs and open enrollment materials).

4.    Amend cafeteria plan documents as necessary to reflect the new Medicaid/CHIP special enrollment right and the 60-day period to request plan enrollment.

5.    Establish procedures to respond to state requests for information about coverage provided to specific employees and family members.

Please contact our office for more information or to speak with benefits counsel about the new Medicaid/CHIP law and its impact on your business.

The legislative changes that affect HIPAA create many new requirements, enforcement provisions and penalties for covered entities, business associates, vendors and others.  Many changes are focused on HIPAA’s privacy and security requirements and will require businesses to change the way they currently do business.  There are significant changes to all Covered Entities (defined under HIPAA as health care providers that conduct certain electronic transactions, health care clearinghouses, and health plans), but are most challenging for Business Associates (individuals or corporate persons that perform ANY function or activity involving the use of Protected Health Information (PHI), who now face a host of new requirements.

Business Associates Required to Comply with HIPAA Privacy and Security Rules

Under HIPAA, Business Associates were not directly regulated and were not subject to HIPAA’s penalty provisions.  Because HIPAA only required a contract between the Business Associate and the HIPAA-covered entity, the only sanctions Business Associates faced for failure to protect health information was a breach of contract claim.  However, ARRA makes significant changes to the way Business Associates are treated under HIPAA.

ARRA specifies that any entity that engages in health information exchanges or provides data transmission of PHI (including Personal Health Record (PHR) vendors and health information exchanges) is considered a Business Associate.  As such, these entities must enter into a business associate contract with the covered entity and will be subject to ARRA’s civil and criminal penalty provisions.

Additionally, ARRA requires that the administrative, physical and technical safeguards and the policy, procedure and documentation requirements of HIPAA’s security rule apply to Business Associates of a covered entity in the same manner as they apply to the covered entity.  These additional requirements must be incorporated into Business Associate contracts and agreements and include notification provisions for a breach and the application of ARRA’s criminal and civil penalties.   With regard to HIPAA’s privacy rules, Business Associates are prohibited from using or disclosing any PHI in a manner which is not in compliance with the Business Associate contract or agreement required terms under HIPAA.  These changes become effective February 17, 2010 (one year after the enactment of ARRA).

Notice to Individuals of Privacy and Security Breaches

ARRA also imposes certain notification requirements on covered entities and Business Associates in the event of a breach of “unsecured protected health information.”  A breach is defined as “the unauthorized acquisition, access, use, or disclosure of protected health information which comprises the security or privacy of such information, except where an authorized person to whom such information is disclosed would not reasonably have been able to retain such information”.  Unsecured protected health information is defined as protected health information that the covered entity or Business Associate has not secured via standards approved by the Secretary of Health and Human Services (Secretary). 

Generally, the notification of a breach must be provided “without unreasonable delay”, but in no case later than 60 days after the discovery of the breach or when the breach should reasonably have been discovered.  Since the 60 days is the outer limit for notification, if the full 60 day window is used, the covered entity or Business Associate involved in the breach must be prepared to justify their reasons for not providing notification of the breach sooner.  However, notice of a breach may be delayed provided that notification would hinder a criminal investigation and/or injure national security (as determined by a law enforcement official).

For Business Associates that discover a breach, the Business Associate must notify the covered entity of the breach or potential breach and the identify of all individuals affected or potentially affected.  For covered entities, notification must be made to individuals whose unsecured protected health information has been accessed, acquired or disclosed or is reasonably believed to have been accessed, acquired or disclosed as a result of a security or privacy breach.  In general, notification to affected individuals must be sent via first class mail.  However, where a breach involves 10 or more individuals whose contact information is out-of-date or deficient, notification must be posted to the covered entity’s website or published in major print or broadcast media. For a breach that involves 500 or more individuals, the covered entity involved in the breach must also give notice to prominent media outlets in the applicable jurisdiction or state.

Notice of all breaches must be provided to the Secretary.  If the breach affects 500 or more individuals, the covered entity involved in the breach must immediately notify the Secretary.  For breaches that affect less than 500 individuals, the covered entity involved in the breach may notify the Secretary of any breaches on an annual basis.

To the extent possible, all notices must contain:

A brief description of what happened, including the date of the breach and the date of the discovery of the breach (if known);

• A description of the types of unsecured protected health information involved in the breach (e.g., social security number, date of birth);
•  The steps individuals should take to protect themselves from potential harm as a result of the breach;
•  A brief description of what the entity involved is doing to investigate the breach, to mitigate losses and to protect against further breaches; and
•  Contact procedures for individuals to ask questions or receive additional information, including a toll-free telephone number and an e-mail address, web site or postal address.

Expansion of Accounting of Disclosures

ARRA changes the existing limitations on accounting for disclosures of health information to individuals who request the disclosure.  If a covered entity uses or maintains an Electronic Health Record (EHR), then individuals will be allowed to receive an accounting of the disclosures of PHI for treatment, payment and health care operations made from the EHR.  The period of mandated disclosure is limited to the 3 year period prior to the individual’s request.  A reasonable fee may be charged to the requesting individual, provided the fee is not greater than the labor costs involved in complying with the request.

The Secretary is required to adopted regulations that specify the information to be contained in the accountings within 6 months of ARRA’s enactment.  Covered entities that began using EHR prior to January 1, 2009 will be required to provide the accounting upon request effective January 1, 2014.  Covered entities that begin using EHR after January 1, 2009 will be required to provide the accounting upon request effective January 1, 2011.

Clarification of and Limits on Marketing and Fundraising

ARRA clarifies that marketing communications are not health care operations unless the communications:

• Describes a health-related product or service that is provided by, or included in a plan of benefits of, the communicating covered entity;
•  Is made for the treatment of the individual; or
•  Is made for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health care providers or settings of care to the individual.

ARRA also limits the ability of a covered entity to receive remuneration for making non-marketing communications except for communications describing only a drug or biologic that is currently being prescribed for the individual receiving the communication, and any payment received by the covered entity in exchange for making the communication is reasonable (as defined by the Secretary), provided that:

• The communication is made by the covered entity and the covered entity has a valid authorization from the individual receiving the communication, or
• The communication is made by a Business Associate on behalf of the covered entity and the communication is consistent with the Business Associate contract or agreement between the covered entity and the Business Associate.

Individuals must be allowed to elect not to receive any fundraising communications, and must be allowed to “opt out” of having their information used by a covered entity for the purpose of fundraising.

Sale of Protected Health Information

Under ARRA, a covered entity or Business Associate is prohibited from directly or indirectly receiving payment in exchange for any protected health information unless the covered entity or Business Associate acquired a valid authorization from the individual.  The authorization must include the specification that the PHI may be sold or exchanged for remuneration.  Exceptions to this provision are made for:

• Public health activities;
• Research activities (provided the price reflects the reasonable costs related to the preparation and transmittal of data for such purposes);
• Treatment of an individual;
• The sale, transfer, merger or consolidation of a covered entity;
• Certain Business Associate agreements where a covered entity provides remuneration to a Business Associate;
• A request by an individual for a copy of that individual’s PHI; and
• As otherwise allowed by the Secretary.

The Secretary must issue final regulations within 18 months of ARRA’s final enactment date and the prohibitions are effective 6 months after the issuance of the final regulations.

Notification Provisions Apply to Other Personal Health Record Vendors

ARRA extends its notification provisions to vendors of PHRs and their service providers should the vendor or service provider experience a breach of security or privacy, regardless of whether the vendor or service provider is considered a covered entity.  In the instance of a breach of privacy or security of PHI, PHR vendors and their service providers are required to notify each affected individual who is a U.S. Citizen or resident of the U.S. as well as the Federal Trade Commission.  Failure to provide the required notice will be deemed as an unfair and deceptive trade practice or act under the Federal Trade Commissions Act.

Because PHR vendors are not covered by HIPAA, ARRA requires that the Federal Trade Commission issue interim final regulations which will provide guidance for PHR vendors on the requirements for breaches of PHI.

Mandatory Restrictions on Disclosure of PHI when Requested by Individuals

Under ARRA, individuals are given the right to restrict the disclosure of PHI related to treatment, payment and health care operations provided:

• The restriction relates to disclosure for purposes of payment or health care operations;
• The restriction does not relate to disclosure for purposes of treatment; and
•  The PHI relates only to an item or service for which the provider has already received payment in full.

Right of Individuals to Receive Electronic Records

If a covered entity maintains EHRs that contain PHI, ARRA provides individuals with the right to obtain a copy of their records in an electronic format or to request that the record be transmitted to a third party.  The covered entity may not charge the individual requesting the copies more than the total cost of labor incurred by the entity in transmitting the copies.

Clarification of the Minimum Necessary Standard

Pending additional guidance from the Secretary, a covered entity will be considered to be in compliance with the minimum necessary standard if, to the extent possible, the covered entity limits the disclosure to a limited data set or to the minimum data necessary to accomplish the intended purpose of the disclosure or use of the information.  The Secretary is required to issue guidance within 18 months of ARRA’s enactment.

Increase Use of De-Identifed Information

ARRA requires the Secretary to issue guidance on how covered entities can comply with requirements related to the use of de-identified PHI.  Such guidance must be issued within 1 year of ARRA’s enactment.

Enforcement and Penalties

ARRA authorizes the Secretary to conduct periodic audits of covered entities and Business Associates to ensure compliance with HIPAA and ARRA requirement.  The Secretary is also authorized to utilize civil enforcement provisions even if the action in question violated the criminal provisions, provided no criminal conviction is associated with the conduct.

The Secretary is required to impose civil penalties if a violation is due to willful neglect and to formally investigate any complaint if a preliminary investigation indicates the potential of violation due to willful neglect.  For cases involving violations where the individual did not know of the violation or where the individual would not have known of the violation by exercising reasonable diligence, corrective action rather than penalty may still be used.

Under ARRA, criminal enforcement for certain HIPAA violations is not limited to covered entities.  For purposes of criminal enforcement provisions, ARRA provides that “a person (including an employee or other individual)” is considered to have obtained or disclosed individually identifiable health information in violation of HIPAA if such information is maintained by a covered entity and the individual obtained or disclosed such information without authorization.

The Office for Civil Rights will receive any civil monetary penalties (CMPs) or settlements related to HIPAA security-related offenses.  Such funds will be used to fund the further enforcement of ARRA and HIPAA rules and requirements.

States’ Attorney General may bring a civil action under ARRA on behalf of state residents who have been or are threatened to be harmed by a violation to obtain injunctive relief or damages, as well as attorney fees.  Notice must be given to the Secretary and the Secretary is permitted to intervene.  The States’ Attorney General may not bring an action if a federal action by the Secretary is already pending.  These provisions only apply to violations that occur after February 17, 2009 (the date of enactment).

The Comptroller General must submit a report to the Secretary within 18 months of ARRA’s enactment that provides recommendations for determining a reasonable methodology for calculating an appropriate percentage of CMPs or settlements for individuals who have been harmed by a violation of HIPAA or ARRA.  The Secretary is required to issue regulations based on the Comptroller General’s recommendations within 3 years of ARRA’s enactment.

ARRA expands existing civil penalties into tiers and provides that the determination of the penalty amount must be based on the nature and extent of the violation and the harm caused by the violation:

• Tier 1 applies where the violator did not know of the violation, and would not have known even with reasonable diligence of the violation. In such circumstances, the penalty is $100 per violation, not to exceed $25,000 for all such violations of identical requirement during the calendar year.
• Tier 2 applies where the violation was due to reasonable cause rather than willful neglect. In such circumstances, the penalty is $1,000 per violation, not to exceed $100,000 for all such violations of identical requirement during the calendar year.
• Tier 3 applies where the violation was due to willful neglect but the violation was corrected within 30 days of the violation. The penalty is $10,000 per violation, not to exceed $250,000 for all such violations of identical requirement during the calendar year.
• Tier 4 applies where the violation was due to willful neglect and the violation was not corrected within 30 days of the violation. The penalty is $50,000 per violation, not to exceed $1,500,000 for all such violations of identical requirement during the calendar year.

Additional Guidance and Technical Standards

Within 60 days of the enactment of ARRA, the Secretary is required to issue guidance on what constitutes “unsecured” PHI and which specifies the technologies and methodologies that will render PHI unusable, unreadable or indecipherable to unauthorized individuals.  Guidance on such technologies and methodologies will be updated annually by the Secretary.

Within 180 days of enactment, the Secretary is required to issue interim final regulations which govern ARRA’s notification provisions and must designate an individual in each of the Department’s regional offices who will offer guidance and education on rights and responsibilities of covered entities, Business Associates and individuals with regard to PHI.

Effective Date of Changes

Unless otherwise specified in ARRA, the general effective date for the changes under ARRA is February 17, 2010, one year after the enactment of the law.  While the increased penalty provisions take effect immediately, many of the provisions have other effective dates and some do not have a clear date specified.  Additionally, some provisions will require regulations to be implemented, so these provisions may take two years or longer to take effect.

Unfortunately, during tough times, companies are forced to make hard decisions in order to survive.  One of the largest expenses for most companies is human capital and the associated costs, such as salaries and employee benefits programs.  As companies analyze whether to use terminations and/or layoffs as a means to control or reduce costs, they need to ensure that the analysis includes consideration of legal risks involved and ensure that the ultimate course of action complies with any applicable laws.  Some of the laws that should be taken into consideration include the Family Medical Leave Act (FMLA), the Americans with Disabilities Act (ADA), the Uniformed Services Employment and Reemployment Rights Act (USERRA), the Older Workers Benefit Protection Act (OWBPA), the Employee Retirement Income Security Act (ERISA), Equal Employment Opportunity (EEO) laws and the Consolidated Omnibus .Budget Reconciliation Act (COBRA).

For example, when determining which employees will be terminated and/or laid off, companies need to ensure that the criteria used is objective and does not create a disparate impact on a protected class.  One of the most common mistakes companies make is to use compensation as criteria for determining which employees will be reduced.  In many cases, employees with the highest wage rates in positions generally tend to be older because their salaries have increased with their work experience and time in a position.  Employers should ensure that they are using objective, legitimate business criteria to make their selections, so they do not leave themselves open to an age discrimination claim.

Additionally, depending on the size of the employer and the number of employees being laid off, companies may need to comply with The Worker Adjustment and Retraining Notification Act (WARN).  WARN is a federal law that requires that employers with greater than 100 employees (excluding part-time employees) provide 60 calendar days advance notice of mass layoffs.  A mass layoff is defined as a layoff that either (1) involves at least 50 employees who make up at least 33% of the employer’s work force, or (2) involves at least 500 employees.  Additionally, some states have enacted their own versions of the WARN Act that have lower thresholds which trigger a notice period.  This analysis can be complex for employers to determine whether these laws will apply to them, especially if there have been intermittent lay-offs of some workers during periods of slow downs.

Making the decision to reduce headcount in order to help a company survive is probably one of the toughest decisions an employer can make.  Frequently, an employer is focused on its financial situation and can overlook potential legal pitfalls associated with the decision. 

Companies should consult with legal counsel when they face these difficult situations so that they ensure they comply with all applicable laws and that they have as much legal protection as possible.  Please contact our office with any questions you have or for additional information.

During a M&A deal, companies generally perform due diligence across all areas of the target company to identify issues that need to be addressed during the negotiation phase of the deal.  If employee benefits plans are not included in this due diligence, an acquiring company can discover that it has inadvertently become the owner of significant employee benefits plan problems.  While problems that arise in the area of employee benefits plans do not generally become “deal breakers”, ensuring that any and all benefits issues are identified and addressed before the final agreement is signed can avoid major headaches in the future.

Benefit plan issues can vary depending on the type of deal that is being contemplated – either an asset purchase or a stock purchase.  In an asset purchase, the due diligence required for employee benefits plans could be reduced if the agreement does not include the buyer assuming liability for employee benefit plans.  However, even in that situation, due diligence on the benefit plans should still be conducted to ensure that the buyer has a complete picture of the seller’s business.

In a stock purchase deal, or in an asset purchase deal where the buyer is assuming liability for benefit plans, the buyer needs to ensure that significant due diligence is conducted on the existing benefit plans.  Generally, this due diligence should include:

• Identifying all employee benefit plans, programs and practices currently in existence – both formal written plans and informal, unwritten plans.
• Obtaining all pertinent documents for each plan identified (e.g., plan documents, summary plan descriptions, Form 5500s, annual nondiscrimination testing and audits, determination letters, third party administrator contracts).
• Reviewing all documentation to ensure the plans are currently compliant with applicable laws and looking for potential problem areas (e.g., accelerated vesting on change of control, unfunded liabilities, funding arrangements for nonqualified deferred compensation plans).
• Requesting disclosure on currently pending or threatened claims based on benefit plans and on whether any governmental audits have been commenced or are pending.
• Identifying potential problems to be addressed during negotiation of the deal.

As stated earlier, issues identified during the due diligence process for employee benefits plans are generally not severe enough to stop a deal from closing.  However, if properly addressed during the negotiation phase, they can be factored in with all the other components in the decision making process.  Where these issues are not properly addressed, they can become a significant concern for the buyer after the deal has completed. 

Benefits counsel can assist in completing comprehensive due diligence of a target company’s benefit plans to ensure that the acquiring company does not get blind-sided by benefit issues in the future.  Please contact our office for additional information or to talk to an attorney about your particular situation.

One of the most significant benefit provisions contained in the EESA is the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008.  Effective January 1, 2009, this act makes permanent the 1996 mental health parity provisions.  Additionally, it also makes certain enhancements to existing mental health parity provisions, including:

• Requiring plans that provide mental health benefits to extend those benefits to substance abuse-related problems.
• Mandating that the cost-sharing requirements for mental health and substance abuse benefits (such as deductibles, co-insurance, and out-of-pocket costs) may not be more restrictive than the cost-sharing requirements applicable to medical and surgical benefits.
• Mandating that the benefits limitations requirements for mental health and substance abuse benefits (such as number of visits and maximum days covered) may not be more restrictive than the cost-sharing requirements applicable to medical and surgical benefits and there may not be separate limits for treatment applicable only to mental health and substance abuse benefits.
• Mandating that participants can receive benefits for mental health and substance abuse treatments received out-of-network if out-of-network treatment is allowed for medical and surgical benefits under the plan.
• Requiring Plan’s to furnish participants with the criteria used to determine medical necessity and the reason for denial of benefits for mental health and substance abuse claims.

The enhancements are generally effective for plan years beginning one year after October 3, 2009.  However, small employers (less than 50 employees) are excluded from the enhanced provisions.

Other provisions contained in the EESA that can impact employee benefit plans are detailed below:

• The statute requires that any financial institution that directly sells troubled assets under the EESA, the financial institution must meet certain standards for executive compensation and corporate governance, including limits on compensation, recovery of bonus or incentive compensation, and prohibitions on certain “golden parachute” payments.
• The statute details for applicable employers that participate in the Troubled Assets Relief Program (TARP), an amendment of the Internal Revenue Code (IRC) §162(m) and a denial of a tax deduction for the payment of compensation or other benefits in excess of $500,000 to executives or other highly compensated employees. The EESA also amends IRC §280G to apply the tax penalties for excess parachute payments to certain employers and their executives who participate in TARP.
• The statute updates IRC §132(f) to allow employees to exclude employer reimbursements for bicycle commuting expenses from gross income.
• The statute requires that “nonqualified entities” include in gross income for income tax purposes the employee compensation deferred under a nonqualified deferred compensation plan when there is no substantial risk of forfeiture of the rights to such compensation. A “nonqualified entity” is defined as any foreign corporation unless substantially all of its income is: (1) effectively connected with a trade or business in the U.S.; or (2) subject to a comprehensive foreign income tax.

Employers should consult with benefits counsel to decide whether any of the benefit-related provisions contained in EESA are applicable to their benefits programs.  Please contact our office for more information on the EESA and its benefit plan implications.