With all of the other changes made by House Bill 2325, many employers have not realized the importance of this change.  This change is effective for all group plans subject to the continuation laws that are issued, delivered, amended or renewed after June 18, 2009.

This means that if an employer renews its policy after June 18, 2009, all individuals currently receiving state continuation coverage would be entitle to an additional 3 months of coverage, regardless of the date the individual first elected state continuation coverage .

All employers should be aware of this change and update their current procedures to accolade this change.  Additionally, employers should notify all employees and all former employees who are subject to the extension of this new length of continuation coverage.

The letter indicates an employer’s requirement that employees participate in a health risk assessment in order to obtain coverage under the employer’s self-funded health plan violates the ADA.  The circumstances that the EEOC official assessed were where the employer had employees take an assessment that involved answering a short health-related questionnaire, taking a blood pressure test, and providing blood for use in a blood panel screen.  Information from the assessment went directly and exclusively to the employee, and the employer received only aggregate information.  Employees who declined to participate in the assessment and their family members became ineligible for coverage under the health plan.

The ADA requires disability-related questions or medical examinations to be job-related and consistent with necessity or, part of a voluntary wellness program.  The EEOC stated that in the above instance, the HRA was neither job-related nor consistent with necessity.  As part of a wellness plan, refusing to participate in an HRA would penalize an employee, violating ADA.

However, the letter did reaffirm that disability-related inquiries and medical examinations are permitted as part of a voluntary wellness program, and that a wellness program is voluntary if employees are neither required to participate nor penalized for non-participation.  In the case the EEOC considered, employees were both required to participate and were penalized for non-participation.  The opinion letter may be found here.

This is important guidance in clarifying what an employer can and cannot do with regarding to its wellness efforts.  Please contact us if you have any questions or need more information on this letter or other wellness guidance.

The new law gives provides for added flexibility in order to cover children whose annual family income exceeds 200% of the federal poverty level ($22,050 for a family of four in 2009).  In addition to the income changes, the new law also includes a provision allowing legal aliens to participate in CHIP.  These changes will result in up to 4 million additional children being covered by CHIP.

In order to encourage more cost-effective coverage of CHIP-eligible individuals, the new law permits (but does not require) states to provide premium assistance to qualifying children (and, in some cases, their employed parents) to help pay employer group health plan premiums.  It is unknown how many states will adopt such a program or when the programs will be operational.  According to a recent Kaiser Family Foundation study, currently six states have state assistance programs – Florida, Idaho, Illinois, Oregon, Utah, and Virginia.

Qualified Coverage

CHIP applies to “qualified employer-sponsored coverage”, which is defined as group health plan or health insurance coverage offered through the employer which meets the following requirements:

• The coverage must be “creditable coverage” for Health Insurance Portability and Accountability Act (HIPAA) purposes;
• The employer contribution toward the cost of any premium for the coverage must be at least 40%; and
• The coverage must be available to individuals in a manner that would be considered to be a nondiscriminatory group for eligibility purposes under Internal Revenue Code’s Section 105(h) rules.

Qualified employer-sponsored coverage does not include:

• A health flexible spending arrangement (such as a Health Flexible Spending Account or a Medical Reimbursement Account); or
• A high deductible health plan (for Health Savings Account purposes).

Premium Assistance

The permitted premium assistance available for employers to offer to qualifying children is the incremental difference in cost to the employee between the cost of enrolling only the employee under the employer sponsored coverage and the cost of enrolling the employee and the low-income child under the employer-sponsored coverage.  If premium assistance is also provided to the parent of a low-income child, the amount of the subsidy is increased to take into account the cost of enrollment of the parent (or the family, if allowed by the state) in the employer-sponsored coverage.  A state is allowed to provide the premium assistance subsidy either as a direct reimbursement to an employee for out-of-pocket expenditures, or as a reimbursement to the employee’s employer.

Under the new law, employers are allowed to opt-out of being reimbursed for the premium subsidy.  If an employer chooses to opt-out, the employer is effectively removed from the subsidy process, and the state will then make its reimbursement for the subsidy directly to the employee.  This opt-out option will allow the employer to continue to withhold the full amount of the employee contribution required for coverage of the employee and the low-income child under the employer’s group health plan.

Special Enrollment Period

The new law also creates a new HIPAA special enrollment period to allow employees and dependents to enroll in an employer group health plan when they either lose Medicaid or CHIP eligibility or first become eligible for state premium assistance.  Employers will have to notify employees of the availability of state premium assistance and respond to state agency requests for information about an employee’s or a family member’s plan coverage.  The special enrollment provisions take effect April 1, 2009.  However, the premium assistance notice and disclosure provisions won’t be effective until model notices and forms are issued.

Under existing HIPAA rules, most group health plans (whether insured or self-insured) are required to allow employees to enroll themselves and certain family members in employer plan coverage under certain circumstances (such as loss of other coverage or adding dependents due to marriage, birth, adoption or placement for adoption).  Group health plans must notify employees of these special enrollment rights either before or at the time of enrollment in the plan.

The expanded CHIP law gives employees and their dependents who are eligible for but not enrolled in an employer group health plan a special enrollment period if either of two events occurs:

• They lose Medicaid or CHIP coverage because they are no longer eligible, or
• They become eligible for a state’s premium assistance program.

Unlike the existing HIPAA special enrollment rights, which allow a 30-day enrollment period after a qualifying event, under the new CHIP requirements, employees have 60 days from the date of the Medicaid/CHIP event to request enrollment in the employer’s group health plan.  In order to qualify for this midyear enrollment right, individuals must experience a Medicaid/CHIP qualifying event and provide the plan timely notice of the event and an enrollment request.

Current HIPAA rules require plans to provide notice of employees’ special enrollment rights at or before the time they can enroll in the plan.  CHIP does not address how or when employers should provide notice of the new special enrollment rights.  However, because the new Medicaid/CHIP qualifying event amends the HIPAA special enrollment provisions, it is believed that employers must revise their current notices of special enrollment to describe the new Medicaid/CHIP provisions – including the 60-day period to request enrollment.  At the very least, employers should include updated notices in enrollment materials for newly eligible employees beginning on April 1, 2009.  Additionally, employers may wish to notify all employees about their new special enrollment rights on or before the provision’s April 1, 2009 effective date.

Many employers that sponsor group health plans offer Section 125 cafeteria plans.  Under current cafeteria plan rules for electing benefits paid with pretax contributions, plans may allow employees to make midyear elections if they (or their family members) experience certain life events or status changes, such as gaining or losing Medicare or Medicaid eligibility or losing CHIP coverage.  Cafeteria plan rules also permit midyear elections for events triggering any mandated HIPAA special enrollment right, which will now include Medicaid/CHIP triggering events.

However, in contrast to the mandatory special enrollment period triggered by HIPAA-specified events, midyear cafeteria plan elections are completely optional – employers may choose to include some, all or none of the IRS-approved status change events in their cafeteria plans.  Therefore, an employee could have a HIPAA special enrollment right to join an employer’s health plan, but unless the employer’s cafeteria plan recognizes eligibility for HIPAA special enrollment as a status change allowing midyear elections, the employee will have to pay for health coverage using after-tax contributions.  Employers that already include HIPAA special enrollment events as grounds to permit midyear cafeteria plan elections may need to update their existing documentation and communication materials to make the scope of these events clear.  Employers that do not currently allow employees to make midyear pretax election changes for HIPAA special enrollments may want to consider adding them now.

Employer Notice and Disclosure Obligations

CHIP requires employers to notify employees about the availability of state premium assistance.  Additionally, employers must respond to any requests from state agencies about the group health plan coverage provided to specific employees and family members.  However, it appears that neither of these requirements is immediately effective.

The Departments of Labor and Health and Human Services must jointly develop and issue model national and state-specific notices within one year of CHIP’s enactment (February 4, 2009) for employers’ use.  Employers must provide the notice to employees starting with the first plan year beginning on or after the date the model notices are issued in final form.  Once the notice obligations become effective, employers may include these notices when distributing certain other benefits information to employees, such as:

• Plan materials informing employees that they are eligible for group health plan coverage;
• Annual open enrollment materials; and
• Summary plan descriptions (SPDs).

Under the new law, employers will be required to respond to state agency requests for information about an employee’s or a family member’s plan coverage.  There is currently no deadline for when the model form for such responses will be issued.  However, once the model form is issued, employers must use it for any state agency requests in the first plan year starting on or after the issue date of the model form.

Once issued, the model form will require the following information from the group health plan:

• Employee/dependent eligibility for group health plan coverage;
• The plan administrator’s name and contact information;
• A description of the plan’s benefits;
• Premiums and cost-sharing amounts for plan coverage; and
• Other relevant plan information.

Unfortunately, the law does not address how employers should respond to state requests for information prior to the model form being issued.

Penalties

CHIP does provide for non-compliance penalties.  Employers that fail to provide the required employee notice may be subject to a penalty of $100 per day for each violation.  Each employee who does not receive the notice is considered a separate violation.  Additionally, plan administrators that do not respond to state information requests face similar penalty assessments.

Next Steps for Employers

Because the new Medicaid/CHIP special enrollment right’s effective date is just around the corner, employers need to take several steps immediately.

1.    Confirm with vendors that qualifying employees and family members will be able to enroll in group health plans.

2.    Revise existing HIPAA special enrollment rights notices to include Medicaid/CHIP triggering events by the April 1, 2009 effective date.

3.    Revise any other employee communications that describe HIPAA special enrollment rights (such as SPDs and open enrollment materials).

4.    Amend cafeteria plan documents as necessary to reflect the new Medicaid/CHIP special enrollment right and the 60-day period to request plan enrollment.

5.    Establish procedures to respond to state requests for information about coverage provided to specific employees and family members.

Please contact our office for more information or to speak with benefits counsel about the new Medicaid/CHIP law and its impact on your business.

The legislative changes that affect HIPAA create many new requirements, enforcement provisions and penalties for covered entities, business associates, vendors and others.  Many changes are focused on HIPAA’s privacy and security requirements and will require businesses to change the way they currently do business.  There are significant changes to all Covered Entities (defined under HIPAA as health care providers that conduct certain electronic transactions, health care clearinghouses, and health plans), but are most challenging for Business Associates (individuals or corporate persons that perform ANY function or activity involving the use of Protected Health Information (PHI), who now face a host of new requirements.

Business Associates Required to Comply with HIPAA Privacy and Security Rules

Under HIPAA, Business Associates were not directly regulated and were not subject to HIPAA’s penalty provisions.  Because HIPAA only required a contract between the Business Associate and the HIPAA-covered entity, the only sanctions Business Associates faced for failure to protect health information was a breach of contract claim.  However, ARRA makes significant changes to the way Business Associates are treated under HIPAA.

ARRA specifies that any entity that engages in health information exchanges or provides data transmission of PHI (including Personal Health Record (PHR) vendors and health information exchanges) is considered a Business Associate.  As such, these entities must enter into a business associate contract with the covered entity and will be subject to ARRA’s civil and criminal penalty provisions.

Additionally, ARRA requires that the administrative, physical and technical safeguards and the policy, procedure and documentation requirements of HIPAA’s security rule apply to Business Associates of a covered entity in the same manner as they apply to the covered entity.  These additional requirements must be incorporated into Business Associate contracts and agreements and include notification provisions for a breach and the application of ARRA’s criminal and civil penalties.   With regard to HIPAA’s privacy rules, Business Associates are prohibited from using or disclosing any PHI in a manner which is not in compliance with the Business Associate contract or agreement required terms under HIPAA.  These changes become effective February 17, 2010 (one year after the enactment of ARRA).

Notice to Individuals of Privacy and Security Breaches

ARRA also imposes certain notification requirements on covered entities and Business Associates in the event of a breach of “unsecured protected health information.”  A breach is defined as “the unauthorized acquisition, access, use, or disclosure of protected health information which comprises the security or privacy of such information, except where an authorized person to whom such information is disclosed would not reasonably have been able to retain such information”.  Unsecured protected health information is defined as protected health information that the covered entity or Business Associate has not secured via standards approved by the Secretary of Health and Human Services (Secretary). 

Generally, the notification of a breach must be provided “without unreasonable delay”, but in no case later than 60 days after the discovery of the breach or when the breach should reasonably have been discovered.  Since the 60 days is the outer limit for notification, if the full 60 day window is used, the covered entity or Business Associate involved in the breach must be prepared to justify their reasons for not providing notification of the breach sooner.  However, notice of a breach may be delayed provided that notification would hinder a criminal investigation and/or injure national security (as determined by a law enforcement official).

For Business Associates that discover a breach, the Business Associate must notify the covered entity of the breach or potential breach and the identify of all individuals affected or potentially affected.  For covered entities, notification must be made to individuals whose unsecured protected health information has been accessed, acquired or disclosed or is reasonably believed to have been accessed, acquired or disclosed as a result of a security or privacy breach.  In general, notification to affected individuals must be sent via first class mail.  However, where a breach involves 10 or more individuals whose contact information is out-of-date or deficient, notification must be posted to the covered entity’s website or published in major print or broadcast media. For a breach that involves 500 or more individuals, the covered entity involved in the breach must also give notice to prominent media outlets in the applicable jurisdiction or state.

Notice of all breaches must be provided to the Secretary.  If the breach affects 500 or more individuals, the covered entity involved in the breach must immediately notify the Secretary.  For breaches that affect less than 500 individuals, the covered entity involved in the breach may notify the Secretary of any breaches on an annual basis.

To the extent possible, all notices must contain:

A brief description of what happened, including the date of the breach and the date of the discovery of the breach (if known);

• A description of the types of unsecured protected health information involved in the breach (e.g., social security number, date of birth);
•  The steps individuals should take to protect themselves from potential harm as a result of the breach;
•  A brief description of what the entity involved is doing to investigate the breach, to mitigate losses and to protect against further breaches; and
•  Contact procedures for individuals to ask questions or receive additional information, including a toll-free telephone number and an e-mail address, web site or postal address.

Expansion of Accounting of Disclosures

ARRA changes the existing limitations on accounting for disclosures of health information to individuals who request the disclosure.  If a covered entity uses or maintains an Electronic Health Record (EHR), then individuals will be allowed to receive an accounting of the disclosures of PHI for treatment, payment and health care operations made from the EHR.  The period of mandated disclosure is limited to the 3 year period prior to the individual’s request.  A reasonable fee may be charged to the requesting individual, provided the fee is not greater than the labor costs involved in complying with the request.

The Secretary is required to adopted regulations that specify the information to be contained in the accountings within 6 months of ARRA’s enactment.  Covered entities that began using EHR prior to January 1, 2009 will be required to provide the accounting upon request effective January 1, 2014.  Covered entities that begin using EHR after January 1, 2009 will be required to provide the accounting upon request effective January 1, 2011.

Clarification of and Limits on Marketing and Fundraising

ARRA clarifies that marketing communications are not health care operations unless the communications:

• Describes a health-related product or service that is provided by, or included in a plan of benefits of, the communicating covered entity;
•  Is made for the treatment of the individual; or
•  Is made for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health care providers or settings of care to the individual.

ARRA also limits the ability of a covered entity to receive remuneration for making non-marketing communications except for communications describing only a drug or biologic that is currently being prescribed for the individual receiving the communication, and any payment received by the covered entity in exchange for making the communication is reasonable (as defined by the Secretary), provided that:

• The communication is made by the covered entity and the covered entity has a valid authorization from the individual receiving the communication, or
• The communication is made by a Business Associate on behalf of the covered entity and the communication is consistent with the Business Associate contract or agreement between the covered entity and the Business Associate.

Individuals must be allowed to elect not to receive any fundraising communications, and must be allowed to “opt out” of having their information used by a covered entity for the purpose of fundraising.

Sale of Protected Health Information

Under ARRA, a covered entity or Business Associate is prohibited from directly or indirectly receiving payment in exchange for any protected health information unless the covered entity or Business Associate acquired a valid authorization from the individual.  The authorization must include the specification that the PHI may be sold or exchanged for remuneration.  Exceptions to this provision are made for:

• Public health activities;
• Research activities (provided the price reflects the reasonable costs related to the preparation and transmittal of data for such purposes);
• Treatment of an individual;
• The sale, transfer, merger or consolidation of a covered entity;
• Certain Business Associate agreements where a covered entity provides remuneration to a Business Associate;
• A request by an individual for a copy of that individual’s PHI; and
• As otherwise allowed by the Secretary.

The Secretary must issue final regulations within 18 months of ARRA’s final enactment date and the prohibitions are effective 6 months after the issuance of the final regulations.

Notification Provisions Apply to Other Personal Health Record Vendors

ARRA extends its notification provisions to vendors of PHRs and their service providers should the vendor or service provider experience a breach of security or privacy, regardless of whether the vendor or service provider is considered a covered entity.  In the instance of a breach of privacy or security of PHI, PHR vendors and their service providers are required to notify each affected individual who is a U.S. Citizen or resident of the U.S. as well as the Federal Trade Commission.  Failure to provide the required notice will be deemed as an unfair and deceptive trade practice or act under the Federal Trade Commissions Act.

Because PHR vendors are not covered by HIPAA, ARRA requires that the Federal Trade Commission issue interim final regulations which will provide guidance for PHR vendors on the requirements for breaches of PHI.

Mandatory Restrictions on Disclosure of PHI when Requested by Individuals

Under ARRA, individuals are given the right to restrict the disclosure of PHI related to treatment, payment and health care operations provided:

• The restriction relates to disclosure for purposes of payment or health care operations;
• The restriction does not relate to disclosure for purposes of treatment; and
•  The PHI relates only to an item or service for which the provider has already received payment in full.

Right of Individuals to Receive Electronic Records

If a covered entity maintains EHRs that contain PHI, ARRA provides individuals with the right to obtain a copy of their records in an electronic format or to request that the record be transmitted to a third party.  The covered entity may not charge the individual requesting the copies more than the total cost of labor incurred by the entity in transmitting the copies.

Clarification of the Minimum Necessary Standard

Pending additional guidance from the Secretary, a covered entity will be considered to be in compliance with the minimum necessary standard if, to the extent possible, the covered entity limits the disclosure to a limited data set or to the minimum data necessary to accomplish the intended purpose of the disclosure or use of the information.  The Secretary is required to issue guidance within 18 months of ARRA’s enactment.

Increase Use of De-Identifed Information

ARRA requires the Secretary to issue guidance on how covered entities can comply with requirements related to the use of de-identified PHI.  Such guidance must be issued within 1 year of ARRA’s enactment.

Enforcement and Penalties

ARRA authorizes the Secretary to conduct periodic audits of covered entities and Business Associates to ensure compliance with HIPAA and ARRA requirement.  The Secretary is also authorized to utilize civil enforcement provisions even if the action in question violated the criminal provisions, provided no criminal conviction is associated with the conduct.

The Secretary is required to impose civil penalties if a violation is due to willful neglect and to formally investigate any complaint if a preliminary investigation indicates the potential of violation due to willful neglect.  For cases involving violations where the individual did not know of the violation or where the individual would not have known of the violation by exercising reasonable diligence, corrective action rather than penalty may still be used.

Under ARRA, criminal enforcement for certain HIPAA violations is not limited to covered entities.  For purposes of criminal enforcement provisions, ARRA provides that “a person (including an employee or other individual)” is considered to have obtained or disclosed individually identifiable health information in violation of HIPAA if such information is maintained by a covered entity and the individual obtained or disclosed such information without authorization.

The Office for Civil Rights will receive any civil monetary penalties (CMPs) or settlements related to HIPAA security-related offenses.  Such funds will be used to fund the further enforcement of ARRA and HIPAA rules and requirements.

States’ Attorney General may bring a civil action under ARRA on behalf of state residents who have been or are threatened to be harmed by a violation to obtain injunctive relief or damages, as well as attorney fees.  Notice must be given to the Secretary and the Secretary is permitted to intervene.  The States’ Attorney General may not bring an action if a federal action by the Secretary is already pending.  These provisions only apply to violations that occur after February 17, 2009 (the date of enactment).

The Comptroller General must submit a report to the Secretary within 18 months of ARRA’s enactment that provides recommendations for determining a reasonable methodology for calculating an appropriate percentage of CMPs or settlements for individuals who have been harmed by a violation of HIPAA or ARRA.  The Secretary is required to issue regulations based on the Comptroller General’s recommendations within 3 years of ARRA’s enactment.

ARRA expands existing civil penalties into tiers and provides that the determination of the penalty amount must be based on the nature and extent of the violation and the harm caused by the violation:

• Tier 1 applies where the violator did not know of the violation, and would not have known even with reasonable diligence of the violation. In such circumstances, the penalty is $100 per violation, not to exceed $25,000 for all such violations of identical requirement during the calendar year.
• Tier 2 applies where the violation was due to reasonable cause rather than willful neglect. In such circumstances, the penalty is $1,000 per violation, not to exceed $100,000 for all such violations of identical requirement during the calendar year.
• Tier 3 applies where the violation was due to willful neglect but the violation was corrected within 30 days of the violation. The penalty is $10,000 per violation, not to exceed $250,000 for all such violations of identical requirement during the calendar year.
• Tier 4 applies where the violation was due to willful neglect and the violation was not corrected within 30 days of the violation. The penalty is $50,000 per violation, not to exceed $1,500,000 for all such violations of identical requirement during the calendar year.

Additional Guidance and Technical Standards

Within 60 days of the enactment of ARRA, the Secretary is required to issue guidance on what constitutes “unsecured” PHI and which specifies the technologies and methodologies that will render PHI unusable, unreadable or indecipherable to unauthorized individuals.  Guidance on such technologies and methodologies will be updated annually by the Secretary.

Within 180 days of enactment, the Secretary is required to issue interim final regulations which govern ARRA’s notification provisions and must designate an individual in each of the Department’s regional offices who will offer guidance and education on rights and responsibilities of covered entities, Business Associates and individuals with regard to PHI.

Effective Date of Changes

Unless otherwise specified in ARRA, the general effective date for the changes under ARRA is February 17, 2010, one year after the enactment of the law.  While the increased penalty provisions take effect immediately, many of the provisions have other effective dates and some do not have a clear date specified.  Additionally, some provisions will require regulations to be implemented, so these provisions may take two years or longer to take effect.

During a M&A deal, companies generally perform due diligence across all areas of the target company to identify issues that need to be addressed during the negotiation phase of the deal.  If employee benefits plans are not included in this due diligence, an acquiring company can discover that it has inadvertently become the owner of significant employee benefits plan problems.  While problems that arise in the area of employee benefits plans do not generally become “deal breakers”, ensuring that any and all benefits issues are identified and addressed before the final agreement is signed can avoid major headaches in the future.

Benefit plan issues can vary depending on the type of deal that is being contemplated – either an asset purchase or a stock purchase.  In an asset purchase, the due diligence required for employee benefits plans could be reduced if the agreement does not include the buyer assuming liability for employee benefit plans.  However, even in that situation, due diligence on the benefit plans should still be conducted to ensure that the buyer has a complete picture of the seller’s business.

In a stock purchase deal, or in an asset purchase deal where the buyer is assuming liability for benefit plans, the buyer needs to ensure that significant due diligence is conducted on the existing benefit plans.  Generally, this due diligence should include:

• Identifying all employee benefit plans, programs and practices currently in existence – both formal written plans and informal, unwritten plans.
• Obtaining all pertinent documents for each plan identified (e.g., plan documents, summary plan descriptions, Form 5500s, annual nondiscrimination testing and audits, determination letters, third party administrator contracts).
• Reviewing all documentation to ensure the plans are currently compliant with applicable laws and looking for potential problem areas (e.g., accelerated vesting on change of control, unfunded liabilities, funding arrangements for nonqualified deferred compensation plans).
• Requesting disclosure on currently pending or threatened claims based on benefit plans and on whether any governmental audits have been commenced or are pending.
• Identifying potential problems to be addressed during negotiation of the deal.

As stated earlier, issues identified during the due diligence process for employee benefits plans are generally not severe enough to stop a deal from closing.  However, if properly addressed during the negotiation phase, they can be factored in with all the other components in the decision making process.  Where these issues are not properly addressed, they can become a significant concern for the buyer after the deal has completed. 

Benefits counsel can assist in completing comprehensive due diligence of a target company’s benefit plans to ensure that the acquiring company does not get blind-sided by benefit issues in the future.  Please contact our office for additional information or to talk to an attorney about your particular situation.

Unfortunately, just hoping that your retirement plan operations are working correctly is not enough.  In the ERISA retirement plan world, some of the biggest mistakes made by employers are operational errors rather than errors in the actual structure or documents of the plan.  Because not all operational mistakes are “bad” or harmful to employees, many employers do not feel there is an issue if they make an operational error, provided it is to the benefit of the employee.  However, even errors that result in favor of the employee cause a plan operation issue.

For example, a plan document provides that employees are eligible to participate only after 1 year of service, but the employer generously allows newly hired employees to participate immediately upon employment.  This generosity on the part of the employer, while beneficial rather than harmful to employees, is a failure to follow the terms of the plan and would constitute an operational failure that could create problems for the plan’s qualification if not corrected.

According to the IRS, some of the reasons employers give to explain why their plans are not operationally compliant include:

• Not knowing how to identify and fix any errors.
• Not wanting to have any unnecessary contact with the IRS.
• Assuming that the required annual financial audit identifies any errors that need to be addressed.
• Assuming that auditing the plan for operational compliance would be too expensive.

Employers should routinely self-audit their retirement plans for operational compliance.  This self-audit should be performed at least annually or more often if there are any significant change in demographics or if the employer is involved in a merger or acquisition.  Unfortunately, the annual financial audit performed by your CPA won’t necessarily catch all operational issues that might exist.

If operational mistakes are found, employers need to use the tools available to them to correct the errors quickly and with the minimum of expense.  The IRS recently released the “401(k) Fix-It Guide”, available on the IRS’ website, which provides employers with a list of the most common plan errors and advice on how to fix mistakes for 401(k) plans.

Additionally, one of the best tools available to employers in their quest to correct operational plan errors is the IRS’ Employee Plans Compliance Resolution System (EPCRS).  The EPCRS is a comprehensive system of correction programs offered by the IRS to employers who offer qualified retirement plans.  This program allows employers/plan sponsors to correct plan failures through three separate components:

• The Self-Correction Program (SCP),
• The Voluntary Correction Program (VCP), and
• The Audit Closing Agreement Program (Audit Cap).

The EPCRS was recently updated to assist employers in their voluntary compliance efforts.  The changes are effective as of September 2, 2008 and include:

• Standardized application forms,
• Reduced filing fee for some plan loan failures, and
• Expanded situations where waiver of income and excise taxes are allowed.

Everyone knows that mistakes happen.  Under ERISA, the trick is to identify and correct those mistakes quickly and cost-effectively.  Contrary to popular opinion, the IRS is more interested in ensuring plans are compliant than in “catching” employers doing something wrong.  Benefits counsel can assist your organization in self-auditing your plan to help identify any errors and working with you and any necessary governmental agency to resolve issues.  Please contact our office with any questions or for more information.

Subrogation, in one form or another, has been around for a long time (some of the earliest recorded cases involving subrogation are from England in the 1700s).  YourDictionary.com (www.yourdictionary.com) defines subrogation as “the substitution of one creditor for another, along with a transference of the claims and rights of the old creditor”.  It goes on to describe the subrogation process as a legal procedure where an insurance company pays for a claimed loss, then attempts to recover the paid claims from another, legally responsible party (e.g., the person who caused the loss, another insurance company, etc.).  Subrogation was originally applicable almost exclusively to property insurance claims.  However, the concept has expanded over time, and now encompasses a large variety of insured areas, including health insurance.

The Employee Retirement Income Security Act of 1974 (ERISA) is a federal law that governs most employee benefit plans, such as retirement plans and group health plans.  ERISA does not require employers to provide employee benefit plans, but if an employer chooses to offer benefits, the plans must comply with the rules and regulations contained in ERISA (and its amendments). 

ERISA allows employers the right of subrogation, so many group health plans contain what is commonly called “subrogation” provisions.  Generally, these provisions state that the plan is entitled to reimbursement from the participant of any medical expenses the plan previously paid that the participant later recovers from another party responsible for those expenses.  For example, if a plan participant is in an auto accident and sustains injuries, his/her health benefit plan would pay for the medical expenses (per the plan’s provisions).  However, if the participant that was injured in the auto accident has a claim against another party (such as the driver who was at fault, or an auto insurance company), and receives a settlement or judgment under the claim, the participant may be required to reimburse the health plan for the medical claims it paid related to the auto accident.  This requirement for reimbursement would be based upon the health plan’s subrogation provisions.

According to the U.S. Supreme Court (see Great-West Life v. Knudson), subrogation relief for employers under ERISA can only be determined by the characterization and mechanics of the plan’s subrogation provision.  Essentially, this means that the ability of an employer to recover benefits under a subrogation provision depends on how the provision is written and whether the action brought by the plan to recover is legal or equitable.  ERISA allows plans to bring suit for “appropriate equitable relief”.  However, monetary damages are considered legal rather than equitable relief, and therefore are not usually permitted under ERISA.  These restrictions mean that the subrogation language contained in the plan document as well as the operational procedures for subrogating claims becomes vital to an employer’s success in pursuing subrogation.

While a subrogation provision may be present in most health plan documents, employers frequently do not utilize their rights under the provision to the fullest.  Subrogation provisions should be reviewed to ensure that the provision’s language and operations are structured to provide the greatest benefit to the plan.  Provisions should include items such as: clearly identifying recoverable claims, providing for attachment of equitable liens, providing for attorney’s fees to be paid outside of recovery, and requiring segregation of recovered claim amounts before distribution to participants.  Plans should have procedures in place to routinely audit and investigate claims for potential subrogation rights. 

Actively investigating and pursuing subrogation on all appropriate claims can be a strong weapon in the fight to reduce health care costs.  Please contact our office for additional information.

Notice 2008-51

Notice 2008-51 provides guidance on a qualified HSA funding distribution from an IRA or Roth IRA to a HSA, effective for taxable years beginning after December 31, 2006.  The notice states that the qualified HSA funding distribution is a one-time transfer from an individual’s IRA or Roth IRA to that individual’s HSA.  Generally, it is excluded from gross income and not subject to the 10% additional tax for early distributions.  The IRA distribution is counted against the maximum annual HSA contribution for the taxable year of the distribution and is subject to the §408(d)(9)(D) testing period rules.  Distributions from both traditional IRAs and Roth IRAs are allowed, however, distributions from “ongoing” SEP or SIMPLE IRAs do not qualify.

The qualified HSA funding distribution must be less than or equal to the maximum annual HSA contribution, based on the individual’s age as of the end of the taxable year and the type of high deductible health plan (HDHP) coverage at the time of distribution.  Only one IRA distribution for contribution to a HSA is permitted during an individual’s lifetime, with one exception.  If the IRA distribution occurs when the individual has self-only HDHP coverage and later in the same taxable year the individual has family HDHP coverage, a second qualified distribution is allowed in that taxable year.  The normal HSA contribution rules do not apply to qualified funding distributions.  A qualified HSA funding distribution relates to the taxable year in which it is actually made, and it must be a direct transfer from an IRA to a HSA. 

The amount of the qualified HSA funding distribution is excluded from gross income and the 10% penalty tax does not apply provided the individual remains eligible during the entire testing period.  The testing period starts with the month the contribution is made to the HSA and ends on the last day of the 12^th month following the start month.  If an individual ceases to be eligible, the qualified distribution is included in gross income in the taxable year in which the individual first fails to be eligible, and the 10% additional tax applies unless the failure is due to death or disability. 

If a distribution from a HSA is not used for qualified medical expenses, that amount is included in income and subject to the 10% additional tax, regardless of whether the contribution includes the qualified HSA funding distribution.

Notice 2008-52

Notice 2008-52 provides guidance on the annual contribution limit to HSAs, effective for tax years beginning after December 31, 2006.  This notice provides that an individual who is an eligible individual on the first day of the last month of the taxable year (December 1 for calendar year) as having been an eligible individual for the entire year and therefore may make a full contribution for the year.  However, a testing period does apply to this full contribution rule.

The testing period starts with the month the contribution is made to the HSA and ends on the last day of the 12^th month following the start month.  If an individual ceases to be an eligible individual during the testing period, a portion of the contributions will be included in gross income and subject to the additional 10% tax.  This includable amount is the amount of the contributions attributable to months preceding the month in which the individual was not an eligible individual (which could have not have been made but for the provision).  It is includible for the taxable year of the first day of the testing period that the individual was not eligible.  However, an exception applies if the individual ceases to be eligible due to death or disability.

Those that wish to take advantage of these new rules, should ensure they have a thorough understanding of the requirements.  Both IRS Notices contain examples which illustrate the rules provided in the notices.  For additional information on how this new HSA guidance could impact your plans, please contact our office.

H.R. 6081, among its many provisions, includes changes to the Internal Revenue Code of 1986, as amended, that may impact certain employee benefits plans.  The provisions of H.R. 6081 are effective at differing dates and include provisions that:

• Amend existing rules governing cafeteria plans to allow Health Flexible Spending Accounts to distribute account balances to reservists who are called for active duty for indefinite periods or 180 days or more
• Require qualified retirement plans to provide additional benefits that would have been provided to the participant had he/she resumed employment prior to death to the survivors of plan participants who die during qualified military service
• Allow employers to make contributions to qualified retirement plans on behalf of participants who die or become disabled in combat
• Allow employers to treat the day prior to the day of the participant’s death or disability as the day the participant returned to work from military duty so as to provide the retroactive benefit accruals available under USERRA
• Require qualified plans to treat differential military pay as compensation for plan purposes and as wages subject to withholding
• Provide a tax credit under certain circumstances for small employers that provide differential military pay
• Authorize qualified plans to treat participants on active duty for greater than 30 days as terminated in order to access distribution from a qualified retirement plan
• Make the PPA waiver of the 10% penalty tax for early retirement distributions permanent

As mentioned above, it is expected that President Bush will sign the legislation and it will therefore become law.  Employers should make plans to begin reviewing their plans for areas that need amending to comply with the required provisions.  Additionally, employers should review the non-mandatory provisions to determine whether they wish to amend their plans to allow for these provisions. 

During the plan review, employers need to keep in mind the differing effective and/or application dates of the provisions.  Benefits counsel can assist employers with the review and amendment of plan documents to ensure that plans are updated appropriately.