Our Blog is Moving!

We are MOVING!

We have begun to transition this blog to our new website.  Please take a minute to visit our new website with our blog at:  http://www.truenorthcompanies.com/blog/

As of April 9, we no longer will post on this site.  We thank you for following this blog and we look forward to giving you more good information on different aspects of TrueNorth and our insurance coverages there.

PPACA Employer Fees

Patient-Centered Outcomes Research Institute (PCORI)
Transitional Reinsurance Fee (TRF)
Health Insurance Providers (HIP) Fee

The IRS and the Department of Health and Human Services have issued final regulations that provide details on two new, temporary fees that will be due as part of the Patient Protection and Affordable Care Act (PPACA).  These fees will be calculated and paid directly by self-funded plans.  The fees will be calculated and paid by insurers, although insured plans should expect these fees to be passed along.

Both the Patient-Centered Outcomes Research Institute (PCORI) fee and the Transitional Reinsurance Fee (TRF) are based on covered lives -- that is, both employees/retirees and their covered spouses and children must be counted.  The basic methods a plan may use to count members are the same under the two fees (although a plan may use one method for one fee and a different method for the other fee if it prefers).  However, because the PCORI fee is based on a plan year, the PCORI count looks at the entire plan year.  (Note that although PCORI is based on the plan year, the reporting and fee due date is always July 31.)  In contrast, the TRF is based on a calendar year, even for noncalendar-year plans. TRF reporting of covered lives will be due Nov. 15 and the fee will be due early in the next January.  To meet the Nov. 15 reporting date, for TRF purposes covered lives will only be counted for the first nine months of the calendar year.

The PCORI fee is small -- $1 or $2 dollars per covered person per year -- and will be in effect from 2012 through 2019.  It is designed to fund research into the most effective ways of treating various diseases.  The federal TRF will be $63 per covered person for the 2014 calendar year.  It will be about two-thirds of that amount in 2015 and about half that amount in 2016, and then will expire.  (States have the right to charge their own, additional TRF; states that wish to do so must provide details on the state fee by April 11, 2013.  Few states are expected to add a state-level fee.)  The TRF is designed to pay a portion of the cost for individuals with large claims.

For more on these fees, click the button on the right to download a chart that compares the PCORI and TRF fees.

Health Insurance Providers Fee
The IRS has also issued proposed regulations on the Health Insurance Providers (HIP) Fee.  This fee will be paid by insurers, although insured plans should expect these fees to be passed along.  This fee does not apply to self-funded plans. The HIP Fee is permanent.  The total fee that will be paid by insurers on medical, dental and vision coverage is $8 billion in 2014, $11.5 billion in 2015, $11.5 billion in 2016, $13.5 billion in 2017, $14.3 billion in 2018 and $14.3 billion indexed to medical inflation for later years. The insurer's fee will be based on its size, so fees will vary among insurers; one estimate available through the Association of Health Insurance Plans predicts the fee will increase premiums by 1.9 to 2.3 percent in 2014.

 Next Steps
Employers with fully insured medical plans should include these new fees in their budgets.  (Note that employers that offer an HRA with an insured medical plan will need to report and file the PCORI fees for the self-funded HRA.)

Employers with self-funded plans should budget for these new fees.  They should also begin to consider the process they will use to gather the information needed to support calculating the fees, and the counting method that will be simplest for them to use.  Employers with plan years ending between Oct. 1 and Dec. 31 will need to pay the PCORI fee by July 31, 2013.  IRS Form 720 will be used for this filing, but the revised form and filing instructions have not been released yet.

The final regulation on PCORI fees is here: 
Patient-Centered Outcomes Research Fee

The final regulation on TRF is here: 
Transitional Reinsurance Fee

The proposed regulation on HIP is here: 
Health Insurance Providers Fee

If you have any questions, please contact us at 1.800.798.4080.

This update is brought to you by: 

NEW FMLA MODEL FORMS AND NOTICE

LABOR DEPARTMENT RELEASES NEW FMLA MODEL FORMS AND NOTICE POSTER

The U.S Department of Labor has released revised model Family and Medical Leave Act ("FMLA") forms to administer federal FMLA leave and a notice poster. The updated forms should be used by employers immediately, although they include no substantive revisions despite recent rulemaking on the FMLA military caregiver leave provisions (see our article DOL Publishes Final Regulations Addressing Military Family Leave Provisions). The new forms expire on February 28, 2015. Following are links to the revised model forms:

• WH-380-E Certification of Health Care Provider for Employee's Serious Health Condition
• WH-380-F Certification of Health Care Provider for Family Member's Serious Health Condition
• WH-381 Notice of Eligibility and Rights & Responsibilities
• WH-382 Designation Notice
• WH-384 Certification of Qualifying Exigency For Military Family Leave
• WH-385 Certification for Serious Injury or Illness of Covered Servicemember -- for Military Family Leave
• WH-385-V Certification for Serious Injury or Illness of a Veteran for Military Caregiver Leave

Employers should keep in mind that family and medical leave obligations under state/territorial laws may provide for a greater leave entitlement than the FMLA and (most notably in California, Connecticut and Washington, D.C.) require employers to provide other forms or information.

The DOL notice poster summarizes major provisions of the federal FMLA and tells employees how to file a complaint. By March 8, 2013, all covered employers must display the new notice poster in a conspicuous place where employees and applicants for employment can see it. The poster must be displayed at all locations even if there are no employees eligible for FMLA at the location (e.g., there are fewer than 50 employees employed within a 75-mile radius of the worksite). Electronic posting also is permitted to satisfy the posting requirement, as long as it otherwise meets the requirements of the regulations. The poster may be accessed here: http://www.dol.gov/whd/regs/compliance/posters/fmlaen.pdf

If you have any questions about this or other federal or state/territorial family and medical leave issues, please contact your local UBA Partner Firm.

This update has been brought to you by:

PPACA ADVISOR: FINAL REGS & MORE

AGENCIES ISSUE FINAL REGULATIONS, OTHER GUIDANCE THAT AFFECT EMPLOYER-SPONSORED HEALTH CARE PLANS

The Department of Health and Human Services (HHS) and the Department of Labor (DOL) recently issued several more regulations on the Patient Protection and Affordable Care Act (PPACA).  Some of the new rules affect all plans, while others only affect certain kinds of plans.

Depending on how your plan is funded, the regulations may cover:

• Whistleblowing
• Preventive care
• Out-of-pocket expenses
• Essential health benefits and actuarial value
• Minimum value
• Health insurance market reforms

Please click the button on the right for your type of plan to find out how these rules will affect you.
If you have any questions, please contact us.

LEARN WHAT RULES AFFECT YOU:

 

                            

Our access to PPACA Advisor resources can help you clear up PPACA questions and better craft your company's benefit strategy for the future. 

This update brought to you by: 

PPACA ADVISOR - STATE GUIDE

WHAT IS MY STATE DOING
WITH EXCHANGES, MEDICAID UNDER PPACA?

States have two major decisions to make with respect to the Patient Protection and Affordable Care Act (PPACA) -- whether they will run the health exchange themselves, and whether they will expand Medicaid to cover most individuals whose income is below 133 percent of the federal poverty level.

Exchange Election
Beginning in 2014, all states will have a health exchange.  If a state chooses not to run an exchange, the federal government will run the exchange for the state. An exchange run by the federal government for a state is called a federally facilitated exchange (FFE). States may also choose to share the operation of an exchange with the federal government - that is called a partnership exchange. 



---
Medicaid Election
States also have to decide whether they will expand Medicaid coverage to most individuals who have an income below 133 percent of the federal poverty level (FPL). The FPL is $11,490 for a single person and $23,550 for a family of four in 2013.  The federal government will pay most of the cost of expanded Medicaid coverage, but some states have concerns about the ultimate cost of the expansion to the states. 



As of Feb. 1, 2013, the states had made the following choices.  (The deadline for most exchange elections for 2014 has passed, although states may elect a partnership exchange for 2014 until Feb. 15, 2013.  There is no deadline for the Medicaid election.  It is expected that many states will make the Medicaid expansion decision as part of their 2013 budgeting process.)

CLICK MAP TO SEE RESULTS FOR YOUR STATE

This update brought to you by: 

Significant Changes for Health Care Providers

SIGNIFICANT CHANGES FOR HEALTH CARE PROVIDERS, HEALTH PLANS, AND THEIR BUSINESS ASSOCIATES AND SUBCONTRACTORS IN FINAL HIPAA PRIVACY REGULATIONS

The Office for Civil Rights ("OCR") of the U.S. Department of Health and Human Services published its long-awaited final privacy and security regulations ("Final Rule") under the Health Insurance Portability and Accountability Act ("HIPAA") on January 25, 2013. The Final Rule becomes effective March 26, 2013, and, in general, covered entities and business associates are required to comply by September 23, 2013.

The Final Rule addresses four key areas: (i) changes made by the Health Information for Economic and Clinical Health Act ("HITECH Act"); (ii) the HIPAA enforcement rule; (iii) updates to the data breach notification regulations; and (iv) changes made by the Genetic Information Nondiscrimination Act.

As an employer providing an employee benefits plan, you are considered a covered entity under HIPAA and TrueNorth is one of your business associates. We are in the process of revising all of our Business Associates Agreements to reflect the new requirements. You should expect to receive your new Agreement within the next few months and we ask that you review it before signing and returning to us. Of course, if you should have any questions regarding this process, we encourage you to contact your benefits specialist or account manager. For a more detailed explanation of these changes, please read on:

BUSINESS ASSOCIATES & SUBCONTRACTORS

One of the most significant changes under the HITECH Act is that it makes Business Associates ("BAs") directly liable under certain provisions of the HIPAA privacy and security rules ("HIPAA Rules"). In addition, the Final Rule provides further guidance concerning which entities are BAs, resulting in the treatment of certain subcontractors of BAs as BAs themselves, directly subject to the HIPAA Rules. The Final Rule, for example, clarifies that a BA is a person who performs functions or activities on behalf of, or certain services for, a covered entity or another BA that involve the use or disclosure of protected health information ("PHI")Importantly, the Final Rule establishes that a person becomes a BA by definition, not by the act of contracting with a covered entity or otherwise. Therefore, direct liability for the BA under the HIPAA Rules and HITECH Act for impermissible uses and disclosures and other provisions attaches immediately when a person creates, receives, maintains, or transmits PHI on behalf of a covered entity or BA and otherwise meets the BA definition. As a result of some of these changes, covered entities and BAs should consider re-examining their relationships with their subcontractors to ensure they obtain the appropriate, satisfactory assurances concerning the PHI they make available to those subcontractors. For more information about identifying BAs and subcontractors, see Final HIPAA Regulations: “Business Associates” Include Subcontractors, Data Storage Companies (Cloud Providers?).

The Final Rule also clarifies the BAs are directly liable under the HIPAA Rules for:

1. uses and disclosures of PHI not permitted under HIPAA;
2. a failure to provide breach notification to the covered entity;
3. a failure to provide access to a copy of electronic PHI to the covered entity, the individual, or the individual's designee (as specified in the business associate agreement ("BAA"));
4. a failure to disclose PHI to the Secretary of Health and Human Services to investigate or determine the BA's compliance with the HIPAA Rules;
5.  a failure to provide an accounting of disclosures; and
6. a failure to comply with the HIPAA Security Rule.

BAs remain contractually liable for the other provisions of BAAs.

In attempting to minimize this liability, the Final Rule also confirms that OCR does not endorse any "certification" process for compliance with the HIPAA Rules or HITECH Act. Thus, BAs and subcontractors should not rely on such programs that may be available. 

However, it is critical that BAAs be updated to reflect new requirements and to allocate certain liabilities and responsibilities. A transition rule under the Final Rule permits covered entities and BAs to continue operation under certain existing contracts for up to one year beyond the compliance date (September 23, 2013). A qualifying BAA will be deemed compliant until the earlier of (i) the date such agreement is renewed or modified on or after September 23, 2013, or (ii) September 22, 2014. The transition rule applies only to the language in the agreements, the parties must operate as required under the HIPAA Rules in accordance with the applicable compliance dates.

BREACH NOTIFICATION RULE

The Final Rule retains many requirements from the interim final breach notification rule. However, it removes the "risk of harm" standard in exchange for a more objective standard for determining whether a "breach" has occurred. (Thus, inquiry into whether there is a significant risk of harm to privacy and security is no longer appropriate.) The Final Rule establishes a presumption that impermissible uses and disclosures of PHI are breaches, unless an exception applies. Covered entities can rebut that presumption (removing the notification requirement) by engaging in a risk assessment to determine whether there is a low probability that PHI has been compromised. However, because of the presumption, covered entities may avoid the risk assessment and provide notification.

A risk assessment would examine at least the following four factors:

1. the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification;
2. the unauthorized person who used the PHI or to whom the disclosure was made;
3.  whether the PHI was actually acquired or viewed; and
4.  the extent to which the risk to the PHI has been mitigated.

If no exception applies and, after reviewing all of these factors, the covered entity cannot demonstrate that there is a low probability of compromise to the PHI, notification is required. The OCR cautioned that, when working through these factors, many forms of health information can be sensitive, not just information about sexually transmitted diseases, mental health diseases or substance abuse. In addition, the OCR confirmed that violations of the minimum necessary rules also could result in breaches requiring notification.

OCR clarified other aspects of the breach notification rule:

·         The time for notification begins to run when the incident is known to have occurred, not when it has been determined to be a breach. However, a covered entity is expected to make notifications after a reasonable time to investigate the circumstances surrounding the breach in order to collect and develop the information required to be included in the notice to the individual(s).

·         The obligation to determine whether a breach has occurred and to notify individuals remains with the covered entity. However, covered entities can delegate these functions to third parties or BAs.

·         Written notification by first-class mail is the general, default rule. However, individuals who affirmatively agree to receive notice by e-mail may be notified accordingly. In limited cases, individuals who affirmatively agree to be notified orally or by telephone may be contacted though those means with instructions on how to pick up the written notice.

      Notices of Privacy Practices must include a statement that covered entities must notify affected individual following a breach.

      

      ENFORCEMENT RULE

     The Final Rule implements the changes HITECH Act made to the enforcement provisions of the HIPAA rules, including penalty amounts, which now also apply to BAs. The HITECH Act penalty scheme can be summarized as follows:

•  "Did not know" penalty - amount not less than $100 or more than $50,000 per violation when it is established the covered entity or BA did not know and, by exercising reasonable diligence, would not have known of a violation;
•  "Reasonable cause" penalty - amount not less than $1,000 or more than $50,000 per violation when it is established the violation was due to reasonable cause and not to willful neglect;
• "Willful neglect-corrected" penalty - amount not less than $10,000 or more than $50,000 per violation when it is established the violation was due to willful neglect and was timely corrected; 
• "Willful neglect-not corrected" penalty - amount not less than $50,000 for each violation when it is established the violation was due to willful neglect and was not timely corrected.

A penalty for violations of the same requirement or prohibition under any of these categories may not exceed $1,500,000 in a calendar year.

In addition, OCR made clear in the Final Rule that it will investigate a complaint and it will conduct a compliance review when the circumstances or its preliminary review suggests willful neglect is possible. Willful neglect is defined at 45 CFR § 160.401 as the "conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated." The term not only presumes actual or constructive knowledge a violation is virtually certain to occur, but also encompasses a conscious intent or degree of recklessness with regard to compliance obligations. The proposed regulations provided examples of where willful neglect may be found:

•             A covered entity disposed of several hard drives containing electronic PHI in an unsecured dumpster, in violation of § 164.530(c) and § 164.310(d)(2)(i). HHS's investigation reveals the covered entity had failed to implement any policies and procedures to reasonably and appropriately safeguard PHI during the disposal process.
•       A covered entity failed to respond to an individual's request that it restrict its uses and disclosures of PHI about the individual. HHS's investigation reveals the covered entity does not have any policies and procedures for consideration of restriction requests it receives and refuses to accept any requests for restrictions from individual patients who inquire.
•              A covered entity's employee lost an unencrypted laptop that contained unsecured PHI. HHS's investigation reveals the covered entity feared its reputation would be harmed if information about the incident became public and, therefore, decided not to provide notification as required by § 164.400 et seq

GENETIC INFORMATION NONDISCRIMINATION ACT
The Genetic Information Nondiscrimination Act (GINA) prohibits discrimination on the basis of an individual's genetic information. GINA also contains privacy protections for genetic information that requires HHS to modify the HIPAA Rules. The protections require (i) clarification that genetic information is health information and (ii) health plans, health plan issuers and issuers of Medicare supplemental policies be prohibited from using or disclosing genetic information for underwriting purposes. The Final Rule implements these protections by incorporating certain definitions from GINA and other provisions relating to health plans (health care providers are generally not subject to these provisions). In addition, the Final Rule requires a change to the Notice of Privacy Practices for health plans. Namely, if a covered health plan will be using PHI for underwriting purposes (such as in a wellness program), the plan's Notice of Privacy Practices must include a statement that PHI that is genetic information may not be used for this purpose.

ACTION NEEDED
The Final Rule includes substantial changes to the HIPAA Final Rules for covered health care providers and health plans, as well as their BAs. These entities will need to review these regulations carefully and make appropriate adjustments in their policies and procedures, workforce training, privacy and other notices, systems, as well as their agreements. Most of this will need to be completed by September 23, 2013, although a transition rule will allow a one-year extension until September 23, 2014 to amend certain existing business associate agreements.
Please contact TrueNorth if you have any questions about health care reform.

                                                        This update is brought to you by: 

PPACA ADVISOR - EXCHANGE ELIGIBILITY

HHS ISSUES PROPOSED RULE ON EXCHANGE LIABILITY; IRS PROVIDES COORDINATION OPTIONS FOR NON-CALENDAR YEAR PLANS

The following is a summary of proposed regulations. Some or all of the provisions may change when the final rules are issued. 

On Jan. 14, 2013, the Department of Health and Human Services (HHS) issued another lengthy proposed rule under the Patient Protection and Affordable Care Act (PPACA).  Among other things, the proposed rule provides some information on how employers will be notified if an employee applies for a premium subsidy / tax credit and how an employer may appeal a determination of premium subsidy eligibility that it believes is incorrect.  The proposed rule is HERE.


Employee Requests for Premium Subsidies An employee will be eligible for a premium subsidy only if:

• His household income is less than 400 percent of federal poverty level,
• He purchases coverage through the public exchange,
• He does not have access to affordable, minimum value coverage through his employer, and
• He is not covered by a plan through his employer that provides minimum essential coverage (even if that coverage is not affordable or it does not provide minimum value)

The employee will be required to provide information to the exchange about his income and access to employer-provided affordable, minimum value coverage.  The exchange (or HHS if the state asks HHS to do this) will attempt to verify this information from available data bases, but in all likelihood it will need to contact the employer for verification of information regarding coverage.
HHS is considering the use of a one-page template that the employer would complete with respect to the employee's eligibility for coverage, plan affordability and plan value.

Employee Eligibility for a Premium Subsidy
Under the proposed rule, HHS or the exchange would notify the employer if an employee is determined to be eligible for a premium subsidy ("certified under Section 1411").  The employer would have 90 days to appeal the determination if it believed the employee should not be eligible for the subsidy.  (All employers, regardless of size, would receive the notice that an employee has been found to be eligible for a premium subsidy. Employers large enough to be responsible for paying a penalty on employees who receive a premium subsidy would receive a separate notice from the IRS actually assessing the penalty. The IRS notice most likely would be sent during the second quarter after the calendar year for which the premium subsidy was provided.)

Coordinating Exchange and Plan Open Enrollments
On Jan. 2, 2013, the IRS issued a detailed rule that, among other things, provides that noncalendar-year plans may amend their Section 125 plans to allow employees to make midyear changes because of PPACA.  Open enrollment for the exchanges will begin in October 2013 for a Jan. 1, 2014, effective date, and the individual coverage mandate also begins Jan. 1, 2014.  The proposed rules provide that employers with noncalendar-year plans may amend their Section 125 plans to allow participants to drop coverage as of Jan. 1, 2014, to enroll in an exchange plan.  Employers also may amend their plans to allow employees who had declined coverage to enroll and pay premiums on a pre-tax basis as of Jan.1, 2014, so that the employee can meet the coverage requirement.  (Employers considering allowing a special enrollment for those who had declined coverage should obtain the consent of their carrier or reinsurer before implementing this option.)   The proposed rule is HERE.

Important: The HHS rules are still in the "proposed" stage, which means that there may be changes when the final rule is issued.  Employers should view the proposed rules as an indication of how plans will be regulated beginning in 2014, but need to understand that changes are entirely possible.

This update is brought to you by: