2015 Health Law Update

Transcription

1 2015 Health Law Update 1 1 Brad Roehrenbeck General Counsel and Vice President of Legal Services and Compliance

2 Agenda HIPAA & HITECH Act Enforcement Affordable Care Act Developments Tax on High-Cost Health Coverage (2018 Cadillac Tax) IRS Information Reporting (2016) EEOC Wellness Incentive Proposed Regulations 2 2

3 HIPAA & HITECH Act Enforcement 3 3

4 HIPAA & HITECH Enforcement Overview of HIPAA Rules HIPAA Privacy Rule Establishes patient/member privacy rights and limits use/disclosure of PHI by covered entities and BAs HIPAA Security Rule Requires adoption of safeguards (administrative, physical, and technical) for protection of ephi Breach Notification Rule Requires covered entities and business associates to provide notice in the event of breach of unsecured PHI Enforcement Rule Provides for civil and/or criminal penalties for knowing noncompliance with obligations under the Privacy, Security, and Breach Notification Rules 4 4

5 HIPAA & HITECH Enforcement Enforcement Authorities The following have enforcement authority under HIPAA laws: Office for Civil Rights civil monetary penalties Department of Justice criminal penalties State Attorney Generals actions on behalf of citizens Enforcement actions commonly involve Investigation following a patient/member complaint Investigation following self-reported disclosure activity HITECH Act Audits 5 5

6 HIPAA & HITECH Enforcement HITECH Act Audits HITECH Act Requires HHS to perform compliance audits to assess compliance with Privacy, Security, and Breach Notification Rules May not result from a complaint Deficiencies = Corrective action 115 Pilot Program Audits 2015 Phase 2 Audits 200 desk audits + comprehensive on-site audits. Focus: Risk Assessment, Risk Management, Notice of Privacy Practices, Breach Notification 6 6

7 HIPAA & HITECH Enforcement HITECH Audit Process Step 1: Notification letter (30-90 calendar days) Step 2: Document production (10 calendar days) Step 3: Site Visit Step 4: Draft Report Step 5: Review of Report Step 6: Final Report (actions taken, findings, corrective action required) Note results not published but may lead to formal enforcement action if major findings 7 7

8 HIPAA & HITECH Enforcement Audit Readiness HIPAA Policies & Procedures (Privacy, Security, Breach Response & Notification, Sanctions) Formally Name Privacy & Security Officers Notice of Privacy Practices at enrollment & every 3 yrs Key Forms (Authorization for Disclosure of PHI, BAA, Breach Notice Letter, Requests for Access/Amendment/Restriction) Employee Training (management training, all-staff training, new hire training) Security Risk Assessment (use HHS risk assessment tool) Consider Encryption of ephi not absolutely required but strongly encouraged Security Rule Guidance: hipaa/administrative/securityrule/securityruleguidance.html 8 8

9 Affordable Care Act Developments 9 9

10 2018 Tax on High-Cost Coverage Cadillac Tax The Basics What is the Cadillac Tax? 40% non-deductible excise tax on high-cost health coverage Annual Limitation : 2018 $10,200 (self-only) or $27,500 (other) Example: Aggregate Cost of Coverage Annual Limitation (2018) Excess Benefit Tax Owed $11,000 $10,200 $ x $800 = $320 NOTE No implementing regulations yet Annual Limitation for 2018 likely to be revised

11 2018 Tax on High-Cost Coverage Cadillac Tax Employer Impact Share of Employers with At Least One Plan Hitting Threshold By Firm Size Year Self-Only Threshold Premium, HSA, HRA & FSA Small Firms (3-199 workers) Large Firms (200 or more workers) 2018 $10,200 25% 46% 2023 $11,800 29% 56% 2028 $13,500 41% 68% SOURCE: Kaiser Family Foundation analysis 11 11

12 2018 Tax on High-Cost Coverage Cadillac Tax Impact on Municipal Employers CBO: Tax will generate $80B over 10 years - down from $137B - Private employers have already cut benefits Government employers have not Government plans already richer expanded during recession as wages held flat + Unionized workforces challenge adjustments to health benefits Disproportionate impact on local government plans ($76M over 10 years for Washington s AWC participants alone) 12 12

13 2018 Tax on High-Cost Coverage Cadillac Tax Strategies Consumer Directed Health Plan HDHP + HSA Wellness Initiatives with Meaningful Incentives Self-funded v. Fully Insured Plans Increasing EE Contributions to Offset Penalty Raise Local Taxes to Offset Penalty 13 13

14 2018 Tax on High-Cost Coverage Cadillac Tax Who Pays the Tax? Fully-Insured Plans The Insurer Account-based Plans (HSA, Archer MSA contributions) The Employer Self-Funded Plans The Plan Administrator ( the person that administers the plan benefits ) Follow ERISA definition of plan administrator? Shared risk pools - the separate employers, the pool, TPA? IRS weighing 2 options: Employer pays TPA pays 14 14

15 2018 Tax on High-Cost Coverage Cadillac Tax Repeal? 15 15

16 ACA IRS Reporting ACA REPORTING OBLIGATIONS MINIMUM ESSENTIAL COVERAGE REPORTING (SEC. 6055) APPLICABLE LARGE EMPLOYER REPORTING (SEC. 6056) 16 16

17 ACA IRS Reporting Minimum Essential Coverage Reporting (Sec. 6055) Who must report? Insurers and Self-funded employers To whom? IRS and Covered Employees What must be reported? Basic information about the employer and health plan Identifying information about all covered individuals (employee and dependents) Applicable Large Employer Reporting (Sec. 6056) Who must report? Applicable Large Employers (50+ FTEs) To whom? IRS and FT Employees What must be reported? Detailed information about FT EEs Detailed information about coverage offered to each and when Due: To employees on January 31 of following year, to IRS by February 28 (Mar 31 if submitted electronically) 17 17

18 ACA IRS Reporting Minimum Essential Coverage Reporting (Sec. 6055) Who must report? For employers of ALL sizes: Single Employer, Insured Carrier Single Employer, Self-Funded Employer Multiple-Employer, Self-Funded Each Employer MEWA Each Employer Multiemployer Plan (Collectively-Bargained) Association/Committee/Bd of Trustees Controlled Group, Self-Funded Separately or Joint Transfer of Reporting Responsibility Government employers? Yes, to another agency by written agreement To Accountant/TPA/Vendor? allowed but responsibility/liability still with the employer 18 18

19 ACA IRS Reporting Forms 1094 & 1095 (IRS Transmittal Form) Reporting Party Type of Reporting Return Transmittal Small Employer (<50 FTEs), Self-Insured 6055 Only 1095-B 1094-B Insurance Carrier 6055 Only 1095-B 1094-B Large Employer ( 50FTEs), Fully-Insured Large Employer ( 50 FTEs), Self-Insured 6056 Only 1095-C (not Part III) 1094-C 6055 & C 1094-C 6055 Minimum Essential Coverage Reporting 6056 Applicable Large Employer Reporting B = 6055 Information C = Information 1094 = Transmittal Form 1095 = Information Return 19 19

20 ACA IRS Reporting Important Action Steps Tracking system for Employee Hours of Service To assess whether employer is an ALE To assess whether each employee is FT/PT Contract with Gov t Agency/Vendor or Develop In-House Data Checklist Much data is captured by payroll/claims administrator Some data (i.e. covered dependent information) is not captured HR will have to make good faith efforts to capture (2+ attempts) Consider obtaining employee consent to deliver returns electronically 20 20

21 Wellness Incentive Guidelines Under the ADA 21 21

22 EEOC - ADA Wellness Incentive Guidelines Background Many employers utilizing incentive strategies (carrots & sticks) to drive participation in wellness programs Encouraged by ACA/HIPAA rules up to 30%/50% incentives for general/tobacco related wellness programs ADA bars discrimination/adverse action against employees based on disability/health condition EEOC brought suit against several employers for wellness incentive programs (i.e., EEOC v. Honeywell) 22 22

23 EEOC - ADA Wellness Incentive Guidelines Incentives for Voluntary Wellness Programs Maximum Incentive: 30% of total cost of employee-only coverage. Total cost of coverage includes employee & employer share of the self-only premium Tobacco-related Incentives 30% cap includes tobacco-related incentives Inconsistent with HIPAA rules, which allow higher incentive for tobacco-related initiatives Exception: higher incentives allowed if the program involves no disability-related inquiry or medical examination. Must be voluntary Employer may not require participation No adverse action against non-participants other than incentive (i.e., denying/limiting coverage, termination) 23 23

24 EEOC - ADA Wellness Incentive Guidelines Reasonable Design Requirement Standard: Program must be reasonably designed to promote health or prevent disease 4 Requirements: 1. Program must have reasonable chance to improve health/prevent disease 2. Program must not be overly burdensome 3. Cannot be subterfuge for violating ADA/employment discrimination laws 4. Chosen methods cannot be highly suspect Examples: OK: HRA/Biometric screening used to alert employees to health risks Not OK: collecting medical info with no follow up/advice 24 24

25 EEOC - ADA Wellness Incentive Guidelines Notice & Confidentiality Requirements Notice Requirement Employer must provide notice to employees (similar to HIPAA rules) about the following: What information will be obtained and how it will be used Restrictions on disclosure and how improper disclosures will be prevented Confidentiality Medical information may only be reported to employer in aggregate form Guidance includes best practices for protecting confidentiality Compliance with HIPAA laws likely = compliance with EEOC proposed regulation under ADA Reasonable Alternative Standard must make reasonable accommodations to allow disabled employees to participate 25 25

26 Questions? Brad Roehrenbeck VP, General Counsel