Enter your email address to receive new posts in your inbox:

Delivered by FeedBurner


Like what you see? Share!

Our Attorneys

DISCLAIMER: This blog is published for general information only - it is not intended to constitute legal advice and cannot be relied upon by any person as legal advice.  U.S. Treasury Regulations require us to notify you that any tax-related material in this blog (including links and attachments) is not intended or written to be used, and cannot be used, for the purpose of avoiding tax penalties, and may not be referred to in any marketing or promotional materials.  While we welcome you to contact our authors, the submission of a comment or question does not create an attorney-client relationship between the Firm and you. 

Entries in Health Plans (62)


Enhanced Penalties and Stiffer Enforcement for HIPAA Violations

In our two prior posts concerning the Final Omnibus Rule under HIPAA we focused on changes to the breach notification requirements and rule changes affecting business associates.  We now turn to the augmented penalty and enforcement provisions incorporated in the Final Rule.  Many commentators have perceived stepped up enforcement activity by the U.S. Department of Health and Human Services (“HHS”) and the changes in the penalty and enforcement provisions suggest that there will be much more of that to come.

Click to read more ...


Are You Ready for a HIPAA and ACA Audit?

It’s no secret that the Office of Civil Rights of the Department of Health and Human Services has been expanding its enforcement activity under the privacy and security standards of HIPAA.  And it’s not surprising that enforcement activity is in the offing under the Affordable Care Act as well, and at more than one federal agency.  But be advised that the Department of Labor appears to be pursuing its own robust approach to group health plan examinations, covering the HIPAA portability requirements, wellness programs, and Affordable Care Act compliance.  

Here is a copy of the document request that one of our clients recently received to kick off a DOL examination that will include an on-site visit.  Note that the HIPAA-related items focus on the portability and discrimination aspects of HIPAA, with questions about special enrollment rights, Certificates of Creditable Coverage, the provision of required notices, and the like.  The DOL has also requested materials regarding wellness programs to assess compliance with the wellness program requirements of the HIPAA regulations (particularly as they relate to standards-based programs).  The Affordable Care Act questions focus on documents that would be relevant to establish and support grandfathered status, the provision of certain mandated benefits, and related notices and disclosures.  Although not specified in the document request, the time frame under review generally is 2010 through 2012 (except as otherwise noted).

In the audit context, an employer that adheres to sound documentation and recordkeeping practices will be rewarded, and a timely and comprehensive response to the pre-examination document request is the best way to start an audit going in the right direction.  In this case, the documents requested by the DOL should be relatively easy to produce from internal records or obtain from third party administrators (or other consultants).  For that reason, a failure to provide any of these documents (to the extent applicable to the subject plan) could be taken by a DOL investigator as an indication of an employer’s poor compliance status.

On the theory that to be forewarned is to be forearmed, we commend the attached list to your attention.


Final Omnibus Rules Under HIPAA Will Affect Business Associate Arrangements

In a previous post about the new Final Omnibus Rule under HIPAA, we highlighted important changes regarding the process by which potential privacy breaches must be evaluated and classified for notification purposes.  As we observed in that post, changes that have been characterized by the Office of Civil Rights (“OCR”) of the Department of Health and Human Services as “modifications and clarifications” can have far reaching legal compliance implications for covered entities, including employer sponsored group health plans.  We now turn to rule changes affecting business associates and the legal relationships between business associates and employer sponsored group health plans.  Plan sponsors certainly will need to take actions to respond to the Final Rule, but the new rules have a particularly significant impact on the legal obligations of business associates.

Click to read more ...


HHS Makes Significant Changes to HIPAA Breach Notification Rules

Three years ago, almost to the day, we posted the first of a two part analysis of the Interim Final Rules published by the U.S. Department of Health and Human Services (“HHS”) governing the HIPAA privacy breach notification requirements.  We now return to that subject in light of the recent publication (January 25, 2013 in the Federal Register) by HHS of a set of Final Omnibus Rules under HIPAA.  The Final Rules cover four distinct areas:  (1) privacy and security standards regarding protected health information (“PHI”); (2) enforcement and penalties; (3) breach notification requirements; and (4) final implementation of the Genetic Information Nondiscrimination Act of 2008 (“GINA”).  The Final Rules take effect March 26, 2013, and covered entities and business associates have 180 days (until September 23, 2013) to comply.  While the Final Rules make some substantial revisions to the prior rules in all four areas, the changes to the breach notification rules are perhaps the most significant.

Click to read more ...


Working with the New Annual Limit on FSA Contributions

The Patient Protection and Affordable Care Act modified the rules relating to cafeteria plans to impose a new $2,500 annual limit on the amount that an employee may elect to contribute to a health flexible spending account (“health FSA”), effective January 1, 2013.  The modification came in the form of new Section 125(i) of the Internal Revenue Code, and the IRS recently issued Notice 2012-40 to explain the new rules.  Many of our clients have asked us to explain how the new $2,500 limit will work. 

Click to read more ...