Focus on the Year Ahead
Maintaining your organizational wellbeing requires a broad view of all the factors that impact your ability to achieve business objectives. But from that broad view, looking from different angles can help identify where your organization's areas of opportunity — and exposure to risk — lie, especially when it comes to legislative compliance. That's where Priorities and Perspectives comes in. By helping you look at your compliance risks from a different angle, focusing in or zooming out, you'll gain a new frame of reference on your key priorities. Check out the action steps below to help you focus your employee benefits compliance efforts in the year ahead.
- Prioritize HIPAA compliance for your health benefits. As of November 30, 2019, the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) had received over 223,135 HIPAA complaints and initiated over 987 compliance reviews. OCR has investigated and resolved over 27,494 cases by requiring changes in privacy practices and corrective actions by, or providing technical assistance to, HIPAA covered entities and their business associates. Corrective actions obtained by OCR from these entities have resulted in change that is systemic and that affects all the individuals they serve. OCR has successfully enforced the HIPAA rules by applying corrective measures in all cases where an investigation indicates noncompliance by the covered entity or its business associates. OCR has settled or imposed a civil money penalty in 72 cases resulting in a total dollar amount of $111,705,582.00. From the compliance date to the present, the compliance issues most often alleged in complaints are, compiled cumulatively, in order of frequency: (1) impermissible uses and disclosures of protected health information; (2) lack of safeguards of protected health information; (3) lack of patient access to their protected health information; (4) lack of administrative safeguards of electronic protected health information; and (5) use or disclosure of more than the minimum necessary protected health information. With potential penalties as high as $1.75 million per violation, failure to address HIPAA compliance may have a significant impact on an organization. Core HIPAA compliance includes maintaining written policies and procedures, conducting periodic training, and periodically addressing the risk associated with electronic protected health information through a Security Risk Analysis. How does your ongoing HIPAA Privacy and Security compliance reduce the risk that you'll be caught in the crosshairs of an OCR investigation or audit?
- Review your health benefits for mental health parity compliance. Both the federal government and state governments are increasing their enforcement of mental health parity requirements. The Employee Benefits Security Administration (EBSA) within the Department of Labor (DOL) enforces compliance with the Mental Health Parity and Addiction Equity Act (MHPAEA) for plans subject to ERISA. In addition, HHS and State Attorneys General also have enforcement authority. Thus, employer-sponsored health plans may find themselves subject to enforcement activity by either federal or state authorities. For example, EBSA recently reported that it completed 115 mental health parity investigations in 2018 and found significant violations in six categories — annual dollar limits; aggregate lifetime dollar limits; provision of benefits in all six permitted classifications; cost-sharing requirements; treatment limitations (including non-quantitative treatment limitations (NQTLs)); and cumulative financial requirements and quantitative treatment limitations (QTLs). In addition, EBSA investigated other ERISA violations (such as claims processing and disclosure violations) affecting mental health and substance use disorder benefits. Those violations resulted in penalties in the tens of thousands of dollars. In addition, over 100 lawsuits have been filed in recent years challenging coverage denials for residential and other treatment facilities, medical necessity criteria and guidelines, provider reimbursement rates, and treatment limitations that would be NQTLs.
- Be proactive with your plans for the impact of mandated state leave. Beginning in 2019, Washington, D.C., and eight states, including California, New Jersey, New York, Rhode Island, Massachusetts, Washington, Connecticut, and Oregon, implemented statutorily mandated paid family or medical leave benefit programs. These mandated benefits are intended to partially or fully compensate for time away from work due to family caregiving, such as birth or adoption of a child or a serious illness of a family member or for the individual's own serious illness. The laws of each jurisdiction vary and, therefore, employee eligibility, benefit levels, contribution amounts, and administrative compliance responsibilities vary by jurisdiction. While momentum is building at the federal level for a federal-paid leave initiative, employers operating in multiple states with paid leave laws are nonetheless faced with decisions on whether to adopt the most generous leave across all operations or have state-specific leave policies. Either choice is likely to create administrative issues. However, employers must be aware of the various requirements in the states where they operate. Furthermore, employers must assess how employee benefits coverage is impacted by state-mandated leave. How do state-mandated leave laws impact your employee benefits coverage
- Assess how surprise billing impacts your workforce. At least 28 states have passed legislation addressing "surprise medical billing." Surprise medical billing typically arises when an individual with health insurance goes to a hospital during an emergency and that hospital is out-of-network, or when a patient goes to an in-network hospital, but is treated by a doctor or medical provider who is not in-network. Sometimes insurance companies and medical providers do not agree on the cost for that care, and patients end up with a hefty medical bill for the difference between what the insurance company will pay and what the provider or doctor bills. Surprise billing can be a significant concern to employers because hefty medical bills can negatively impact the financial and emotional wellbeing of their workforce. Employers can work with their insurance companies or third-party administrators to educate employees about steps to take after receiving a surprise bill and to assist with negotiations over bills. But first, employers need to know how widespread such an issue may be for their workforce. How can your organization proactively help employees and their families with surprise medical bills?
- Continue your ACA coverage reporting efforts. After the Tax Cuts and Jobs Act (Act) effectively eliminated the Individual Mandate under the Patient Protection and Affordable Care Act (ACA) by reducing the penalty for noncompliance to $0, several states and the District of Columbia passed legislation creating individual mandates at the state level. As of January 1, 2020, Washington, D.C., Massachusetts, New Jersey, Vermont, California, and Rhode Island have enacted individual mandate legislation. As with the ACA's Individual Mandate, local mandates may result in expanded coverage for employees in those states. This may result in an increase in the overall costs for employers offering employer-sponsored coverage, but a healthier work population may counterbalance that increase. Employers will also likely to be subject to continued reporting obligations in those jurisdictions. Fortunately, most of the current jurisdictions accept Forms 1094 and 1095 for state reporting purposes. However, the timing of those reports may differ from the federal requirements. What coverage reporting obligations apply to your organization in addition to meeting the ACA filing and employee furnishing deadlines for Forms 1094 and 1095?
This is a preview of Priorities and Perspectives. For five more action steps to help you focus your employee benefits compliance efforts in 2020, contact your Gallagher representative or the subscribe button and receive the full version of Priorities and Perspectives monthly.
Compliance is a series of actions, not a final destination. As a trusted advisor, Gallagher has developed this Priorities and Perspectives series to help you pursue a path through employee benefits compliance issues as part of an overall continuing compliance plan. Employers should carefully evaluate their health and welfare plans to determine if they are in compliance with both federal and state law. If you have any questions about one or more of the compliance destinations listed above, or would like additional information on how Gallagher constantly monitors laws and regulations impacting employee benefits in order to support employers in their compliance efforts, please contact your Gallagher representative.
The intent of this analysis is to provide you with general information. It does not necessarily fully address all your organization's specific issues. It should not be construed as, nor is it intended to provide, legal advice. Questions regarding specific issues should be addressed by your organization's general counsel or an attorney who specializes in this practice area.