|
|
|
Legal and Compliance Newsletter - Second Quarter 2007Health Savings Accounts: Cost-of-Living Adjustments and Proposed Guidance
Inflation Adjustments
The U.S. Department of the Treasury and Internal Revenue Service (IRS) issued cost-of-living
adjustments for the 2008 plan year, setting maximum contribution levels for health savings accounts
(HSAs) and out-of-pocket spending limits for high deductible health plans (HDHPs) used in
conjunction with HSAs. Revenue Procedure 2007-36 was released on May 11. After the
Health Opportunity Patient Empowerment Act of 2006, the IRS will release adjustments by June 1 each
year, as indexing is now based on a 12 month period ending March 31 rather than August
31. Consequently, plan sponsors have more time to design their plans and people have more time
to make health care decisions.
Maximum HSA ContributionsFor tax years beginning after December 31, 2006, the maximum HSA
contribution amount is the statutory indexed amount, without reference to the HDHP
deductible. Therefore, for 2007 the maximum annual HSA contribution amount is $2850 for an
eligible individual with self-only coverage; and $5650 for family coverage. For calendar year
2008, the maximum annual HSA contribution is
$2,900 for self-only coverage; and
$5800 for family coverage.
Minimum Deductibles for HSA-Compatible HDHPsFor calendar year 2008, the minimum deductible
for self-only and family HDHP coverage are the same as for the 2007 calendar year. The minimum
deductible is
$1,100 for self-only coverage; and
$2,200 for family coverage.
Maximum Out-of-Pocket Amounts for HSA-Compatible HDHPsFor calendar year 2008, there was a
$100 increase in the out-of-pocket maximum amount for self-only coverage from 2007 calendar year;
and a $200 increase for family coverage. The maximum annual out-of-pocket limit for 2008 is
$5,600 for self-only coverage; and
$11,200 for family coverage.
Proposed Guidance on Comparable Contributions to HSAs
On June 1, Treasury issued proposed regulations on the comparability rules for employers who
make their contributions outside of a section 125 cafeteria plan in situations where employees do
not establish an HSA by year end. In short, if an employee has not established an HSA as of
December 31 of any year, and the employer has chosen to contribute to its employees HSAs, the
employer must make an effort to contribute to all employees’ HSAs uniformly.
Under these proposed regulations, the employer would need to notify the employee that they are
eligible for a contribution by January 15, and inform the employee they will not receive the
employer contribution unless an HSA is established by the end of February. If the employee
establishes the HSA within that timeframe and informs the employer that an HSA has been
established, the employer must make the applicable contribution plus reasonable interested to the
employee’s HSA by April 15. Under federal tax law, an employer who fails to make comparable
contributions to the HSAs of its employees during a calendar year is subject to an excise tax equal
to 35 percent of the aggregate amount contributed by the employer to the HSAs of its employees for
that year.
The proposed regulations also address accelerated HSA contributions for those employees who
incur qualified medical expenses before the entire employer contribution is available. The
proposed rules permit the practice if the accelerated contribution option is made available on an
equal and uniform basis to all eligible employees and supported by reasonable
procedures.
In general, until comparability rules are finalized, employers may choose to meet
comparability requirements by following the 2005 or the 2007 proposed rules, on the advice of
counsel.
Massachusetts Requires a Minimum Level of Health Coverage In an effort to address the issue of uninsured residents, the state of Massachusetts enacted
the Health Care Reform Law in 2006 that requires residents to have a minimum amount of insurance
coverage as of July 1, 2007. To alleviate the cost impact to residents, the State of
Massachusetts requires employers with 11 or more employees working within the state to establish a
Section 125 plan that meets the requirements of IRS Code Section 125. This will enable those
employees to pay for their health coverage under their employer’s group health plan if they satisfy
requisite eligibility requirements or obtain coverage through the Commonwealth Health Insurance
Connector Authority (the Connector) on a pre-tax basis.
Employers Must Comply
All employers who employ 11 or more employees that work within the state must comply with the
Massachusetts law. The July 1
st deadline is fast approaching. Employers who currently offer access to health care
coverage through a Section 125 plan are not required to establish a second Section 125 plan, but
rather, may amend their existing plan. As an alternative, employers may use the model Section
125 plan provided by the Connector. Using the Connector’s model plan is not required, though
if an employer does choose to use it, the employer should review the documents and make the
necessary changes to reflect the employer’s intent. Employers are encouraged to consult with
their tax and/or legal advisor to evaluate options.
(i.e. amend their current Section 125 plan or utilize the model plan
provided by the Connector)
All employers subject to the Massachusetts law must file their Section 125 plan document with
the Health Connector by July 1, 2007. Multi-state and/or international employers with
Massachusetts locations should file only those Plan Documents covering participants working at
Massachusetts locations.
Employers who offer self-funded plans are not exempt. Any employer who does not comply
and establish a Section 125 plan prior to July 1, 2007 will be subject to a “free-rider” surcharge,
which could result in a significant financial penalty. The amount of the surcharge will vary
based upon the number of employees, the utilization of the state’s “free care pool” or the Health
Care Safety Net, total state funded costs and the percentage of employees enrolled in the employer’s
health plan.
Certain Employees May be Excluded
The following classes of employees may be excluded from an employer’s Section 125 plan, as
permitted by the Health Care Reform Act:
Additional Information
More detailed information and model documents regarding the Massachusetts Health Care Reform
Law can be obtained by accessing the Commonwealth Connector’s web-site at
http://www.Mahealthconnector.org. Employers
are encouraged to periodically visit the web-site for updates.
Privacy and Security Today
Fourth Anniversary of the Privacy Rule Passes
The US Department of Health and Human Services, Office for Civil Rights (OCR) recognized the four year anniversary of HIPAA’s Privacy Rule by releasing a new enhanced website. In addition to providing comprehensive information on federal rights and requirements around the protection and control of personal health information, information on compliance and enforcement efforts are now also provided. The website can serve as an important resource for those in the health care industry. www.hhs.gov/ocr/privacy/enforcement. In brief, of the 27,070 complaints received by the OCR, the vast majority of complaints are closed because they are not eligible for enforcement (14,297) and of the complaints that are eligible for enforcement, OCR resolved 4,577 cases through investigation and enforcement activities and no violation was found in 2,203 cases according their April 30, 2007 report. The fourth anniversary of the HIPAA Privacy Rule’s effective date also marked the three year reminder notice for small plans (those with annual receipts of $5 million or less). The HIPAA Privacy Rule requires that health plans remind participants of the availability of the Notice of Privacy Practices every three years at a minimum. The next notice requirement for large health plans is April of 2009. If the plan sponsor modifies the notice, thereby triggering an update to participants, the 3 year notice schedule adjusts accordingly. No matter how a health plan chooses to deliver this triennial reminder notice, it is important for the health plan to be prepared to demonstrate compliance. OCR enforcement action often involves requiring changes to this important Notice of Privacy Practices. Recent Security Guidance May Serve as Basis for New Rulemaking Earlier this year, Centers for Medicare & Medicaid Services (CMS) issued guidance on security incidents involving portable electronic devices such as laptops. Just as risk management needs to drive security policies and procedures of covered entities, as clearly stated by CMS, the frequency of incidents involving laptops has placed the issue on the Department of Health and Human Service’s semi-annual regulatory agenda. The January guidance does not necessarily curtail the flexibility of a health care organization in applying security standards, but rather, sets forth more specific compliance strategies. Guidance can be found at http://www.cms.hhs.gov/SecurityStandard/Downloads/SecurityGuidanceforRemoteUseFinal122806.pdf Security Programs are Imperative The information age mandates security. Standards vary by industry and change constantly with the state of technology. The constant is that the business and regulatory cases for building comprehensive security programs continues to strengthen. As in the case of health information technology (IT), many challenges remain. Regulatory authorities and businesses alike continue to wrestle with issues ranging from legal to procedural matters. Fiserv Health security compliance policies and procedures are changed periodically to keep current with available technologies, regulatory guidance and best practices. Recently, the US Government Accountability Office (GAO) called for a “comprehensive privacy approach” and the “implementation of a strategic plan to guide the nationwide implementation of health IT” (GAO-07-238). On a broader scale, consumer privacy continues to be one of the Federal Trade Commission’s top priorities. To the FTC, in general, not establishing and implementing an effective security program is an unfair trade practice under the Federal Trade Commission Act. As a baseline, the FTC recently published guidance on information security, entitled “Protecting Personal Information: A Guide for Business” which can be accessed at www.ftc.gov/infosecurity. In addition, in recognition of identity theft’s increasing complexity and damaging effects to people, this April the President’s Task Force on Identity Theft, led by the Attorney General and the FTC Chairman, concluded by submitting a strategic plan to combat identity theft. In that report, the problem is characterized as one with “no single cause and no single solution.” The policy results of this report remain to be seen.
The Deficit Reduction Act’s Medicaid Requirements
The Medicaid Integrity Program
The Deficit Reduction Act of 2005 established the Medicaid Integrity Plan under the
Social Security Act and was signed by President Bush in February of 2006. Through the Medicaid
Integrity Program (MIP), Congress provided the Centers for Medicare & Medicaid (CMS) with the
resources to further efforts to identify, recover and prevent inappropriate Medicaid
payments. Congress intended Medicaid to be the payor of last resort and CMS, in partnership
with the States, is now setting a coordinated national strategy in motion that will more fully
support that objective. If a Medicaid beneficiary has another source of health care coverage,
including an employer sponsored plan, that source should pay before Medicaid.
An estimated 13 percent of Medicaid beneficiaries have another source of health care
coverage in a given year, according to a Government Accountability Office (GAO) report of September
2006 (GAO-06-862). Due to third party liability verification problems, Medicaid programs
suffer loss, to the tune of $54 million -- $60 million total across 10 states, according to the
same GAO report. In the past, State Medicaid Directors have struggled verifying private health
care coverage and collecting payments from third parties. The new MIP puts a more proactive
system in place.
Responsible Third Parties
The federal Deficit Reduction Act (DRA) clarifies the third parties legally
responsible for health care claims payment and requires those third parties to provide states with
eligibility and claims data. These requirements apply to health insurers, self-insured plans,
pharmacy benefits managers or other parties that are “by statute, contract, or agreement, legally
responsible for payment of a claim for a health care item or service.” This broad application
effectively addresses any limitations in scope of the requirement by broadly covering parties
involved in the private health care financing system, including third party
administrators.
State Action Required to Implement the MIP
The DRA also requires the States to establish laws and an administrative system
where third parties provide eligibility data so that individuals who are or could be enrolled in
Medicaid programs and have other sources of health care coverage can be identified. State by
state laws and administrative systems are currently being established, not necessarily in that
order. In December of 2006, CMS provided
Guidance on Implementing the DRA Third Party Liability Provisions, which, among other
things, specifically requires States to enact laws to conform with the DRA during the current or
next legislative session after the DRA’s January 1, 2006 effective date. Therefore, it can be
expected that in the near term these state laws will be in place nationwide.
Eligibility data matching activities being set in motion by the States often involve private
organizations contracted to perform the data gathering and matching functions on their
behalf. States may have one or more contractor or they may do the work themselves, so requests
for eligibility data could come from multiple sources. Health plans are permitted to release
data as required by law and to properly authorized individuals and entities under federal HIPAA
Privacy Rules.
Private Payor Implementation
The State DRA enabling statute needs to be followed under applicable privacy and security
standards. The general guideline Fiserv Health follows is to, upon request, release resident
eligibility data to the State or to its authorized agent(s) as required by state law. Fiserv
Health is technologically prepared from a format, content and security standpoint to submit the
data as required.
Third Party Liability System to Position Medicaid as the Payor of Last Resort
States, or entities under contract with State agencies, may use the data obtained from private
payors through these eligibility data matching activities for purposes of coordinating payments for
services covered under the State’s Medicaid program; to ensure that correct payment amounts under
the Medicaid program are made; and to recover mistaken payments that may have been made under
federal statutes. The objective is for States to be able to readily identify third party
liability, thus reducing the need to effect recovery processes, which in the end should address
many of the administrative difficulties reported by state officials.
Third parties must respond to inquiries regarding claims submitted within 3 years from the
date on which the item or data was furnished, consistent with the DRA and the state enabling
statute. The authority for state Medicaid Programs to pursue third parties for recovery
already exists and the ability for states to collect from responsible third parties has been
strengthened legislatively in the past. The DRA’s MIP essentially addresses the problems
identified above that have persisted.
Should it be a “Wrap”? Many different combinations of benefit documents may be referred to as a “wrap document”.
Some plan sponsors attempt to minimize ERISA administrative requirements, so they create a
wrap plan where all ERISA benefit plans are wrapped into one. Ultimately this means one plan
for reporting purposes. Alternatively, a plan sponsor who wants to better ensure language
consistency for common benefit plans (such a medical, vision and dental) may choose to “wrap”
several different plans together in booklet form, but still maintain separate plans from a
reporting perspective.
While the ability to take all or some of your benefit plans and wrap them into one document
may sound appealing, there are several factors plan sponsors should consider when weighing whether
or not to transition to a wrap document. Plan sponsors who are considering wrap documents
should first determine their objectives, and then carefully craft the document while continually
reviewing for possible unintended consequences. Below are just a few factors to take into
account when considering a wrap document.
Procedures and Cost
Regulatory
Legal
Genetic Information Nondiscrimination Act of 2007 (GINA)
Passes the US House
As progress is made in understanding the linkage between genetics and disease, persons with
genetic diseases, their advocates, researchers and Members of Congress have renewed the call for
the enactment of legislation to improve the privacy of genetic information.
While the issue of genetic privacy is not new and pre-dates the enactment of HIPAA, there is a
chance that new legislation governing genetic information will soon be adopted by this Congress.
The House of Representatives has overwhelming approved genetics legislation
(H.R. 493) and the bill has been placed on the Senate calendar. President Bush has indicated
that he will sign the measure into law. This brief is intended to provide background
information on the proposed legislation to Fiserv Health customers.
Overview
GINA contains two Titles. Title I creates rules barring group health plans and insurers
from using genetic information for setting premiums or contributions. Title I also creates new
confidentiality protections for genetic information. Title II of the bill bars unlawful
employment discrimination with respect to compensation and terms and conditions of employment based
on the use of genetic information. This brief will focus on the group health plan provisions
contained in Title I of the bill.
HIPAA’s Limited Protections for Genetic Information
HIPAA’s nondiscrimination provisions partially protect an individual’s genetic
information. Those amendments prohibit group health plans or issuers from discriminating
against an individual in the group health plan setting in terms of eligibility or premium or
contribution amounts based on the individual’s genetic information. HIPAA also excluded
genetic information, in the absence of a diagnosis, from its definition of pre-existing condition
exclusion.
These limitations, however, only apply to the group insurance market. HIPAA did not
address use of genetic information in the individual market. While there are state laws
governing the individual market, those law vary considerably with regard to restrictions on using
genetic information to set premiums or determine eligibility. Finally, HIPAA does not prohibit
an insurance company from using genetic information to increase premiums for a group health plan as
a whole, based on the genetic information of an individual in that group.
GINA Builds Upon Existing Law
HIPAA’s nondiscrimination provisions prevent group health plans from using “genetic
information” for purposes of eligibility determinations or premium contributions. GINA expands
the current law by creating new protections for “genetic services.” “Genetic services” are
defined to include a range of activities, such as the act of requesting a genetic test, counseling
or education. The bill extends protections to these activities to address concerns that a
group health plan might assume that a person has a genetic disorder, such as Huntington’s disease,
because the participant or a family member has received a test for the disease.
The goal is to encourage individuals to utilize genetic services without having
to fear the consequences.
While HIPAA prevents individuals in a group from being charged higher contributions or
premiums based on genetic information than for similarly situated individuals, there is no such
protection in current law for the group as a whole. GINA addresses this situation by preventing
insurance companies offering coverage to a group health plan from adjusting premium or contribution
levels for a group on the basis of genetic information.
GINA also places restrictions on a group health plan’s ability to request or require that an
individual take a genetic test. The provision is intended to protect plan participants from
actions that would allow a group health plan to obtain information to be used for purposes of
insurance discrimination. Under the bill, a health care professional may request, but may not
require, that an individual undergo a genetic test. Similarly, health care professionals that
are part of a bona fide wellness program may notify an individual about the availability of a
genetic test and provide information about the test. They may not, however, request or require
that the individual take a genetic test.
Scope of GINA Reforms
Congress intended that GINA’s nondiscrimination provisions apply to all group health
plans. This means that the law contains parallel provisions so that it covers virtually all
private and public sector group health plans. Note that the Act’s nondiscrimination provisions
would apply to small group health plans with less than two employees, as well as plans that provide
benefits solely to retirees. The privacy and confidentiality provisions, on the other hand,
will only apply to those group health plans that are currently covered by the HHS privacy
regulation. This means that self administered plans with less than 50 employees are not
covered by the new law.
Although this brief is focused on GINA’s impact on the group health plan market, the bill
would also make changes in the individual health insurance market. As previously mentioned,
HIPAA did not address the use of genetic information for eligibility purposes and premium setting
purposes in the individual market. GINA creates, for the first time, uniform federal rules
restricting the use of genetic information for eligibility and premium setting purposes in the
individual market.
Confidentiality
The HHS privacy rule generally covers genetic information. The health care operations
provision of the privacy rule, however, contains an exception from the general rule in the case of
insurance underwriting and rating. The privacy regulations allow, without prior consent, the
disclosure and use or genetic information when it will be used for premium rating, underwriting or
renewing of a contract for coverage for insurance. GINA addresses this exception and prohibits
group health plans from using genetic information for these purposes.
While GINA generally prohibits group health plans from collecting genetic information, as in
the case of underwriting, the law recognizes that there will be limited instances where group
health plans will be able to collect genetic information. For example, a group health plan
will have family history information about a family member on hand at the time it enrolls a new
family member in the group health plan. Similarly, a group health plan may incidentally
collect genetic information on a medical questionnaire or medical history. These collections
of genetic information are acceptable provided they are not used for purposes of
underwriting.
Enforcement
GINA contains two primary enforcement mechanisms. First, Congress relies on ERISA’s
existing enforcement provision, section 502, and authorized private rights of action to enforce the
provisions of the new law. The Act also provides the Secretary of Labor with the ability to
impose civil penalties in the amount of $100 per day for each individual a plan was
non-compliant. Plans that fail to make corrections within the specified time frames may be
subject to penalties of up to $2,500 per day. A penalty of $15,000 may be applied if a
violation is more
than de minimus.
Legislative Outlook GINA is being viewed as a balanced bill that does
not unnecessarily restrict the use of information needed to promote health care
decision-making. For example, under the bill, group health plans will still have access to the
results of genetic tests for payment purposes or for working with providers in determining the best
course of treatment for a patient. The primary areas of disagreement appear to be with respect
to the enforcement provisions contained in Title II (employment.) Fiserv Health will continue
to monitor GINA as it makes its way through the legislative process.
|