Compliance Corner Archives

The IRS recently released the 2019 Instructions for Form 8994: Employer Credit for Paid Family and Medical Leave. Employers who provide family and medical leave to their employees may complete Form 8994 in order to claim a credit for tax years 2018 and 2019. In order to claim the leave, employers must have a written policy that provides at least two weeks of paid leave to full-time employees (prorated for part-time employees), and the paid leave must be at least 50% of the wages normally paid to the employee.

Family and medical leave, for purposes of this credit, is leave granted by the employer in accordance with written policy for one or more of the following reasons:

• Birth of an employee’s child and to care for the child
• Placement of a child with the employee for adoption or foster care
• To care for the employee’s spouse, child, or parent who has a serious health condition
• A serious health condition that makes the employee unable to do the functions of their position
• Any qualifying exigency due to an employee’s spouse, child, or parent being on covered active duty (or having been notified of an impending call or order to covered active duty) in the Armed Forces
• To care for a service member who’s the employee’s spouse, child, parent, or next of kin

The credit is a percentage of the amount of wages paid to a qualifying employee while on family and medical leave for up to 12 weeks per taxable year. The applicable percentage falls within a range from 12.5% to 25%. In certain cases, an additional limit may apply. An employer can claim credit only for leave taken after the written policy is in place, and the credit is scheduled to expire for tax years beginning after 2019.

Employers seeking to claim this credit should work with their accountants or tax professionals to do so.

2019 Instructions for Form 8994 »

On November 26, 2019, the IRS provided an early release draft of the 2020 IRS Publication 15-B, the Employer’s Tax Guide to Fringe Benefits. This publication provides an overview of the taxation of fringe benefits and applicable exclusion, valuation, withholding, and reporting rules.

As background, the IRS modifies Publication 15-B each year to reflect any recent legislative and regulatory developments. Additionally, the revised version provides the applicable dollar limits for various benefits for the upcoming year. As standard procedure, the IRS releases a preliminary draft of the updated guide prior to final publication.

Among the changes for 2020 is a new Form 1099-NEC. The Form 1099-NEC will be used to report nonemployee compensation paid in 2020 and will be due on February 1, 2021. However, employers reporting nonemployee compensation paid in 2019 should continue to use Form 1099-MISC, which is due January 31, 2020.

With respect to 2020 annual limits, the monthly exclusion for qualified parking is $270 and the monthly exclusion for commuter highway vehicle transportation and transit passes is $270. For plan years beginning in 2020, the maximum salary reduction permitted for a health FSA under a cafeteria plan is $2,750.

Employers should be aware of the changes reflected in the early release of the fringe benefits guide. The IRS is accepting comments regarding the proposed publication. Accordingly, employers should also recognize that some changes to the released draft may occur prior to finalization.

Publication 15-B »

The DOL recently released model disclosures in relation to the proposed Transparency in Coverage rule, which was issued on November 15, 2019. (We discussed this rule in the November 26, 2019, edition of Compliance Corner.) These model disclosures are designed to assist employer sponsored group health plans (including self-insured plans) and issuers in meeting the new cost-sharing disclosure requirements.

As explained in our previous article, the proposed rule involves two new approaches to promote greater price transparency in the health care system. First, a plan or issuer would be required to provide an individualized estimate of a participant’s cost sharing responsibility for a covered item or service. Second, these entities would be required to publicly disclose negotiated rates for in-network providers and historical out-of-network allowed amounts in standardized files on their website.

The Transparency in Coverage Model Notice (Appendix 1) is designed to illustrate the first obligation to provide a customized participant cost summary upon request. The proposed format includes sections for key terms and explanations of prerequisites or limitations applicable to the cost-sharing estimate. The model language is designed to be incorporated in a website self-service tool or in paper format. Although use of the model is encouraged, modifications and additions are permissible. However, any changes must be consistent with the proposed rule’s content and plain language requirements.

With respect to the second approach, the Negotiated Rate Machine-Readable File Data Elements (Appendix 2) provides a model for posting in-network provider negotiated rates through a machine readable file on the internet. The proposed data elements to be included on the file include the publishing entity, plan and provider information, and specifics regarding the negotiated rates and covered services. Similarly, the Allowed Amount Machine-Readable File Data Elements (Appendix 3) is intended as an example for the required disclosure of out-of-network allowed amounts. The proposed data elements would include detailed historical information, such as a list of the allowed dollar amount for each unique out-of-network covered item or service during a 90 day period beginning 180 days prior to the file’s publication date.

Employers may want to review these model disclosures in conjunction with the underlying proposed Transparency in Coverage rules. However, it is important to recognize that the rules are not currently in effect. Accordingly, changes may occur (which could also affect the model disclosures) prior to finalization.

Transparency in Coverage Model Notice »
Negotiated Rate Machine-Readable File Data Elements »
Allowed Amount Machine-Readable File Data Elements »

On November 15, 2019, the Departments of Health and Human Services (HHS), Treasury, and Labor (the "Departments") released the Transparency in Coverage proposed rule that imposes new cost-sharing disclosure requirements upon employer sponsored group health plans and health insurers. The proposal followed Executive Order 13877, issued on June 24, 2019, which instructed the Departments to determine how health plans, insurers, and providers should make information regarding out-of-pocket health care costs more accessible to consumers.

As background, the Trump administration has focused on promoting greater price transparency in order to provide individuals with necessary cost-sharing data to make informed health care decisions. Under recently issued final rules effective in 2021, hospitals will soon be required to disclose standard charges for products and services, including negotiated rates with insurers. The Transparency in Coverage proposed rule builds upon these regulatory initiatives and is applicable to non-grandfathered group health plans (including self-insured plans) and health insurance issuers. Account-based plans such as health reimbursement arrangements and flexible spending accounts would not be subject to the new requirements.

The proposed rule encompasses two approaches. First, the health plans and issuers would be required to make personalized out-of-pocket cost information for all covered health care items and services available through an online self-service tool and in paper format (upon request). This individualized disclosure is designed to provide participants with estimates of their cost-sharing liability with different providers, allowing them to better understand and compare health care costs prior to receiving care. The format could be similar to an Explanation of Benefits and would include actual negotiated rates, out-of-network allowed amounts, real-time accumulated amounts towards deductibles and out-of-pocket maximums and treatment limitations. Any prerequisites for coverage, such as prior authorization, would also need to be referenced. The rules do not require disclosure of balance billing amounts for out-of-network providers, but provide for a disclaimer to alert participants of a potential balance bill.

Second, these entities would be required to publicly disclose negotiated rates for in-network providers and historical out-of-network allowed amounts in standardized files on their website. These machine-readable files would need to be updated regularly, and are intended to encourage price comparison and innovation.

Additionally, the proposal offers medical loss ratio (MLR) credits to insurers that offer new plans that encourage participants to shop for lower-cost, higher-value providers and share in the resulting savings. According to HHS, this provision was included to ensure that issuers would not be required to pay rebates for innovative plan designs that benefit participants, but are not currently factored into the MLR calculation.

The Departments are seeking public comments regarding all aspects of the proposed rule. They are also formally requesting information on whether to require price and cost-sharing information to be included in a publicly available forum through the use of certain technology that enables software to connect and exchange information. In addition, feedback is sought regarding whether provider quality measurements should be required with the cost-sharing information.

These disclosure obligations are proposed to apply to plan years beginning one year from or following finalization of the rule. However, the MLR provision would be applicable beginning with the 2020 MLR reporting year.

Employers should be aware of the proposed rules and new requirements. They also may want to discuss the potential disclosure obligations with their insurance carriers and/or third party administrators. However, it is important to understand that no immediate changes are necessary because the proposed rule is not currently in effect and may be modified prior to finalization. Additionally, some carriers may challenge the requirement to disclose negotiated rates, which they consider to be confidential information.

Transparency in Coverage Proposed Rule »

On November 18, 2019, several agencies (DOL, IRS, and PBGC) published advance copies of the 2019 Forms 5500, and several related schedules. There are no major changes to the forms or schedules, but there are some modifications that are worth noting:

1. Form 5500, Line 2d: The instructions provide additional clarifications on reporting the plan sponsor’s code for multi-employer plans.
2. Schedule H, Part III (relating to the Accountant’s Opinion): The instructions have been revised to align with the language in the related, generally accepted auditing standards, AU-C 700, Forming an Opinion and Reporting on Financial Statements, and AU-C 705, Modifications to the Opinion in the Independent Auditor’s Report.
3. Administrative Penalties: The instructions reflect the updated increased penalty amount at $2,194 per day (as the maximum civil penalty amount assessed under ERISA, which is applicable for civil penalties assessed after January 23, 2019, for violations that occurred after November 2, 2015).
4. Schedule SB Mortality Tables: Line 23 was revised to eliminate mortality table options that are not available after 2018.
5. Schedule R: A new line 20 has been added to help gather information related to PBGC reporting requirements resulting from unpaid minimum required contributions (only PBGC-insured single employer plans are required to provide this additional information).
6. Form 5500-SF: Related to Schedule R, a new line 11b has been added to Form 5500-SF which parallels the new Schedule R, line 20, for PBGC-insured, single-employer plans that file the Form 5500-SF instead of the Form 5500.

Importantly, the advance copies are informational only, and they cannot be used to file a 2019 Form 5500 or schedule. The agencies will eventually finalize the forms for actual use; when those forms are finalized, we will announce it in Compliance Corner. So, for now, there is nothing for employers to do other than familiarize themselves with the advance copy forms and changes.

Advance Copies of 2019 Form 5500 and Related Schedules »
DOL News Release »

On November 6, 2019, the IRS published Revenue Procedure 2019-44, which relates to certain cost-of-living adjustments for a wide variety of tax-related items, including health FSA contribution limits, transportation and parking benefits, qualified small employer health reimbursement arrangements (QSEHRAs), penalties for ACA reporting, the small business tax credit, and other adjustments for tax year 2020. Those changes are outlined below.

• Health FSAs: For plan years beginning in 2020, the annual limit on employee contributions to a health FSA will be $2,750 (up $50 from 2019).
• Transportation/Commuter Benefits: For 2020, the monthly limit on the amount that may be excluded from an employee’s income for qualified parking increases to $270 (up $5 from 2019), as does the aggregate fringe benefit exclusion amount for transit passes.
• Adoption Assistance: For 2020, the maximum amount an employee may exclude from their gross income under an employer-provided adoption assistance program for the adoption of a child is $14,300 (up from $14,080 in 2019).
• QSEHRAs: For 2020, the maximum amount of reimbursement under a QSEHRA may not exceed $5,250 for self-only coverage and $10,600 for family coverage (an increase from $5,150 and $10,450, respectively, in 2019).
• ACA Employer Reporting Penalties: For 2020 employer mandate reporting (Forms 1094/95-C filed in early 2021), the penalties for failure to report will be $280 per return, with a maximum of $3,392,000 (up from $270 per return and a $3,275,000 per calendar year maximum for 2019 returns).
• Small Business Tax Credit: For 2020, the average annual wage level at which the credit phases out for small employers is $27,600 (up $500 from 2019). The maximum credit is phased out based on the employer’s number of full-time equivalent employees in excess of 10.

Employers with limits that are changing (such as for health FSAs, transportation/commuter benefits, and adoption assistance) will need to determine whether their plan documents automatically apply the latest limits or must be amended (if desired) to recognize the changes. Any changes in limits should also be communicated to employees.

Revenue Procedure 2019-44 »

On October 17, 2019, the IRS issued a Program Letter outlining its compliance strategies and priorities for fiscal year 2020. Employee benefits-related issues they will focus on include:

• Determining whether fringe benefits are properly taxed for FICA and income tax withholding
• Contacting employer plan sponsors who fail to file a Form 5500
• Examining 403(b) and 457 plans for compliance related to universal availability, excessive contributions, catch-up contributions under IRC Section 414(v) (for 403(b) plans), and the proper use of the special three-year catch-up contribution rule (for 457 plans)
• Continuing to pursue referrals received from internal and external sources that allege possible noncompliance by a retirement plan

While it may be helpful for employers to see the areas where the IRS will focus their enforcement efforts in fiscal year 2020, compliance in all areas related to employer-sponsored plans should always be a priority. If you have any questions related to your plan’s compliance, please contact your advisor for assistance and resources.

Program Letter »

On September 30, 2019, the IRS proposed regulations regarding the application of the ACA’s employer shared responsibility provisions (also known as the employer mandate) to HRAs integrated with individual health insurance coverage or Medicare, known as individual coverage HRAs (ICHRAs). The guidance also addressed the application of the self-insured plan (Section 105(h)) non-discrimination rules to ICHRAs. The proposed rules supplement the June 2019 final regulations, which permitted the use of ICHRAs effective January 1, 2020, and subsequent related guidance under IRS Notice 2018-88.

As background, an HRA is an employer-funded, account-based group health plan that allows for payment of employee medical expenses on a tax-advantaged basis (the HRA reimbursements are not included in the employee’s gross income). In order to comply with the ACA mandates applicable to group health plans, such as the prohibition against annual or lifetime limits for essential health benefits and the provision of preventive care without cost sharing, HRAs previously needed to be integrated with an ACA compliant group health plan. This meant that stand-alone HRAs were generally prohibited. However, the June 2019 final rules introduced the ICHRA, which allowed for the integration of HRAs with individual health insurance coverage, provided certain conditions are satisfied.

Applicable large employers (those with 50 or more full-time employees, including full time equivalents) during the preceding calendar year) that sponsor ICHRAs must still satisfy the ACA employer shared responsibility mandates to avoid tax penalties. The penalties can arise if an employee receives a premium tax credit through the ACA marketplace because he or she was not offered employer-sponsored MEC that is of MV and is affordable. To avoid penalties, the employers must offer such coverage to at least 95% of full-time employees and their children until age 26. The IRS has indicated that an employer’s offer of an ICHRA is an offer of MEC. Satisfying the affordability condition is more challenging.

Prior IRS guidance provided that an ICHRA is deemed affordable if the benefit makes the lowest cost individual silver policy in an ACA exchange rating area affordable to an employee who resides there. By definition, the silver plan would cover at least 70% of required costs and thus also meet the minimum value standard. ICHRA coverage is considered affordable if the employee's required monthly contribution (that is, premium cost-HRA benefit) does not exceed 9.78% (for 2020) of the employee's household income. When determining affordability for employer mandate purposes, an employer can use any of the previously established safe harbors (specifically, Form W-2 wages, rate of pay, and federal poverty line), provided that the application is uniform and consistent for any acceptable classification of employees.

However, the previous guidance failed to adequately address the inherent complexities of applying the affordability requirement to a diverse employee group, whose members would be purchasing individual coverage. For example, employees could reside in different rating areas, so premiums for the lowest cost silver plan could vary dramatically. Costs could also differ based upon ages of the employees themselves. Additionally, the premiums for the lowest cost silver plan on the exchange are typically not known until October, which makes it difficult for employers to plan and fund for ICHRAs prior to the start of the plan year.

In an effort to address these concerns, the new proposed regulations provide optional safe harbors and clarification regarding the affordability determination. First, the guidance provides a location safe harbor for ascertaining the lowest cost silver plan. This safe harbor allows an employer to use the ACA rating area for an employee’s primary site of employment instead of the employee’s residence. The primary site of employment is the location where the employer reasonably expects the employee to perform services as of the first day of the ICHRA plan year (or coverage date, if later). For remote workers, the location would be the site from which they actually work, unless they are required to periodically report to the employer’s work site, which would then be considered the employee’s primary site. A permanent change in employee work sites must be taken into account for affordability purposes by the first day of the second month following the employee’s relocation.

Second, the IRS declined to provide an age-based safe harbor. The IRS was concerned that employees older than a set safe harbor age may not find their cost of coverage affordable and receive tax credits on the exchange, although the employer would be deemed to have satisfied the affordability mandate. However, for a particular rating area, an employer is permitted to use the lowest cost silver plan for employees in the lowest age bracket as the base plan for determining affordability. For older employees, the employer could then use the price of that plan for the applicable age bracket to determine affordability (regardless of whether a less expensive silver plan was available for the age group). The guidance also clarifies that for affordability purposes, an employer should use the employee’s age on the first day of the plan year (or his or her date of coverage, if later).

Third, the proposed rules introduce a look-back month safe harbor that allow employers with calendar year ICHRAs to base the monthly cost of the cheapest silver policy for a year on the cost of that policy as of the first day of the previous year. So, an employer offering an ICHRA with a plan year beginning January 1, 2020, could use the exchange rates as of January 1, 2019. Non-calendar year plans could use the rates as of January 1 of the current year.

Fourth, the IRS emphasizes that an employer electing to use any of the optional safe harbors must apply the chosen method uniformly and consistently for all employees in a class. The permitted classes are as specified in the June 2019 final ICHRA rules, which include salaried vs. hourly; full time vs. part time; bargaining unit vs. non-bargaining unit; seasonal vs. regular; and employees in one rating area, state, or region vs. another. The guidance also confirms that employers can report employee required contributions (for Forms 1094-C and 1095-C) based upon the safe harbors and that premiums for affordability purposes do not need to reflect tobacco surcharges or wellness incentives, unless the wellness program incentive relates exclusively to tobacco use, in which case the incentive is treated as earned. Additionally, the proposed rules allow employers to rely upon the accuracy of the premium information made available by the government marketplace.

Finally, the IRS provides clarification regarding the application of the Section 105(h) nondiscrimination rules to ICHRAs. These rules generally apply to self-insured health plans and prohibit discrimination in favor of highly compensated individuals (HCIs), which include the five highest paid officers, more-than-10% shareholders/owners and the highest-paid 25% of all employees. However, if an ICHRA only reimburses insurance premiums (and not other medical expenses), it is treated as an insured plan and not subject to the Section 105(h) rules. The rules propose two nondiscrimination safe harbors. First, the maximum ICHRA contribution can vary within a class of employees if the variation applies under the same terms to all within the class, and between classes if each class is a permitted class under the ICHRA rules. Second, ICHRA designs can vary contributions based upon family size and age (provided the maximum contribution for the oldest participant does not exceed three times the amount for the youngest participant), without the plan automatically being deemed as discriminatory. However, the guidance notes that an ICHRA that is not discriminatory in design could still fail the Section 105(h) test, if HCIs actually benefit disproportionately to non-HCIs.

Employers who are considering adopting ICHRAs should review the new guidance and speak with their benefit consultants. Organizations planning to offer ICHRAs effective January 1, 2020, can use the 2019 exchange rates – as outlined above – for purposes of setting contribution and funding levels.

Some large employers may find the new safe harbors helpful in satisfying the ACA shared responsibility provisions. In particular, the rules provide some simplifications for determining affordability for employees that reside in diverse geographic locations. However, it is unclear if the proposed regulations adequately address the administrative concerns of potential ICHRA plan sponsors.

The IRS has requested comments on the proposed rules by late December. However, employers can generally rely on the guidance in designing ICHRA options for 2020. The proposed rules will remain effective for any plan year that begins at least six months prior to the publication of final rules. Please stay tuned to Compliance Corner for further updates on this topic.

ICHRA Proposed Rules »

On September 9, 2019, the HHS’s Office for Civil Rights (OCR) announced an enforcement action and settlement resolving an investigation of Bayfront Health St. Petersburg (Bayfront). Bayfront is a Level II trauma and tertiary care center licensed as a 480-bed hospital with over 550 affiliated physicians. As a result of the settlement, Bayfront paid $85,000 to OCR and adopted a corrective action plan to settle a potential violation of the right of access provision of the HIPAA rules.

As background, the OCR began an investigation when a mother filed a complaint alleging that Bayfront provided personal health information relating to her unborn child to her more than nine months after her request. HIPAA generally requires that health care providers provide personal health information relating to the requestor within 30 days of the request. The right of access to these records extends to parents of minor children, such as an unborn child.

In addition to the $85,000 paid pursuant to the settlement, the resolution agreement requires Bayfront to comply with a corrective action plan that requires them to develop, maintain, and revise, as necessary, written access policies and procedures that comply with federal standards that govern the privacy of individually identifiable health information. Those policies must be reviewed by OCR and, upon approval, distributed to Bayfront employees and business associates. Bayfront must also revise its training materials and, subject to approval by OCR, train its employees and business associates on its policies and procedures regarding federal standards that govern the privacy of individually identifiable health information. Bayfront is obliged to report to OCR any information regarding an employee or business associate that may have failed to comply with those policies and procedures and to submit reports of its progress to OCR.

In summary, this investigation and resolution agreement provides employers with a great example of conduct that violates the right of access provision of the HIPAA privacy and security rules. Although this settlement relates to a health care provider, employers that sponsor group health plans (particularly those with self-insured plans), should provide plan participants, upon request, with their health information, and do so in a timely manner.

Press Release »
Resolution Agreement »

On September 5, 2019, the DOL, IRS, and HHS (the Departments) released a number of documents concerning mental health parity compliance, including a finalized FAQ. As background, the Mental Health Parity and Addiction Equity Act (MHPAEA) requires that the financial requirements and treatment limitations imposed on mental health and substance use disorder (MH/SUD) benefits be no more restrictive than the predominant financial requirements and treatment limitations that apply to substantially all medical and surgical benefits. MHPAEA also imposes several disclosure requirements on group health plans and health insurance issuers.

In addition to finalizing FAQs About Mental Health and Substance Use Disorder Parity Implementation and the 21st Century Cures Act Part 39, the Departments also released a claims form that individuals can use to request documentation about their plan’s mental health treatment limitations, and three documents highlighting the DOL’s 2018 enforcement of MHPAEA. See below for a recap on each of those resources.

FAQs About Mental Health and Substance Use Disorder Parity Implementation and the 21st Century Cures Act Part 39
This document provides additional guidance to employers and individuals about the application of the law. The finalized rules make slight changes to the proposed version by providing certain clarifications and adding additional examples. Here is an overview of the 11 questions addressed in this document:

• Questions 1-8 address different nonquantitative treatment limitation issues, including experimental or investigative treatment limitations, prescription drug dosage limitations, step therapy and fail first policies, reimbursement rates for physicians and non-physicians, network adequacy, and medical appropriateness. One question also clarifies that plans can choose to exclude coverage for certain specific mental health conditions, as long as other federal or state laws don’t prohibit the exclusion.
• Questions 9-11 discuss MHPAEA’s disclosure requirements. Specifically, the Departments discuss the model form that individuals can use to request plan information about their MH/SUD benefits. They also remind employers that they can provide a hyperlink or URL address where participants can access their provider directory, but that directory must be up-to-date and accurate so that participants can access correct information pertaining to MH/SUD providers.

FAQs Part 39 »
 

Model Mental Health and Substance Use Disorder Parity Disclosure Request Form

The Departments provided this form as an example of a MHPAEA disclosure request form. Participants can use this form to request information from their employer-sponsored health plan or insurer regarding MH/SUD limitations or denials in benefits.

Disclosure request form »
 

2018 MHPAEA Enforcement Fact Sheet

This fact sheet highlights the MHPAEA enforcement results pursued by the DOL. It specifically breaks down the number of cases concerning MHPAEA violations and discusses some of the results achieved through the DOL’s voluntary compliance program. This year, they included an introduction to the fact sheet and a compendium of guidance pertaining to the violations they found.

Notably, the DOL closed 115 cases involving a review of MHPAEA compliance, and 21 MHPAEA violations were cited in those cases. Additionally, the DOL’s benefits advisors addressed 127 public inquiries related to mental health parity.

2018 Fact Sheet »
2018 Fact Sheet Introduction »
Appendix: MHPAEA Violation Guidance Compendium »

On September 10, 2019, the DOL issued opinion letter FMLA2019-3-A, addressing the relationship between FMLA and the leave provisions of a collective bargaining agreement (CBA). As background, the person requesting the opinion is an employee of a local government agency and is subject to CBAs under which employees may delay taking unpaid leave, including unpaid FMLA leave, until after CBA-protected accrued paid leave is exhausted. The CBAs also provide that accrued paid leave taken by employees is treated as continuous employment that does not affect employees’ seniority status under the relevant state civil service rules.

The employee asked the DOL for an opinion after their employer updated its leave policy to designate leave as FMLA leave when the employer learns that an employee needs leave for an FMLA-qualifying reason. The policy was also updated to require that FMLA leave be taken concurrently with CBA-protected paid leave. The employee wanted to know if the employer must designate FMLA-qualifying leave as FMLA leave when the employee would prefer to delay taking FMLA leave until after taking CBA-protected paid leave. The employee was also concerned that taking FMLA leave first would negatively impact their seniority status under the CBAs and state civil service rules.

The DOL notes that employers cannot delay designating FMLA-qualifying leave as FMLA leave, once the employer learns of the FMLA-qualifying reason for the leave. Specifically, within five days of learning of an FMLA-qualifying leave, the employer must designate the leave as such and provide the employee with certain critical information.

FMLA also allows the employer to designate, or the employee to elect, to substitute accrued paid leave to cover any part of the unpaid FMLA entitlement period. In addition, FMLA provides that FMLA leave does not interfere with an employee’s entitlement to other benefits consistent with the employer’s policies regarding those benefits. If the employer’s policies allow for the accrual of seniority during a paid leave of absence, then the employee can accrue seniority during paid leave under FMLA.

Accordingly, the DOL opined that the employee’s right to take CBA-protected paid leave, and the right to count that paid leave time towards the employee’s seniority status, is not undercut by FMLA leave or the employer’s policies concerning such leave.

The letter provides the DOL’s opinion regarding the interaction between FMLA and other employer-provided leave. As with any opinion letter, the response is an application of the law to the specific circumstances presented by the requester. However, employers should take note that there is no discretion to delay designating leave as FMLA leave once the employer determines that the leave qualifies as such. Employers should also take note that FMLA applies in addition to or along with the employer’s policies (or CBAs, as is the case here), so that employer policies concerning such leave should be crafted so that neither the employee’s FMLA rights nor other rights are denied.

FMLA2019-3-A »

On September 10, 2019, the DOL's Wage and Hour Division (WHD) issued opinion letter CCPA2019-1 to address whether employer contributions to HSAs are considered earnings for wage garnishment purposes under the Consumer Credit Protection Act (CCPA). The letter was in response to an inquiry submitted by a firm providing human resources and payroll services to employers.

An HSA is a type of trust established to pay the qualified medical expenses of the account holder. Specifically, HSAs allow employees enrolled in HDHPs to set aside funds pre-tax to pay for future medical expenses. Employers can also contribute to employees' HSAs and are allowed a tax deduction for these amounts. Contributed amounts are generally considered non-forfeitable.

The CCPA limits the amount of an employee's earnings (after required withholding) that may be garnished to satisfy a debt. Earnings for this purpose are defined as "compensation paid or payable for personal services" and include wages, salary, commission, bonuses, and certain periodic retirement payments. The concern raised here is whether some employers were erroneously classifying their HSA contributions as earnings, and thus incorrectly inflating the amounts subject to wage garnishment.

Upon review of the facts provided, WHD determined that employer contributions to HSAs are not earnings under the CCPA. In reaching this opinion, the agency focused upon several factors. First, contributions already received by an HSA were viewed as similar to earnings deposited in an employee's bank account, which are not subject to CCPA garnishment limitations. Second, WHD did not view the employer contributions as amounts paid for employees' services because the amounts were not calculated or varied by the value of each individual's service. Rather, the typical employer contribution was a fixed annual amount or based upon a match formula. The agency also recognized that unlike other types of earnings, HSA employer contributions did not require protection for garnishment purposes because the employee could not access the amounts other than for qualified medical expenses without being subject to income taxes and penalties.

As a result, the WHD concluded that employers should not include HSA contributions when determining an employee's earnings subject to wage garnishment. However, this opinion may not be applicable if the employer bases the individual contribution amounts on the value of each employee's services or offers an option for employees to receive the contributions in cash.

The letter provides a reasoned opinion regarding the classification of employer HSA contributions under the CCPA. As with any opinion letter, the response is an application of the law to the specific circumstances presented by the requester. However, the content can be insightful in terms of how the agency may view other employers' HSA contributions under similar circumstances. Employers who contribute to their employees' HSAs may want to consult counsel and review their payroll practices following this opinion.

CCPA2019-l »

On August 5, 2019, the DOL’s Wage and Hour Division published revised FMLA forms. The changes have only been proposed and are not yet final. The DOL is soliciting comments on the proposed changes through October 4, 2019.

The purpose of the changes is to simplify the forms in a manner that would minimize the current burden on employees and health care providers completing the forms. The DOL also stated a desire to improve the quality and clarity of the information collected.

Proposed Form WH-380-E, Certification of Health Care Provider for Employee’s Serious Health Condition, would request the health care provider’s email address, the date that the form must be returned to the employer (15 calendar days), and the date that the employer first learned of the employee’s need for leave. The health care provider is not asked to provide details of treatment and is specifically advised that treatment and diagnosis is not required to be provided and is actually not permissible in some states. The definition for serious health condition (inpatient care, continuing treatment, pregnancy, chronic condition, permanent/long-term condition, and multiple treatment conditions) is included in the form to assist employees and health care providers.

Proposed Form WH-381 will require the employer to enter hours worked by an employee if they are denying the request based on the fact that the employee has not met the 1,250 hour service requirement. The form requires the employer to indicate whether FMLA is being used at the same time as short-term disability, long-term disability, workers’ compensation, or state-required family leave.

All of the forms have been reworded and reformatted to make them easier to understand. Most entry fields have been changed to check boxes. Also, all forms include a hyperlink to the DOL’s FMLA website.

Again, these forms are not yet finalized. Until further notice, employers should continue to use the version of forms with an expiration date of August 31, 2021.

Request for Comments
Proposed FMLA Forms
Current FMLA Forms

On August 8, 2019, the DOL’s Wage and Hour Division released opinion letter FMLA2019-2-A. The requester asked whether a parent’s attendance at a school’s Committee on Special Education (CSE) meeting to discuss a child’s Individualized Education Program (IEP) was covered under FMLA as intermittent leave. The DOL agreed that it was indeed a qualifying reason for leave under FMLA. However, the opinion was based on very specific facts.

The party requesting the opinion letter had two children with serious health conditions. The employee had a certification from a health care provider indicating her need to take intermittent leave to care for the children and take them to medical appointments. The children received pediatrician-prescribed occupational, speech, and physical therapy provided by their school district. Four times annually, the school holds a CSE/IEP meeting to review the children’s educational and medical needs, well-being, and progress. In attendance at those meetings are a speech pathologist, school psychologist, occupational therapist, physical therapist, teachers and school administrators.

The opinion was based on the fact that FMLA provides for leave to care for a family member with a serious health condition and that includes making arrangements for change in care.

It’s important to remember that opinion letters are based on specific facts presented by an inquiring party. This letter does not extend to all parent/teacher school meetings. In application, employers should review requests for leave related to CSE/IEP meetings with careful consideration. If the facts are similar to the ones in the opinion letter, the leave is likely covered under FMLA. This would include the child having a serious health condition, the employee having a certification from the child’s health care provider, and certification of the meeting.

FMLA2019-2-A  »

On July 24, 2019, in Dawson-Murdock v. National Counseling Group, the US Court of Appeals for the Fourth Circuit set aside a district court’s dismissal of a spouse’s fiduciary breach claims against her deceased husband’s employer. The case was remanded back to the lower court for further proceedings.

As background, there are generally two types of fiduciaries under ERISA. The first are those fiduciaries specified in the plan document, such as the "Plan Administrator" and "named fiduciary." These individuals or entities are fiduciaries by definition. The second type are functional fiduciaries, i.e., those not necessarily named in the plan documents, but who assume fiduciary roles by their actions. Such actions (or omissions) typically involve the exercise of discretionary authority (e.g., interpreting ambiguous plan terms or making final determinations regarding benefits eligibility), as opposed to performing purely ministerial duties. The two fiduciary types are not mutually exclusive, and either can be subject to fiduciary breach claims.

In this case, a widow asserted that her husband’s employer breached fiduciary duties in relation to its group life insurance plan. The insurance company had denied the spouse’s claim for benefits on the basis of ineligibility due to her husband’s transition to part-time employment status. However, the employer, which was responsible for eligibility determinations, had never informed the employee of the effect of his reduction in hours or the options to maintain coverage, and continued to collect premium payments from the employee. Furthermore, the employer’s VP of Human Resources instructed the widow not to file an appeal of the claim denial because the company would pay the claim and work the issue out with the insurer. Notwithstanding, the VP eventually informed the spouse that the employer would not pay the claim. By the time she received such notice, the ninety-day timeframe for filing an appeal had passed. The spouse then sued the employer for breach of fiduciary duties.

The trial court held that the employer had not acted in a fiduciary capacity with respect to its actions regarding the group life insurance coverage and claim. The fiduciary breach claims were dismissed, despite the employer being specified in the plan documents as both the "Plan Administrator" and "named fiduciary."

The Fourth Circuit clearly disagreed, reinforcing the ERISA principle that the individual(s) or entity identified as "Plan Administrator" and "named fiduciary" in the plan document are "automatic" fiduciaries. In other words, these parties cannot disclaim fiduciary status on the basis of a lack of discretionary actions. Furthermore, the court held that the employer’s actions and omissions were sufficient to support a functional fiduciary claim. Specifically, the VP had acted as a fiduciary in failing to notify the employee of his ineligibility and provide other options for coverage continuation. The VP had also assumed a discretionary role when advising the spouse not to appeal the claim denial. In finding a sufficient basis for the breach of fiduciary claims, the Fourth Circuit rejected the dismissal and sent the case back to the trial level for further proceedings.

This case serves as a reminder that the parties named in the plan document as "Plan Administrator" and "named fiduciary" are automatic ERISA fiduciaries against whom breach claims can be asserted. Accordingly, these individuals or entities should be selected with careful consideration and educated regarding their fiduciary duties and possible liabilities. Additionally, those parties not designated in the document, but who may perform discretionary plan responsibilities, should be aware of their potential functional fiduciary status.

Dawson-Murdock v. National Counseling Group »

On July 31, 2019, the DOL updated its Employer CHIP Model Notice that employers with group health plans may use to notify eligible employees about premium assistance available through their state Medicaid or Children's Health Insurance Program (CHIP). Since its initial release in 2010, the DOL has been updating the notice twice annually, on or around January 31 and July 31 of each year. The updates generally reflect any changes to contact information for the list of states offering premium assistance programs.

Employers creating their own notices, rather than the DOL’s model notice, should pay special attention to ensure the most recent information is used. Employees residing in one of the states identified on the notice must receive this information automatically, before the start of the plan year, and free of charge.

Employer CHIP Notice »

On July 17, 2019, the IRS published Notice 2019-45, which expands the preventive care benefits that can be provided by a HDHP without affecting the HDHP participants’ HSA eligibility. As background, to be eligible to establish and contribute to an HSA, an individual must have qualifying HDHP coverage and no impermissible coverage. A qualified HDHP is one that does not provide benefits for any year until the minimum deductible for that year is satisfied. However, there is a safe harbor for the absence of a deductible for preventive care — so an HDHP can provide preventive care without causing an individual to lose HSA eligibility.

Previously, preventive care generally was not defined as including services or benefits aimed at treating existing illnesses, injuries, or conditions. However, a June 2019 executive order called for the IRS to amend those rules and allow for a change to that definition to include such existing illnesses, injuries, and conditions. One reason for this expansion is that failure to address these types of chronic conditions has been demonstrated to lead to consequences, such as amputation, blindness, heart attacks, and strokes, that require considerably more extensive medical intervention.

As a result of the executive order, the IRS published the new notice, which states that certain services and items that are used for chronic conditions are considered preventive care for purposes of HSA eligibility, when they are prescribed to prevent exacerbation of the diagnosed condition or the development of a secondary condition. The notice includes an appendix that lists 14 medical services or items for individuals with 11 specific chronic conditions (asthma, congestive heart failure, diabetes, coronary artery disease, osteoporosis and/or osteopenia, liver disease, depression, hypertension, bleeding disorders, and heart disease).

For example, insulin and other glucose lowering agents, retinopathy screening, glucometer and Hemoglobin A1c testing are now considered preventive care for individuals diagnosed with diabetes. Similarly, inhaled corticosteroids and peak flow meters are considered preventive care for individuals diagnosed with asthma.

The notice is clear that the listed services/items are considered preventive care only to the extent that they are used to treat the chronic conditions specified; if they are used to treat other conditions, then they are not considered preventive care. Also, the notice does not impact or change the definition of preventive care for purposes of the ACA’s preventive care mandate (the requirement to cover preventive care without cost-sharing).

The notice is effective immediately. The notice does not require HDHPs to cover all the conditions and treatments listed; but if they do, those services will be considered preventive care (and therefore wouldn’t adversely impact HSA eligibility). Employers will want to review any HDHP/HSA offerings to determine if changes are necessary.

Employers can wait until the next plan year to implement any changes (since it would require an amendment to the plan documents and employee communications). Employers should consider whether they want to cover all the conditions and treatments listed in the guidance, and whether they want to cover them at 100% (or add in cost-sharing, such as copayments or coinsurance). With those considerations in mind, employers should work with their advisor in determining next steps.

Notice 2019-45 »
News Release »

On June 24, 2019, the White House published Executive Order 13877, Improving Price and Quality Transparency in American Healthcare To Put Patients First. The executive order directs the Treasury, HHS, and DOL to adopt guidance and rules that will help improve price and quality transparency in health care generally. While the primary purpose of the order is geared toward price and quality transparency, the order also addresses HDHPs, health FSA carryovers, and medical expenses.

On transparency, the order directs the regulatory agencies to, within 90 days, request comments on a proposal to require providers, insurers, and self-insured health plans to provide information to patients (prior to receiving care) on expected out-of-pocket expenses. The order also directs the agencies to, within 180 days, adopt rules directed at increasing access for researchers, innovators, and others to de-identified claims data from group health plans. The rules must do so in a way that complies with HIPAA and other laws that ensure patient privacy and security.

On HDHPs, the order directs the Treasury to, within 120 days, publish guidance that allows HDHPs to be more compatible with HSAs. Specifically, the order asks for a rule that makes HDHPs compatible with HSAs, even where the HDHP covers medical care for chronic conditions before the statutory deductible has been met.

On health FSA carryovers, the order directs the Treasury to, within 180 days, propose regulations that would increase the amount that an employee can carryover from one health FSA plan year to the next.

On medical expenses, the order directs the Treasury to, within 180 days, propose regulations that would treat certain arrangements as eligible expenses under IRC Section 213(d). Those arrangements could potentially include direct primary care arrangements and health care sharing ministries.

The order is not a change in law — so employers do not have to do anything with regard to immediate changes on compliance efforts. The order is an indication that some of the above changes could be coming, depending on how the agencies respond and develop their guidance. The regulatory agencies must first publish proposed rules and go through a comment period, so any changes would not likely take effect until late 2020 at the earliest (and even then, there would likely be a grace period for plan years that have already begun). NFP Benefits Compliance will continue to monitor developments on this and report in future editions of Compliance Corner.

Executive Order 13877 »

On June 26, 2019, HHS posted two FAQs to its website related to the use and disclosure of protected health information (PHI). The first answers whether one health plan is permitted to share PHI with a second health plan for care coordination purposes without the individual’s authorization. As background, the HIPAA privacy rules permit a covered entity (including a health plan) to disclose PHI for its own health care operation purposes. HHS clarified that disclosing PHI for those purposes includes a health plan disclosing PHI of a former participant to a new health plan for care coordination purposes.

The second question answers whether a covered entity may use a participant’s PHI to inform them about other available health plan options that it offers without the individual’s authorization. The HIPAA privacy rules prohibit using PHI for marketing purposes. However, there is an exception for communications to individuals regarding replacements to, or enhancements of, existing health plans, so long as the covered entity is not receiving financial remuneration for the communications. Thus, an insurer is permitted to market its other health plan options to participants as long as they do not receive financial compensation for sending the communication and they are in compliance with any business associate agreement in place.

While these FAQs do not present a new compliance requirement, they do provide additional clarification on how HIPAA applies to certain situations. Covered entities should familiarize themselves with this guidance.

HHS, HIPAA Privacy FAQs »

On June 13, 2019, the Treasury Department, DOL, and HHS finalized rules to allow employees to use their employers’ HRA to pay for individual health coverage. The rules also create a new excepted benefit HRA. The rules, which are effective for plan years starting on or after January 1, 2020, follow through on Pres. Trump’s 2017 executive order directing the DOL and HHS to implement rules that would allow for the expanded use of HRAs. The final rules largely follow the October 2018 proposed rules with some clarifying changes (see our previous Compliance Corner article).

As background, the ACA previously required that HRAs be integrated with group health coverage; this is the only way the HRA could be deemed to meet many of the ACA’s market reforms, such as the prohibition on annual and lifetime limits. As such, employers could not reimburse employees for individual coverage.

These new HRA rules significantly change that requirement by allowing employees to be reimbursed for the cost of individual coverage through what is known as an individual coverage HRA (ICHRA). The employee and any dependent for which the HRA would reimburse must actually be enrolled in individual coverage. That individual coverage can be offered on or off the exchange and includes fully insured student health coverage, catastrophic policies, grandmothered plans, and plans offered in states with a Section 1332 waiver. It does not include self-insured student health coverage, short-term limited duration insurance, a spouse’s group health coverage, health care sharing ministries, multiple employer welfare arrangements, or TRICARE.

An ICHRA may also be integrated with Medicare. The participant must be enrolled in Parts A and B or C. The arrangement may reimburse premiums for Parts A, B, C, or D as well as for Medigap policies. Reimbursement cannot be limited only to out-of-pocket expenses not covered by Medicare. The employer must substantiate the participant’s enrollment in individual coverage or Medicare annually prior to the coverage effective date and before each reimbursement. Sample attestation language is provided in the Fact Sheet (link provided below).

Generally, an employer cannot offer a traditional health plan and ICHRA to the same class of employees. However, an employer may choose to offer the traditional plan to current employees and offer an ICHRA to new employees hired on or after a certain date (which must be on or after January 1, 2020). Additionally, the HRA must be offered on the same terms to each participant in the class (with limited exceptions). Additional reimbursement may be provided to older participants, but no more than three times the funds available to younger participants.

The rules allow the following classes of employees:

• Full-time
• Part-time
• Seasonal
• Hourly (was not previously included in proposed rules)
• Salaried (was not previously included in proposed rules)
• Employees whose primary site of employment is in the same rating area
• Employees covered under a collective bargaining agreement
• Employees who have not yet satisfied an ACA-compliant waiting period
• Non-resident aliens with no US-based income

(The proposed rules included an additional classification of employees under age 25, which was eliminated from the final rules.)

There are minimum class size rules based on the employer’s size that apply to the first five classifications listed above. The applicable class size minimum is: 1) ten, for an employer with fewer than 100 employees; 2) 10% of the total number of employees, for an employer with 100 to 200 employees; and 3) 20, for an employer that has more than 200 employees.

Employers sponsoring an ICHRA must distribute a notice to eligible employees 90 days before the start of the HRA plan year (or by the date of eligibility if someone becomes eligible for the HRA after the start of the plan year). The notice must describe the terms of the HRA, discuss the HRA’s interaction with premium tax credits, describe the substantiation requirements, and notify the person that the individual health coverage integrated with the HRA isn’t subject to ERISA. There is model language included in the Fact Sheet.

Further, the final rules also allow employers to offer an excepted benefit HRA that isn’t integrated with any health coverage, as long as certain conditions are met. Specifically, the employer must ensure that they offer other traditional coverage, limit the benefit to $1,800 per plan year (indexed for inflation), only reimburse for premiums of excepted benefit plans, and make the HRA uniformly available. These rules are largely the same as the proposed rules.

As it pertains to ERISA, the rule clarifies that individual coverage paid for through the HRA would not be subject to ERISA as long as the employer doesn’t take an active role in endorsing or choosing the individual coverage. In this way, the rules for having individual coverage avoid being subject to ERISA are similar to the safe harbor for voluntary plans. However, the HRA itself is generally considered a health plan and must comply with the Summary of Benefits and Coverage notice requirement and ERISA requirements.

As it pertains to the ACA, individuals who are covered by an HRA that’s integrated with affordable, minimum value individual health insurance coverage are ineligible for a premium tax credit. However, employees can waive the ICHRA so that they can retain their premium tax credit eligibility.

Employers that are subject to the employer mandate (or applicable large employers) may use an ICHRA to satisfy their obligation to offer coverage under the mandate. However, the HRA amount offered must be an amount that would be considered affordable. Notably, though, these final regulations don’t describe how employers will go about determining if their individual coverage HRA is affordable. The Treasury has been tasked with identifying this guidance in a later proposed rule.

Employers with questions on how these rules will impact health coverage options available to them are encouraged to contact their consultant.

Final Rules »
Fact Sheet (including ICHRA Model Attestation and Notice) »

On June 17, 2019, the IRS released its third quarter priority guidance plan. As background, the IRS uses the Priority Guidance Plan each year to identify and prioritize the tax issues that will be addressed through regulations, revenue rulings, revenue procedures, notices, and other published administrative guidance.

Some notable employee-benefits related issues that the IRS is working on include:

• Proposed rules on employee stock ownership plans
• Updated final vesting regulations
• Updated definition of church plan
• Rule that provides limited relief to multiple employer plans where one employer violates qualification requirements
• Updated life expectancy for required minimum distribution purposes
• Guidance on individual coverage HRAs
• Possibly modified regulations on Voluntary Employees’ Beneficiary Association Regulations

While this guidance doesn’t necessitate any action on the part of employers, it does give good insight into the rules the IRS may publish in the next several months.

IRS Third Quarter Priority Guidance Plan

On May 29, 2019, the IRS released Rev. Proc. 2019-25, which provides the 2020 inflation-adjusted limits for HSAs and HSA-qualifying HDHPs. According to the revenue procedure, the 2020 annual HSA contribution limit will increase to $3,550 for individuals with self-only HDHP coverage (up $50 from 2019) and to $7,100 for individuals with anything other than self-only HDHP coverage (family or self+1, self+child(ren), or self + spouse coverage) (up $100 from 2019).

For qualified HDHPs, the 2020 minimum statutory deductibles increase to $1,400 for self-only coverage (up $50 from 2019) and $2,800 for individuals with anything other than self-only coverage (up $100 from 2019). The 2019 maximum out-of-pocket limits increased to $6,900 for self-only coverage (up $150 from 2019) and up to $13,800 for anything other than self-only coverage (up $300 from 2019). Out-of-pocket limits on expenses include deductibles, copayments, and coinsurance, but not premiums.

The 2020 limits may impact employer benefit strategies, particularly for employers coupling HSAs with HDHPs. Employers should ensure that employer HSA contributions and employer-sponsored qualified HDHPs are designed to comply with 2020 limits.

Rev. Proc. 2019-25 »

On May 30, 2019, the DOL updated the model Summary Annual Report (SAR) for Welfare Plans. The changes were not substantial, but they appear to include updated contact information for the DOL. As a reminder, SARs summarize the annual Form 5500 and are required to be distributed by large insured health plans. Unfunded self-funded plans of any size are exempt from the requirement to distribute SARs.

While the updated version of the SAR doesn’t result in any substantial changes, employers should utilize the new DOL model.

DOL Health Plan Model Notices & Disclosures »

Effective May 15, 2019, the DOL has changed the address to which Delinquent Filer Voluntary Compliance Program (DFVCP) submissions should be mailed. As background, the DFVCP is a correction program for plan administrators who are delinquent in filing a plan’s Form 5500. The program provides reduced penalties and is open to those who have not been notified in writing by the DOL of the delinquency.

The address plan sponsors should now use for submission is:

DFVCP
PO Box 6200-35
Portland, OR 97228-6200

The DOL is also making an address available for overnight delivery service. That address is:

US Bank
Attn: DFVC 6200-35
17650 NE Sandy Boulevard
PD-OR-C1G
Portland, OR 97230

As a reminder, submissions may also be sent electronically.

Plan sponsors that seek to file a DFVCP submission should keep this change in mind.

Announcement »

DFVCP Fact Sheet »

On March 29, 2019, the IRS released Information Letter 2019-0005, which responded to an inquiry about whether menstrual care products may be categorized as qualified medical expenses under Code Section 213 and expensed under health savings accounts (HSAs), flexible spending accounts (FSAs), and other tax-preferred accounts.

As background, Code Section 213 allows taxpayers to deduct medical care expenses when made for the “diagnosis, cure, mitigation, treatment, or prevention of disease, or for the purpose of a structure or function of the body.” Alternatively, personal, family or living expenses that are merely beneficial to the general health of the individual likely do not qualify as “medical care” under 213. However, personal expenses can be considered “medical care” if the taxpayer would not have incurred the expense but for the disease or illness.

The IRS does not say whether menstrual care products can be “medical care,” but provides a list of objective factors to use when determining whether an expense that is typically personal in nature was, in a specific instance, a qualified medical expense. The factors include:

• The motive or purpose for making the expenditure
• A physician’s diagnosis of a medical condition and recommendation of the item as treatment or mitigation
• The relationship between the treatment and the illness
• The treatment’s effectiveness
• The proximity in time to the onset or recurrence of a disease

Applying these objective factors to menstrual products, some things to consider are whether the menstrual products are purchased for treating, mitigating, or diagnosing the taxpayer’s disease; whether the costs are merely beneficial to the taxpayer’s general health such that they might be considered the taxpayer’s personal expense; and whether the expense would be incurred but for the medical condition.

Please note that this letter is intended only for informational purposes, but serves as a good reminder that HSA, FSA, and other tax-preferred accounts can only be used for certain expenses. Administrators must consider when approving an expense as qualified under Code Section 213 whether it would typically be personal in nature. If you have additional questions regarding Code Section 213, please contact your adviser.

Information Letter 2019-0005 »

On May 6, 2019, HHS’s Office of Civil Rights (OCR) announced a $3 million settlement with Touchstone Medical Imaging, a diagnostic medical imaging services company, relating to violations of HIPAA’s privacy, security and breach notification requirements. According to an HHS press release, in May 2014, the FBI and OCR notified Touchstone that one of its servers allowed uncontrolled access to its patients’ protected health information (PHI). Both the FBI and OCR confirmed that PHI from many patients, including some Social Security numbers, was visible through a basic Google search even after the server was taken offline. Touchstone initially claimed that it had not breached or exposed any patient’s PHI. However, after an investigation, OCR concluded (and Touchstone subsequently admitted) that the PHI of more than 300,000 patients was exposed. Some of the exposed information included names, birth dates, social security numbers, and addresses.

OCR’s investigation also found that Touchstone had not thoroughly investigated the security incident until several months after the FBI and OCR notified Touchstone of the security incident (availability of the information on the internet). As a result, Touchstone’s notification to affected individuals regarding the breach was considered untimely. OCR further concluded that Touchstone failed to conduct an accurate and thorough risk analysis of potential risk and vulnerabilities relating to the availability and confidentiality of its electronic PHI and failed to have business associate agreements in place with its vendors, as required by HIPAA.

The settlement serves as a reminder to covered entities, particularly employers with self-insured plans, regarding HIPAA privacy, security, and breach requirements. This case resulted in a significant penalty for several reasons, including the number of affected individuals, the failure to conduct a risk analysis and to implement business associate agreements, the failure to respond to two federal law enforcement agencies, and the failure to timely notify impacted individuals regarding the breach. Employers should review their HIPAA obligations with their advisers and outside counsel in developing a comprehensive strategy for adhering to the privacy, security, and breach notification requirements.

HHS Press Release »

HHS Resolution Agreement »

On May 13, 2019, the DOL issued Part Two in a series of questions and answers they’ve provided after a federal district court invalidated their final AHP rules. As background, in New York v. DOL, the U.S. District Court for the District of Columbia invalidated the DOL’s rules relating to association health plans (AHPs). Since then, the DOL has issued a statement indicating that they intend to appeal the decision. They also provided a set of questions and answers that essentially reiterates the information they provided in their statement.

Part Two of those questions and answers provides additional clarification on the DOL’s stance. Specifically the questions and answers provide the following:

• Pathway 1 AHPs (which is the DOL’s term for AHPs that were formed pursuant to the old rules) are not affected by the district court’s decision. The DOL also briefly reminds readers of the requirements for AHPs formed under those rules.
• Pathway 2 AHPs (which is the DOL’s term for AHPs that were formed pursuant to the new rules) cannot market to or sign up new employer members. Existing employer members can sign up special enrollees, though, and will fall under enforcement relief the DOL provided through their statement.
• Pathway 2 AHPs with a contract term of more than one year can also avail themselves of the enforcement relief, if, for example, their coverage doesn’t end until after the end of the current plan year.
• Pathway 1 AHPs that would like additional guidance on meeting their requirements or would like to possibly request an advisory opinion indicating that they meet those requirements can reference the guidance EBSA has already provided (found here).

As we mentioned in previous articles on this subject, NFP Benefits Compliance will continue to monitor the lawsuit and any related developments.

Questions and Answers Part Two »

On April 30, 2019, HHS exercised its discretion in how it applies the regulations related to HIPAA privacy and security violations. As background, in 2009, the HITECH Act set penalty limits based on four tiers of knowledge and intention. Each tier had a maximum penalty of $1.5 million per calendar year when the violations were of an identical requirement or prohibition. The new guidance, found in the Federal Register, reduces the maximum annual penalty to the following amounts per tier:

• No knowledge: The covered entity did not know, and by exercising due diligence, would not have known they violated a provision. Maximum annual penalty is now $25,000.
• Reasonable cause and not willful neglect: The covered entity had knowledge of the violation, but lacked conscious intent and reckless indifference. Maximum annual penalty is now $100,000.
• Corrected willful neglect: The covered entity had knowledge of the violation, acted with conscious intent or indifference, and corrected the violation within 30 days of having knowledge. Maximum annual penalty is now $250,000.
• Willful neglect and not corrected: The covered entity had knowledge of the violation, acted with conscious intent or indifference, and did not correct the violation within 30 days of having knowledge. Maximum annual penalty remains $1.5 million.

The changes are effective immediately. HHS expects to issue revised regulations in the future.

Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties »

On April 29, 2019, the DOL published a statement regarding the March 28, 2019, district court ruling that invalidated major provisions of the DOL’s final rules on association health plans (AHPs). See our article on the ruling in the April 2, 2019, issue of Compliance Corner. In that decision, the U.S. District Court for the District of Columbia held that the DOL’s AHP rules violated ERISA by impermissibly expanding the scope of AHPs (which are considered multiple employer welfare arrangements, or MEWAs, under ERISA). Until recently, the DOL had not indicated whether it would appeal the decision or request a stay on the holding (meaning the court’s ruling would be on hold pending the appeal — this is a common request made to prevent a court’s ruling from taking effect while issues are still being litigated in court).

The DOL now indicates that it has appealed the ruling. However, at this point there’s no indication that the DOL has requested or that the court has granted a stay. As a result, the court’s ruling is in effect, meaning associations cannot form self-insured AHPs under the new rule. In addition, AHPs that had already formed pursuant to the DOL’s final AHP rules should be paying claims but, going forward, should not be marketing to new enrollees (particularly sole proprietors as so-called “working owners”). According to the DOL’s statement, employers participating in insured AHPs can generally maintain that coverage through the end of the plan year or, if later, the contract term; this is meant to help employees keep their coverage in force. That intention seems to indicate the DOL’s focus on ensuring that participants and beneficiaries are paid health benefit claims as promised.

To that end, the statement also indicates that carriers must generally continue the coverage in force for each participating employer and its covered employees at the employer’s option through the end of the plan year. Then, at the end of the plan year, the carrier would only be able to renew the coverage for an employer member of an AHP if the coverage complies with the relevant market requirements for that employer’s size. This would revert the rating rules to the old DOL rules — making it much more difficult for AHPs to have large group status for ERISA application (ERISA would apply at the individual employer level) and for large/small group rating purposes. Thus, coverage sold to a sole proprietor AHP participant would have to comply with individual market/rating rules, and coverage sold to a small employer AHP participant would have to comply with small group market/rating rules.

States may also have a say in reacting to the district court ruling and DOL appeal. At least one state (Vermont) has published guidance stating that the state won’t be approving new AHPs, and that current AHPs should stop advertising and enrolling new employer groups. We anticipate more states weighing in, and will continue to monitor developments on this issue.

DOL Statement »

CMS recently updated its guidance that provides an overview of the federal market requirements applicable to non-federal governmental plans, including self-funded and fully insured plans. As background, CMS is the entity that oversees compliance and enforcement of the Public Health Service Act (PHSA) and applicable provisions of the ACA for group health plans related to municipal governments, school districts, fire departments, and funds that pool together a number of smaller municipalities.

The guidance gives a general overview of the laws that apply to non-federal governmental plans, including the ACA and PHSA. They also discuss which of these laws don’t apply to these plans.

There is also helpful information regarding the assistance that CMS makes available to help plans remain compliant, including technical assistance, website resources and information, and access to subject matter experts within CMS that have specialized knowledge.

The guidance also discusses CMS’ investigative process. Specifically, investigations into plan compliance generally begin through inquiries or complaints from enrollees or representatives. If CMS discovers a plan is non-compliant, they will initiate enforcement action and work to create a corrective action plan to bring the areas identified into compliance and, if necessary, require that the plan compensate enrollees who did not receive the benefits or processes to which they were entitled. Once the plan documents and processes are fully compliant, CMS will approve notices to enrollees and the appropriate method for compensation (if necessary, for both). CMS will end the investigation only upon confirmation that all steps within the corrective action plan are carried out (usually, this includes compensated enrollees).

While this information is not new, it does serve as a reminder of the importance of compliance for non-federal governmental plans.

Guidance »

On March 25, 2019, HHS announced the launch of the Compliance Review Program. In April 2019, HHS will randomly select nine covered entities (five health plans and four clearinghouses) for a review of their compliance with the HIPAA administrative simplification rules for electronic health care transactions. This is a follow-up to the 2018 pilot program, which included health plan and clearinghouse volunteers.

Specifically, the program will review compliance with the rules related to electronic transactions, code sets, unique identifiers, and operating rules. If the entity is not in compliance, HHS will work with the entity to resolve. If the noncompliance continues, HHS may increase enforcement action. If there is willful and egregious noncompliance, monetary penalties may be assessed.

The announcement shows the continued efforts of HHS to enforce the HIPAA privacy and security rules. Employers who sponsor a group health plan, whether fully insured or self-insured, have responsibilities under those rules including identifying a privacy official, conducting a risk analysis, training workforce members, maintaining written policies and procedures, and safeguarding protected health information.

To learn more about a plan sponsor’s responsibilities, please view the NFP archived webinar entitled “Make a Resolution to Comply with HIPAA.”

HHS Compliance Review Program »

On April 1, 2019, CMS released the 2020 parameters for the Medicare Part D prescription drug benefit. This information is used by employers to determine whether the prescription drug coverage offered by their group coverage is creditable or non-creditable. To be creditable, the actuarial value of the coverage must equal or exceed the value-defined standard Medicare part D coverage provides.

For 2020, the defined standard Medicare Part D prescription drug benefit is:

• Deductible: $435 (a $20 increase from 2019)
• Initial coverage limit: $4,020 (a $200 increase from 2019)
• Out of pocket threshold: $ 6,350 (a $1,250 increase from 2019)
• Total covered Part D spending at the out-of-pocket expense threshold for beneficiaries not eligible for the coverage gap discount program: $9,038.75 (a $1,385 increase from 2019)
• Estimated total covered Part D spending at the out-of-pocket expense threshold for those eligible for the coverage gap discount programs: $9,719.38 (a $1,579.84 increase from 2019)
• Minimum cost-sharing under catastrophic coverage benefit: $3.60 for generic/preferred multi-source drug (a $.20 increase from 2019) and $8.95 for all other drugs (a $.45 increase from 2019)

Employers should use these 2020 parameters for the actuarial determination of whether their plans’ prescription drug coverage continues to be creditable for 2020. For additional information, please consult with your adviser.

CMS Announcement »

Additional information on Medicare Part D coverage »

The IRS recently published IRS Chief Counsel Memorandum 201912001, which is dated December 21, 2018, and relates to health insurance costs of employee family members of 2 percent S corporation shareholders. The memo addresses an individual who owns 100 percent of an S corporation, where the S corporation employs one of the individual’s family members. Under the IRC’s Sec. 318 family attribution rules, the family member is considered to be a 2 percent shareholder of the S corporation. The S corporation provides a group health plan for all employees, and the amounts paid by the S corporation under the plan are generally included in the family member’s gross income. The question presented in the memo is whether the family member is entitled to a deduction for the amounts paid by the S corporation under the group health plan.

According to the memo, an individual who is a 2 percent shareholder of an S corporation pursuant to the Sec. 318 ownership attribution rules is entitled to a deduction for amounts paid by the S corporation under a group health plan for all employees and included in the individual’s gross income. In order for an employee who is a 2 percent shareholder to deduct the amount of the premiums, the S corporation must report the group health plan insurance premiums paid or reimbursed on the 2 percent shareholder’s Form W-2 in that same year, and the shareholder must report the premium payments/reimbursements on their Form 1040 for that year.

For employers, the memo has limited application. IRS memos are informational only and generally cannot be relied upon as direct guidance. However, this memo does serve as some indicator on how the IRS may position themselves on a particular issue. Because the memo relates to federal income taxation and deductions, employers should seek outside counsel for any direct questions.

IRS Chief Counsel Memorandum 201912001 »

On March 28, 2019, in New York v. DOL, the U.S. District Court for the District of Columbia invalidated the DOL’s rules relating to association health plans (AHPs). As background, prior to 2018, AHPs (which are considered multiple employer welfare arrangements, or MEWAs, under ERISA) could only be sponsored by employer groups or associations whose members shared a “commonality of interest” that was unrelated to benefits. That meant employers within the association had to be in the same trade, industry, or profession and could not just be in the same geographic location. The DOL’s rules also prohibited AHPs from forming solely for the purpose of providing benefits; AHPs had to show that their association was primarily for business purposes, with benefits being an afterthought.

In 2018, pursuant to a White House executive order, the DOL published new rules (in proposed form in January 2018 and in finalized form in June 2018) that allow AHPs to include employers without a commonality of interest if they are located in the same state or metropolitan area (for example, DC/MD/VA or NY/NJ/CT). Further, AHPs can now form for the primary purpose of providing benefits (something that was prohibited before 2018), as long as they can show a “substantial business purpose,” which includes fairly minimal proof — anything from setting business standards and practices to publishing a newsletter. Importantly, the 2018 rules also allow an AHP to cover non-employees (sole proprietors, independent contractors, partners, and other businesses without any employees). The 2018 rules have staggered applicability dates — they applied to fully insured AHPs on September 1, 2018, existing self-insured AHPs on January 1, 2019, and newly-formed self-insured AHPs on April 1, 2019. Finally, the 2018 rules did not address state enforcement of MEWAs; ERISA generally allows (and the 2018 rules explicitly allow) states to enforce their own rules with regard to MEWAs. Many states have a particular interest in regulating self-insured MEWAs as a way to protect against consumer fraud and misrepresentation regarding the MEWAs’ ability to pay benefits.

Following the finalization of the 2018 rules, a coalition of state attorneys general (AGs) — led by New York and Massachusetts — filed a lawsuit challenging the 2018 rules, stating that the DOL violated the Administrative Procedure Act by overreaching on its regulatory authority. The other states involved include California, Delaware, District of Columbia, Kentucky, Maryland, Massachusetts, New Jersey, New York, Oregon, Pennsylvania, Virginia, and Washington. The AGs’ lawsuit claimed that the DOL’s new interpretation of “employer” was inconsistent with the purpose and language of ERISA, and that the 2018 rules allowed businesses (some without employees) to form AHPs and avoid the ACA’s consumer protections (those that apply to individual and small group plans). Self-insured AHPs could also avoid certain state insurance laws, including benefit and other mandates meant to protect the residents of that particular state. Finally, the AGs’ lawsuit claimed that the 2018 rules increased the risk for consumer fraud and harm and jeopardized states’ ability to add stronger consumer protections and protect against consumer fraud and harm.

The court agreed with the state AGs. After concluding that the states had standing, the court concluded that the DOL did not reasonably interpret ERISA and that the primary provisions of the 2018 rules must be invalidated. Those primary provisions are the expanded definition of “commonality of interest” and the inclusion of working owners. Specifically, the court stated that the commonality of interest expansion in the 2018 rules failed to meaningfully limit the types of associations that could qualify as sponsors of an ERISA plan. The judge concluded that the 2018 rules establish “such a low bar that virtually no association could fail to meet it.” In addition, because ERISA is meant to regulate benefit plans that arise from employment relationships, the inclusion of working owners impermissibly expanded ERISA’s regulation to plans outside of such employment relationships. The judge concluded that the outcome would be “absurd,” since it ignores ERISA’s definitions and structure, case law, and ERISA’s 40-year history of excluding employers without employees.

In the opinion, the court invalidated the major provisions of the AHP rule and remanded the rule back to the DOL to determine if any remaining portions of the rules (relating to nondiscrimination and organizational structure) are severable. On that, the court noted its opinion that the remaining portions, were “collateral” to the more major portions which it held invalid. Additionally, in his order, the judge did not issue a stay. That leaves the DOL with a few options. First, the DOL could seek a stay (meaning the decision would not go into effect) and appeal the decision, sending the case to the Court of Appeals for the D.C. Circuit. Second, the DOL could try and find a way to re-craft the rule in a way that meets the district court ruling. Third, the DOL could rescind the rule altogether.

The ruling leaves associations and AHPs in a difficult spot. The ruling prevents the formation of self-insured AHPs under the 2018 rules – those rules would’ve gone into effect on April 1, 2019 – that effective date is clearly after the decision, and prevents the formation of other AHPs that rely on the 2018 rules. The ruling’s impact is much trickier to discern for those AHPs that have already formed pursuant to the new rule. The status of the AHP as an ERISA plan could be in jeopardy, meaning the AHP would have to comply with the ACA’s individual and small group protections, and any working owners (sole proprietors, etc.) would have to exit the AHP (they could potentially qualify for a special enrollment in the exchange). Some of that impact, however, depends on the next steps in the lawsuit. Since the decision could potentially be placed on hold pending an appeal, AHPs that have formed under the 2018 rules could wait and see what happens before making any decisions on the future. However, they should likely consult with legal counsel to determine their next steps.

One thing is for certain, though: AHPs formed under the old AHP rules (those that have a commonality of interest, exclude sole proprietors, and exercise control over the AHP) are not impacted by the 2018 DOL rules or by the court’s ruling here. So, if an AHP formed under that older ERISA definition, they can continue to operate as they have been. On April 2, 2019, the DOL published an FAQ document in response to the court ruling, wherein the DOL stated that “Participants in AHPs affected by the District Court’s decision have a right to benefits as provided by the plan or policy. Plans and health insurance issuers must keep their promises in accordance with the policies and pay valid claims.” The DOL also reiterated that its considering its options for appealing the decision, with more to come on that.

NFP Benefits Compliance will continue to monitor the lawsuit and any related developments.

New York v. DOL »

April 2 DOL FAQs »

The DOL recently updated their Fact Sheet detailing the 2019 inflation adjustments of ERISA’s civil monetary penalties that can be imposed on employer-sponsored plans. This fact sheet provides the penalty amounts that are enforceable by the EBSA for penalties assessed after January 22, 2019 and for violations that occurred after November 2, 2015.

As background, the annual adjustments relate to a wide range of compliance issues and are based on the percentage increase in the consumer-price index-urban (CPI-U) from October of the preceding year. For 2019, the penalties were published on January 23, 2019, and the amounts were based on a cost-of-living increase of 1.03 percent.

To avoid the imposition of penalties, employers should ensure ERISA compliance for all benefit plans and stay updated on ERISA’s requirements.

Fact Sheet »

In March 2019, the IRS and DOL issued notices of possible tax relief and ERISA relief for certain counties in Ohio and Nebraska that were declared disaster areas due to serious weather events. The relief is available to individuals that reside or work in the following counties:

• Nebraska counties: Butler, Cass, Colfax, Dodge, Douglas, Nemaha, Sarpy, Saunders, and Washington
• Iowa counties: Fremont, Harrison, Mills, Monona and Woodbury counties.

The guidance describes the ability of the IRS to postpone certain deadlines for taxpayers who reside or have business in the impacted areas, including the April 15, 2019, deadline for income tax returns and payments and the quarterly estimated income tax payments due on April 15, 2019, and June 17, 2019. Eligible taxpayers also have until July 31, 2019, to make 2018 IRA contributions. Penalties on payroll and excise tax deposits due on or after March 9, 2019, and before March 25, 2019, will be abated as long as the deposits were made by March 25, 2019.

Separately, the DOL recognized that plan fiduciaries, employers, labor organizations, service providers, and participants and beneficiaries located in the declared disaster areas may have difficulty in complying with ERISA over the coming months. Relief is available regarding verification procedures for pension plan loans and distributions as well as the time restrictions for participant contributions and loan repayments. There is also relief extended to ERISA claims compliance as long as plans act reasonably, prudently, and in the interest of the workers and their families who rely on their health, retirement, and other employee benefit plans for their physical and economic well-being.

Employers in these affected areas should call the IRS disaster hotline at 866.562.5277. For disaster relief specific to the EBSA, visit www.askebsa.dol.gov or 1.866.444.3272.

IRS Nebraska Announcement »

IRS Iowa Announcement »

DOL Fact Sheet »

DOL FAQs »

On March 14, 2019, the Wage and Hour Division (WHD) of the DOL issued Opinion Letter FMLA 2019-1-A. Opinion letters are not considered formal guidance. They are only intended for the party submitting the inquiry. However, they do provide insight into how the DOL would view a similar set of facts and circumstances.

The requester asked the DOL if an eligible employee’s use of paid leave extends or delays an employee’s entitlement to 12 weeks of unpaid leave under FMLA. The WHD responded that the use of paid leave would neither delay nor extend an eligible employee’s FMLA leave entitlement. This is based on the DOL regulations that require an employer to provide a notice designating leave as FMLA within five business days, absent extenuating circumstances, after the employer has enough information to determine whether the leave is being taken for a FMLA-qualifying reason.

The regulations further provide that paid leave provided by the employer runs concurrently with FMLA. An employer may choose to be more generous than FMLA requires and provide additional paid or unpaid leave to an employee, but an employer may not designate more than 12 weeks of leave (or more than 26 weeks of military caregiver leave) as FMLA-protected.

The letter does not change an employer’s existing obligations under FMLA. However, it does serve as a good reminder that as soon as an employer has knowledge that an employee is absent for an FMLA qualifying reason, then they should send the designation notice within five business days regardless of whether the employee is using paid time off, receiving workers compensation benefits or other paid leave benefits.

WHD Opinion Letter FMLA 2019-1-A »

On Feb. 27, 2019, the DOL released an information letter provided to the Justus Group, L3C (Justus). Justus is a patient advocate and health care claim recovery expert for plan participants both at the initial application stage and at the appeals stages. As background, DOL information letters call attention to established principals under ERISA. This letter confirms participants’ right to have an authorized representative communicate with the plan on their behalf.

As background, ERISA’s claims procedure regulations allow claimants to designate an authorized representative that will act on behalf of the claimant. The authorized representative should receive any notifications concerning the initial claim determination or appeal. The letter makes it clear that any procedure established for determining whether an individual is authorized to act on behalf of a claim cannot prevent claimants from choosing their representative or from designating whether the representative will act on their behalf for the initial claim or the appeal of an adverse benefit determination, or both.

The letter also reminds plan sponsors to include the procedure for designating an authorized representative in the plan documents (including the SPD).

Plan sponsors should consider this guidance when operating their plan. Their plan documents should clearly state the process by which participants can designate an authorized representative and they should not preclude participants from doing so.

Information Letter »

On March 1, 2018, the IRS released an updated version of Publication 969 for use in preparing 2018 individual federal income tax returns. While there are no major changes to the 2018 version (as compared to the 2017 version), the publication provides a general overview of HSAs, HRAs and health FSAs, including brief descriptions of benefits, eligibility requirements, contribution limits and distribution issues.

Minor changes include the 2018 limits for HSA contributions (the single-only contribution limit increased to $3,450 and the family contribution limit increased to $6,900). A note explains that the 2018 HSA contribution maximum for individuals with family coverage was lowered to $6,850 and then restored to $6,900. Taxpayers who received distributions of excess contributions because of the temporary limit reduction are informed that they may recontribute those distributions without adverse tax consequences.

Further, regarding the updated annual deductible and out-of-pocket maximums for HSA-qualifying HDHPs, the deductible limit increased to $1,350 for single-only coverage and $2,700 for family coverage, and the out-of-pocket maximum limit increased to $6,650 for single-only coverage and remained at $13,300 for family coverage. The publication also reminds employers that for plan years beginning in 2018, salary reduction contributions to a health FSA cannot be more than $2,650 per year.

The publication serves as a helpful guide for employers with these types of consumer reimbursement arrangements, particularly for employees that may have questions in preparing their 2018 individual federal income tax returns.

IRS Publication 969 »

On Feb. 7, 2019, HHS announced that its final settlement of the year occurred in December 2018, when Cottage Health agreed to pay $3,000,000 and to adopt a substantial corrective action plan to settle potential violations of HIPAA.

As background, Cottage Health operates Santa Barbara Cottage Hospital, Santa Ynez Cottage Hospital, Goleta Valley Cottage Hospital and Cottage Rehabilitation Hospital, in California. The HHS Office for Civil Rights (OCR) received two notifications from Cottage Health regarding breaches of unsecured electronic protected health information (ePHI) affecting over 62,500 individuals, one in December 2013 and another in December 2015. OCR is responsible for HIPAA enforcement and investigated the two reported breaches.

The first breach arose when ePHI on a Cottage Health server was accessible from the internet. OCR’s investigation determined that security configuration settings of the Windows operating system permitted access to files containing ePHI without requiring a username and password. As a result, patient names, addresses, dates of birth, diagnoses, conditions, lab results and other treatment information were available to anyone with access to Cottage Health’s server.

The second breach occurred when a server was misconfigured following an IT response to a troubleshooting ticket, exposing unsecured ePHI over the internet. This ePHI included patient names, addresses, dates of birth, social security numbers, diagnoses, conditions and other treatment information.

OCR’s investigation into Cottage Health found that they failed to:

• Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of the ePHI
• Implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level
• Perform periodic technical and non-technical evaluations in response to environmental or operational changes affecting the security of ePHI
• Obtain a written business associate agreement with a contractor that maintained ePHI on its behalf

For employers, this decision is a great reminder that the OCR is actively pursuing HIPAA violations, especially those issues related to data security. Employers should conduct routine risk assessments and address any discovered vulnerabilities. When a company is investigated, the OCR will likely impose penalties if a company fails to implement effective safeguards, such as data encryption, as required to protect sensitive information.

Finally, OCR concluded an all-time record year in HIPAA enforcement activity. In 2018, OCR settled 10 cases and was granted summary judgment in a case before an Administrative Law Judge, together totaling $28.7 million from enforcement actions. This total surpassed the previous record of $23.5 million, set in 2016, by 22 percent. In addition, OCR achieved the single largest individual HIPAA settlement in history of $16 million with Anthem, Inc., representing a nearly three-fold increase over the previous record settlement of $5.5 million in 2016. A summary of all 2018 OCR HIPAA settlements and judgments may be found at on the HHS website’s Health Information Privacy page.

OCR Press Release »
Resolution Agreement »

The IRS Office of the Chief Counsel recently re-issued an information letter related to contributions mistakenly made to an employee’s HSA. The guidance is in response to a taxpayer’s letter dated September 2015 requesting clarification on circumstances under which an employer may recoup contributions to an employee’s HSA. Generally, such information letters cannot be relied upon as official guidance. However, they do provide insight as to how an IRS representative may view similar circumstances.

As background, contributions to an employee’s HSA are generally non-forfeitable, which means once the contribution has been made to the account, the employer can’t recoup it. There are two exceptions provided in official IRS guidance. The first involves an individual who was never HSA eligible. If they were never HSA eligible, they were not eligible to open the account or receive the contributions. Under those circumstances, the employer may work with the HSA trustee to recoup the contributions.

The second exception to the non-forfeitable contribution rule involves an individual who has contributed more than the annual statutory maximum limit set by the IRS. For example, if an employer’s contribution to an employee with self-only coverage in 2019 resulted in the employee exceeding the $3,500 statutory limit, the employer could work with the HSA trustee to recoup the amount that exceeds the limit.

In Information Letter 2018-0033, the IRS informally indicates that an HSA contribution amount could be recouped if there is clear documentary evidence of an administrative or process error. This is consistent with corrective actions under other laws that require that the parties be placed back in the same position as if the error had not occurred. The letter provides some examples that might fall under this standard:

1. The employer withholds more than the employee actually elected
2. An employer contributed the wrong amount because an incorrect spreadsheet was accessed or employees with similar names were switched
3. A payroll administrator incorrectly enters data
4. Duplicate payroll files are transmitted
5. An employee’s election change is not processed timely
6. A decimal point was set incorrectly

Again, the letter cannot be relied upon as official guidance. If circumstances are similar to one of the identified events above, it may be possible for an employer to recoup the payment. The employer would want to discuss with outside counsel and the HSA trustee to determine options.

Information Letter 2018-0033 »

The IRS recently issued 2018 Form 8994 and the corresponding instructions intended for employers to determine the tax credit available to them for providing paid family and medical leave.

As background, the Tax Cut and Jobs Act of 2017 created a new employer credit available for those that offer qualifying paid family and medical leave for tax years beginning after 2017 and before 2020. To claim the credit, eligible employers must have a written program that pays at least 50 percent of wages paid for up to 12 weeks of family and medical leave a year, with the credit ranging from 12.5 to 25 percent.

Form 8994 requires employers to confirm four statements:

1. That there is a written policy providing for at least two weeks of annual paid family and medical leave for qualifying employees.
2. That the written policy provides paid family and medical leave of at least 50 percent of the wages normally paid to a qualifying employee.
3. That the family and medical leave was paid to at least one qualifying employee during the tax year.
4. That if at least one qualifying employee that was not covered by the FMLA was employed during the year, that the written paid family and medical leave policy complies with FMLA’s “non-interference” language.

Form 8994 also provides the lines to calculate the appropriate credit amount.

Employers that provided qualifying paid family and medical leave during the 2018 tax year should work with their tax advisers to properly complete this form. If an employer didn’t offer paid family and medical leave during 2018, but is considering the opportunity for 2019, then this Form can be used as a guide. The IRS has indicated that it intends to issue proposed regulations on this tax credit, so we will continue to monitor and update as needed.

Form 8994 »
Form 8994 Instructions »

On Jan. 15, 2019, the DOL published a pre-publication version of the final rule adjusting for inflation of civil monetary penalties under ERISA. (They were unable to publish an official version due to the lapse in funding for certain government agencies.) The pre-published version of the final rule is for informational purposes only until the official rule is published in the Federal Register. Thus, until the official version is published in the Federal Register, the effective date of the 2019 final rule is delayed.

As background, federal law requires agencies to adjust their civil monetary penalties for inflation on an annual basis. The DOL last adjusted certain penalties under ERISA in January 2018 (as discussed in the Jan. 9, 2018, article here).

Among other changes, the EBSA is increasing the following penalties that may be levied against sponsors of ERISA-covered plans:

• The penalty for a failure to file Form 5500 will increase from a maximum of $2,140 per day to a maximum of $2,194 per day.
• The penalty for a failure to furnish information requested by the DOL will increase from a maximum of $152 per day to a maximum of $156 per day.
• The penalty for a failure to provide CHIP notices will increase from a maximum of $114 per day to a maximum of $117 per day.
• The penalty for a failure to comply with GINA will increase from $114 per day to $117 per day.
• The penalty for a failure to furnish SBCs will increase from a maximum of $1,128 per failure to a maximum of $1,156 per failure.
• The penalty for a failure to file Form M-1 (for MEWAs) will increase from $1,558 to $1,597.
• The regulations also increased penalties resulting from other reporting and disclosure failures.

These new amounts will go into effect following official publication in the Federal Register. Until then, employers should familiarize themselves with these unofficial penalty amounts for 2019.

For more information on the new penalties, including the complete listing of changed penalties, please review the pre-publication version of the final rule below. Additionally, consult with your advisor if you have questions about the imposition of these penalties.

News Release »
Pre-Published Version of Final Rule »

The IRS recently released the updated version of Publication 502 (Medical and Dental Expenses). The publication has been updated for use in preparing taxpayers’ 2018 federal income tax returns.

Publication 502 describes which medical expenses are deductible. For employers, Publication 502 provides valuable guidance on which expenses might qualify as IRC Section 213(d) medical expenses, which is helpful in identifying expenses that may be reimbursed or paid by a health FSA, HRA (or other employer-sponsored group health plan) or an HSA. However, employers should understand that Publication 502 does not include all of the rules for reimbursing expenses under those plans.

The recently released Publication 502 is substantially similar to prior versions. Dollar amounts have been updated, where appropriate, to account for inflation (e.g. the standard mileage rate for use of an automobile to obtain medical care).

Publication 502 »

As expected, the part of the final ADA wellness rules related to incentives has been removed from the regulations. The rules were originally effective for plan years starting on or after Jan. 1, 2017. They limited the amount of a reward or incentive offered through an employer sponsored wellness program to 30 percent of the premium cost if the program involved a disability related inquiry or medical examination. The AARP then challenged the incentive part of the regulations arguing that the incentive differential was too high considering the high cost of health coverage and lead to discrimination against older Americans. As discussed in the Jan. 8, 2018, edition of Compliance Corner, the U.S. District Court for the District of Columbia ruled in December 2017 that the relevant section of the regulations would be vacated effective 2019.

The EEOC had an opportunity to reconsider their regulations and issue revised rules. They have not done so to date. Thus, the incentive portion of the regulations are no longer in effect and are removed effective Jan. 1, 2019.

Importantly, the HIPAA rules related to wellness programs (including a limitation on reward amounts, requirement to provide a reasonable alternative standard, and an additional notice requirement) aren’t impacted by this action and remain applicable to employer-sponsored wellness programs.

Additionally, the EEOC Wellness Notice requirement was not impacted and is still required for employer sponsored programs involving a disability related inquiry (such as a health risk assessment) or medical examination (including a biometric screening). Employers who continue to impose a penalty or provide an incentive for such programs should work with outside counsel to determine next steps and guidance for their program.

Removal of ADA Wellness Rules »
Removal of GINA Wellness Rules »

The IRS recently published updated versions of Forms 5498-SA and 1099-SA and combined instructions for 2019.

As background, the IRS requires HSA trustees and custodians to report certain information to the IRS and to the HSA holder regarding contributions, distributions, the return of excess contributions and other matters the IRS deems appropriate. Form 5498-SA is used by trustees and custodians of HSAs and Archer MSAs to report contributions and any administration or account maintenance fees. Form 1099-SA is used to report distributions, including any curative distributions in the event of excess contributions. HSA account holders report contributions and distributions on Form 8889.

Other than updated filing and delivery deadlines, the 2019 forms and related instructions are largely unchanged from the 2018 versions.

Forms 1099-SA and 5498-SA generally apply only to HSA trustees and custodians. However, employers that offer an HSA may want to familiarize themselves with these forms, particularly in the event of any excess contributions.

Form 5498-SA »
Form 1099-SA »
Form 1099-SA and 5498-SA Instructions »

On Dec. 10, 2018, the IRS published two notices (2018-99 and 2018-100) and a news release relating to tax-exempt organizations, nondeductible parking expenses and limited unrelated business taxable income (UBTI) relief. As background, the Tax Cuts and Jobs Act of 2017, enacted in December 2017, makes qualified transportation benefit expenses nondeductible (for 2018 and beyond). If such expenses are incurred by a tax-exempt organization, those expenses are treated as UBTI. The two 2018 notices provide guidance on nondeductible parking expenses and UBTI.

On nondeductible parking expenses (under Notice 2018-99), the amount of parking expenses that will be treated as nondeductible business expenses (and therefore UBTI for a tax-exempt organization) depends on how those parking expenses are provided — as payments to a third party or through employer-owned or leased parking facilities. On payments to a third party, the process is straightforward: the nondeductible expense is the amount paid to the third party (up to the monthly limit for qualified parking benefits (which was $260 for 2018). Since payments above the monthly limit are not excludable from an employee’s income, those payments are unaffected by the rule that disallows deductions for qualified transportation fringe benefits. Instead, they are treated as employee compensation (subject to employment and income tax withholding, the same as any other taxable compensation).

On employer-owned or leased facilities, the process is less clear: the employer should use any reasonable method to determine the nondeductible expense. The notice outlines a four-step process that would be deemed reasonable; the process looks at several factors relating to the employee’s use of the employer-owned parking facility, and whether that use is a primary use for employees versus the general public.

Notice 2018-99 also addresses UBTI. Specifically, the notice confirms the general notion that rules for determining UBTI attributable to qualified transportation fringe benefits provided by a tax-exempt organization mirror the rules for other taxpayers. In addition, though, the notice clarifies that tax-exempt organizations that have only one unrelated business or trade may reduce UBTI by the amount of any unused deductions that exceed the gross income of that trade or business. The notice also explains that tax-exempt organizations with less than $1,000 in UBTI do not need to file Form 990-T (Exempt Organization Business Income Tax Return) or pay UBTI tax.

Lastly, Notice 2018-100 provides a waiver for certain tax-exempt organizations. As background, tax-exempt organizations that underpay their estimated taxes are normally assessed a penalty. The notice provides a waiver from that penalty if the underpayment results from changes to the tax treatment of qualified transportation fringe benefits. In other words, if the employer otherwise reported and paid UBTI for all unrelated business income except that relating to qualified transportation fringe benefits, the underpayment penalty will be waived. The notice provides details on how tax-exempt organizations would claim that waiver.

Overall, because tax-exempt organizations face many challenges with regard to federal taxation and filings, and because UBTI is really outside the scope of employee benefits, employers should work with their accountant or tax counsel in understanding and applying the above IRS guidance.

Notice 2018-99 »
Notice 2018-100 »
IRS News Release »

On Nov. 30, 2018, the DOL announced that it has entered into a settlement to resolve its lawsuit against Dorel Juvenile Group, Inc., a Massachusetts based juvenile products company with thirty-four locations worldwide. The DOL challenged Dorel’s wellness program under ERISA by alleging that the employer breached their fiduciary responsibilities and discriminated against employees from 2013 to 2017 by requiring them to pay health premium surcharges through the imposition of an impermissible wellness program.

Specifically, the DOL filed its lawsuit in U.S. District Court for the Southern District of Indiana and contended that Dorel instituted a wellness program that unlawfully required employees to pay a tobacco use surcharge without the availability of the required reasonable alternative standard or waiver.

As background, if a wellness program provides a reward (premium reduction) for individuals satisfying a standard related to a health factor (in this case, the health factor being nicotine-free), then this is called an outcomes-based health contingent wellness program and the program must meet five requirements in order to comply with the HIPAA nondiscrimination rules.

First, the premium differential may not exceed 30 percent. If the program is designed to eliminate or reduce tobacco usage, the reward may be up to 50 percent of the premium cost. This means that the amount of the reward (or premium reduction) given for being nicotine free cannot be more than 50 percent of the total premium cost. The cost is based on the employer and employee contributions for self-only coverage. If the spouse and dependents are also included in the wellness program, then the reward may be based on the cost of the applicable premium.

Second, the program should be designed to "promote health and prevent disease." The employer should have written documents explaining the program and its purpose.

Third, participants must be offered an opportunity at least once annually to meet the standard and thus qualify for the reward.

Fourth, the employer must offer a reasonable alternative standard for obtaining the reward. In other words, the employer must provide an alternative way for an employee (spouse or child) to receive the reward other than being tobacco free. A reasonable alternative must be provided to all individuals who do not meet the requirement of being tobacco free. For example, many employers choose to require a smoking cessation program as the reasonable alternative standard.

So, the employer can require the employees to meet this standard each plan year. However, the employer has to give the employee the entire plan year to complete the reasonable alternative standard. Additionally, the employer would have to make the reward retroactive to the beginning of the plan year.

Fifth and finally, all program materials must include information on the availability of a reasonable alternative standard.

As part of the settlement Dorel must revise the tobacco surcharge contained in its wellness program to comply with HIPAA, which prohibits group health plans from discriminating against individuals in eligibility and continued eligibility for benefits and in individual premium or contribution rates on the basis of any health status-related factor. Dorel must also ensure that participants who utilize a reasonable alternative standard earn the same reward as non-tobacco users and cannot require plan participants to submit a tobacco use certification more than once per year.

Additionally, under the settlement Dorel agreed to pay restitution of $145,635 to 596 employees of their California, Indiana, and Massachusetts facilities who paid a tobacco use surcharge as part of their medical insurance premium during the period 2013 to 2017.

Finally, Dorel was also assessed a civil penalty under ERISA for breach of fiduciary duty totaling $29,127, which is twenty percent of the applicable recovery amount. The DOL agreed to compromise and reduce the amount of the penalty to $14,563.50, which is a fifty percent reduction, if Dorel waived certain notice rights regarding the penalty and its right to seek any further reduction of the penalty under ERISA.

Employers sponsoring a wellness program should consider the consequences of failing to do so in a HIPAA-compliant manner. Contact your advisor for more detailed information on the HIPAA wellness requirements.

Consent Order »
DOL Press Release »

On Dec. 14, 2018, the IRS issued Notice 2019-02 which provides the 2019 standard mileage rate for use of an automobile to obtain medical care. The 2019 mileage rate increased to 20 cents per mile, which is up two cents from the 2018 rate. Mileage costs may be deductible under Code § 213 if it is primarily for, and essential to, receiving medical care.

Generally, use of the standard mileage rate is optional, but it can be used instead of calculating variable expenses (e.g., gas and oil) incurred when a car is used to attain medical care. Parking fees and tolls related to use of an automobile for medical expense purposes may be deductible as separate items. However, fixed costs (such as depreciation, lease payments, insurance, and license and registration fees) are not deductible for these purposes and are not reflected in the standard mileage rate for medical care expenses.

In addition, transportation costs that are qualified medical expenses under Code § 213 generally can be reimbursed on a tax-free basis by a health FSA, HRA, or HSA, assuming the plan document allows for it.

IRS News Release »
Notice 2019-02 »