Category Archives: Employee Benefits
In early February 2015, Anthem, Inc. reported that on January 29, 2015, it had discovered that it was the target of “a very sophisticated external cyber attack.” Anthem believes the attack happened over the course of several weeks, starting on December 10, 2014. Accessed information may have included the names, dates of birth, social security numbers, home addresses, email addresses, and income data of current or former members of one of Anthem’s affiliated health plans, or one of the health plans that Anthem provides administrative services to. Anthem is one of the largest health insurance companies in the United States, and one of the largest service provider to self-funded group health plans and Blue Cross and Blue Shield plans across the country. Over 300,000 Minnesotans may have been affected by this breach.
What this means for you:
- If you are one of the individuals that were directly affected by this breach, you should take advantage of the credit monitoring protection offered by Anthem and continue to watch your banking and other financial accounts for any potential suspicious activity. Anthem will contact affected individuals. However, if you have not yet been contacted by Anthem, but believe you may have been affected by the breach, you can contact Anthem directly by calling (877) 263-7995.
- If you represent an employer that sponsors a group health plan insured or administered by Anthem, you may need to provide notice to the participants in your plan, and may need to provide notice of the breach to the Department of Health and Human Services (HHS), as required by the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA). Some state laws also require notifications in these types of instances. As a result, you should contact your company’s employee benefits counsel to determine specifically what notice requirements apply in this case. Anthem may take the lead in fulfilling any notice requirements that apply to your plan, especially if Anthem fully insures the plan. However, as the plan sponsor, your company is generally ultimately responsible for making sure all HIPAA requirements are met, especially if the plan is self-insured and Anthem only serves as the claims administrator. In addition, you should consult your plan’s HIPAA privacy and security policies to determine if further actions are required due to this breach. HIPAA generally requires all group health plans have privacy and security policies and procedures. Therefore, you should make sure you have HIPAA compliant policies and procedures in place for your plan, and that you are following them. Anthem will contact affected plan sponsors. However, if you have not yet been contacted by Anthem, but believe your plan may have been affected by the breach, you can contact Anthem directly by calling (877) 263-7995.
- If you represent an employer that sponsors a group health plan that is not insured or administered by Anthem, you should still familiarize yourself with this breach for two reasons. First, you still may get questions from employees wondering if they are affected. Second, it can serve as a good test of your HIPAA privacy and security policies and procedures. HIPAA generally requires all group health plans have privacy and security policies and procedures. If you do not have such policies and procedures, this serves as a good reminder to implement such policies and procedures as soon as possible. You can be thankful that your plan was not affected this time. But you may not be so lucky next time. In addition, even if your plan is never affected by a breach, HHS has the authority, and regularly exercises such authority, to audit group health plans for HIPAA compliance, and to assess significant fines for noncompliance. Therefore, you should make sure you have HIPAA compliant policies and procedures in place for your plan, and that you are following them.
- If your company provides services to another company, and in the course of providing such services, your company receives, transmits, stores, or otherwise has access to certain health information of individuals, your company may be considered a “business associate” under HIPAA. In that case, HIPAA imposes direct liability on your company for certain HIPAA requirements, and your clients will also expect your company to be HIPAA compliant. As a result of the Anthem breach, your clients may be more interested in your HIPAA policies and procedures, since they do not want to risk being responsible for a HIPAA violation that was caused by your company. Therefore, you should also make sure you have HIPAA compliant policies and procedures in place for your company, and that you are following them.
Takeaway: Clearly if you were directly affected by the Anthem breach, either as an individual whose personal data may have been compromised, or as the representative of a company that sponsors a group health plan insured or administered by Anthem, you should take immediate action to obtain credit monitoring (in the case of an individual) or consult with your company’s employee benefits counsel regarding HIPAA notification requirements. However, even if you were not directly affected by this data breach, if you represent a company that sponsors a group health plan and/or your company is a “business associate,” this data breach serves as a good reminder to make sure you are in compliance with HIPAA. At a minimum you should have, and be following, HIPAA compliant policies and procedures. Two of the most important policies are to conduct a comprehensive security risk assessment and to conduct on-going employee training. If you do not currently have HIPAA compliant policies and procedures, or you are not sure if they are HIPAA compliant, you should contact your company’s employee benefits counsel as soon as possible.
A leading group of chief executives is threatening political repercussions for the EEOC’s recent challenge to employer wellness programs.
The EEOC has several pending lawsuits challenging aspects of employer wellness programs. A federal court in Minnesota recently denied the EEOC’s motion for a preliminary injunction against surcharges imposed by Honeywell for employees who do not participate in certain biometric screenings. In denying the motion, the court cited a provision of the Affordable Care Act (ACA) that expressly states that “the absence of a surcharge” may be used as a reward in a wellness program.
Now, a group of chief executives are using political pressure to push back against the EEOC’s challenges to wellness programs. Business Roundtable, a group that represents chief executives of 200 large U.S. corporations, intends to meet with President Obama about the issue soon. According to CNBC, the group is upset that the EEOC is challenging wellness programs that are authorized by the ACA. Potential options that members of the Business Roundtable group have for increasing political pressure regarding this issue include: (i) supporting legal challenges to the ACA; (ii) making executives available for hearings about potential changes to or repeal of the ACA; or (iii) ceasing to offer employer-provided healthcare plans and, instead, provide subsidies for employees to buy healthcare elsewhere.
Takeaway: In addition to the legal problems with the EEOC’s challenge to wellness programs noted by the court in the recent Honeywell decision, political pressure from leading executives may provide another headwind for the EEOC’s new initiative.
The U.S. District Court for the District of Minnesota recently denied a motion for a preliminary injunction against aspects of Honeywell’s wellness program.
In EEOC v. Honeywell International, Inc., the EEOC challenged certain surcharges that Honeywell imposes on employees who participate in the Company’s High Deductible Health Plan and do not participate in a wellness program with required biometric screenings. No. 14-4517 ADM/TNL (D. Minn., Nov. 6, 2014). In order to be eligible for a Health Savings Account, employees who participate in the wellness program are required to be screened for blood pressure, height, weight, waist circumference, and cholesterol, glucose and nicotine levels. Employees who do not participate are subject to a $500 annual surcharge. Employees and their spouses may also be subject to $1,000 annual surcharge if they are tobacco users. Employees and spouses who refuse to be screened are presumed to be tobacco users, unless they establish that they are tobacco free in another way. When employees agree to the testing, Honeywell receives the data in aggregate form, but does not receive individual results.
The EEOC alleges that Honeywell’s wellness program violates the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA) and sought a preliminary injunction against the imposition of surcharges while the case is pending. The court denied the motion for a preliminary injunction.
In order to obtain a preliminary injunction, the EEOC needed to show four things: (1) the threat of irreparable harm; (2) that the balance of harms favored the injunction; (3) the likelihood of success on the merits; and (4) that the public interest favored the injunction. The court found that the EEOC failed to prove irreparable harm, explaining that the three employees represented by the EEOC had already agreed to the biometric testing and did not demonstrate any potential violation of their privacy. The court also found that the balance of harms did not favor the injunction because the injunction would likely result in increased costs for Honeywell’s healthcare program and would create problems for the administration of the health plan.
With respect to likelihood of success on the merits, the court did not analyze the issue in-depth, but identified some potential problems for the EEOC’s case. First, the Court noted that Honeywell’s wellness program may qualify for the safe harbor provision of the ADA, which allows companies to establish or administer “the terms of a bona fide benefit plan that are based on underwriting risks, classifying risks, or administering such risks that are based on or not inconsistent with state law.” 42 U.S.C. § 12201(c)(2). Second, the court noted that Congress specifically approved of surcharges in a provision of the Affordable Care Act, which provides that “the absence of a surcharge” may be used as a reward in a wellness program. Third, the court noted that the biometric screening may not constitute a “genetic test” for purposes of GINA, which is defined as “analysis of human DNA, RNA, chromosomes, proteins, or metabolites, that detects genotypes, mutations, or chromosomal changes.” 29 U.S.C. § 1191b(d)(7).
The court concluded by stating that “great uncertainty persists in regard to how the ACA, ADA and other federal statutes such as GINA are intended to interact.” As a result, the Court refused to issue a preliminary injunction against Honeywell’s wellness program.
Takeaway: The Honeywell case is an important test case regarding the viability of wellness programs with financial surcharges. The Court’s initial denial of the EEOC’s motion for a preliminary injunction is a positive sign that the practice may be permissible, but it is not a final decision on the merits.
On October 23, 2014, the Internal Revenue Service announced the 2015 cost-of-living adjusted amounts for certain retirement plan limitations. Earlier in 2014, the Internal Revenue Service announced the 2015 cost-of-living adjustments affecting health savings accounts and high deductible health plans, and on October 22, 2014, the Social Security Administration announced the 2015 cost-of-living adjustments related to Social Security benefits.
A list of the most significant of these cost-of-living adjusted amounts is available here.
On the last day of its term, the Supreme Court issued its decision in Burwell v. Hobby Lobby Stores, Inc., No. 13-354 (June 30, 2014) – a highly contentious case about whether closely-held for-profit corporations can be required to provide insurance coverage for certain contraceptives. Here’s a high-level overview of what employers should know about the case:
The Religious Freedom Restoration Act (RFRA): The Hobby Lobby case was not a First Amendment freedom of religion case. Instead, it involved RFRA, a federal statute that prohibits the Government from substantially burdening “a person’s exercise of religion even if the burden results from a rule of general applicability,” unless the Government demonstrates it: “(1) is in furtherance of a compelling governmental interest; and (2) is the least restrictive means of furthering that compelling governmental interest.” 42 U.S.C. § 2000bb-1(a-b).
The Contraceptive Mandate: In Hobby Lobby, the plaintiffs challenged the application of a mandate to cover certain contraceptives arising under the Affordable Care Act, which requires certain employers’ group health plans to provide “preventive care and screenings” for women without “any cost sharing requirements.” 42 U.S.C. § 300gg-13(a)(4). Regulations implemented by the Department of Health and Human Services (HHS) specify that this generally requires employers to provide 20 contraceptives. The plaintiffs in Hobby Lobby objected to four of those contraceptives on the grounds that they prevented fertilized eggs from developing further by inhibiting attachment to the uterus.
Does RFRA Apply to Closely-Held Corporations? Justice Alito, writing for the majority, held that RFRA’s use of the term “person” applied to closely-held for-profit corporations and that it was intended to extend rights to corporations to protect the rights of shareholders, officers, and employees. Justice Ginsburg, writing for the dissent, argued strongly against this interpretation and questioned how the majority could confine its reasoning to closely-held corporations only.
Does the Contraceptive Mandate Substantially Burden Religion? The majority said yes, reasoning that the contraceptive mandate required the plaintiffs to cover contraceptives that violated their sincerely held beliefs or pay substantial fines. In dissent, Justice Ginsburg argued that the majority confused the sincerity of the plaintiffs’ belief with the substantiality of the alleged burden. Justice Ginsburg argued that requiring the plaintiffs to fund general health insurance policies, which may or may not be used for contraceptives based on decisions made by others, was “too attenuated to rank as substantial.”
Does the Contraceptive Mandate Further a Compelling Governmental Interest? The majority assumed, without deciding, that the contraceptive mandate furthered a compelling governmental interest. The dissent agreed that it did.
Is There a Least Restrictive Alternative To the Contraceptive Mandate? This is the issue where the plaintiffs won their case. The majority held that there was a less restrictive alternative available – specifically, HHS already created an alternative system for non-profit religious organizations, like churches, to opt-out of the contraceptive mandate. The system allows a non-profit religious organization to self-certify that it religiously objects to certain contraceptives. If this certification is made, the insurer must then cover the costs of those contraceptives. See 45 C.F.R. § 147.131. The majority held that there was no reason the government could not make this option available to closely-held for-profit corporations with religious objections. Accordingly, imposing the contraceptive mandate on closely-held for-profit corporations violated RFRA because it was not the least restrictive alternative.
Writing for the dissent, Justice Ginsburg argued that there was a valid basis for distinguishing between non-profit religious organizations, which are designed to serve a community of believers, and for-profit corporations, which are not. Justice Ginsburg further argued that the alternative made available for religious organizations does not accomplish the ACA’s goals of providing employer-based health insurance and minimizing the administrative obstacles that employees may face in getting health insurance from another source. Justice Ginsburg also worried about the “stopping point” for the majority’s reasoning and whether it would apply to other issues, such as health coverage for vaccines or application of the minimum wage.
Takeaway: The Supreme Court held in Hobby Lobby that applying the ACA’s contraceptive mandate to closely-held for-profit-corporations violates RFRA. Given the reasoning employed by the court, it is likely that HHS will issue new regulations allowing closely-held for-profit corporations to self-certify their religious objections to the contraceptive mandate, similar to the current regulations for non-profit religious organizations. It is also likely that there will be more RFRA lawsuits involving for-profit corporations that will seek to extend the reasoning adopted by the Court in Hobby Lobby to other areas.
On October 31, 2013, the Internal Revenue Service got into the Halloween spirit by giving what at first appears to be nothing but a treat to health flexible spending account participants. The IRS, in Notice 2013-71, modified the “use it or lose it” rule that applies to health flexible spending accounts. While this change may appear at first to be nothing but good news, an employer must review and understand the new “use it or lose it” rule, to avoid being tricked.
Under the new rule, an employer’s health flexible spending account may allow up to $500 of a participant’s health FSA to be carried over into the next year. A plan may allow a carryover limit of less than $500, or may not allow any carryover at all. But if an employer wants to add a carryover feature to its health FSA, there are a few rules that must be followed, including:
- The carryover cannot exceed $500;
- The carryover only applies to a health FSA (i.e., not to a dependent care FSA);
- The carryover does not reduce the maximum amount that generally applies to health FSAs ($2,500 for 2013 and 2014);
- A carryover may not be permitted with a grace period; a plan may have a carryover feature, or a grace period, but not both;
- Amounts carried over must be used in the subsequent plan year, or forfeited by the end of the subsequent year;
- A plan must be amended to allow the carryover before the end of the first year in which the carryover will be allowed, except an employer can administer the plan with a carryover for the 2013 plan year without having to formally amend the plan until 2014; and
- A carryover in a general-purpose FSA may result in an individual being ineligible to contribute to a health savings account for the entire year that the amounts are carried over to.
Takeaway: The new carryover feature will certainly be welcome news to many employers. However, considering that the IRS announcement did not occur until most employers were in, or near, their annual enrollment period, it may make sense for an employer to wait until 2014 to implement the new feature, especially if the employer’s plan already has a grace period, which would need to be eliminated if the carryover feature is adopted. Nonetheless, it is a new feature that every employer with a health FSA should at least consider.
On October 31, 2013, the Internal Revenue Service announced the 2014 cost-of-living adjusted amounts for certain retirement plan limitations and limitations affecting certain fringe benefits. On May 2, 2013, the Internal Revenue Service announced the 2014 cost-of-living adjustments affecting health savings accounts, and on October 31, 2013, the Social Security Administration announced the 2014 cost-of-living adjustments related to Social Security benefits.
A list of the most significant of these cost-of-living adjusted amounts is available here.
Ok, employers don’t need to hold everything. They should continue to prepare for the August 1 effective date of Minnesota’s new same-sex marriage law, and the September 23 effective date of new requirements under the HIPAA Omnibus Rule. And employers still need to make sure their wellness programs comply with final regulations issued earlier this year, and still need to make sure they are compliant with many of the other requirements under the Affordable Care Act (ACA) that are effective between now and January 1, 2014. But at least employers can “put down their pencils” with regard to their planning on how they will comply with the Employer Shared Responsibility mandate (aka the “Play or Pay” mandate), at least for one year.
On July 2, 2013, the U.S. Treasury announced that the Obama Administration will provide an additional year before the Employer Shared Responsibility mandate will be effective. The Treasury expects to publish formal guidance within the next week or so describing the details of this delayed effective date. Also, during the summer of 2014, the Treasury expects to issue additional proposed rules on how the various information reporting requirements on the mandate are to be met. Once these rules have been issued, the Administration will work with employers, insurers, and other reporting entities to strongly encourage them to voluntarily implement this information reporting in 2014, in preparation for the full application of the provisions in 2015.
Takeaway: Since penalties under the Employer Shared Responsibility mandate will not apply in 2014, employers can put on hold any changes they were intending to make to their medical plan or business hiring practices, as a result of the mandate, without having to worry about any penalties under the mandate before 2015. During this 2014 transition period, employers will need to watch for further guidance issued by the Treasury on this issue. In addition, employers can focus their benefit plan compliance efforts on more immediate concerns, such as the affect on their benefit plans of the partial repeal of DOMA, and the new HIPAA Omnibus Rule.
The Department of Health and Human Services (“HHS”) has issued additional requirements for covered entities that maintain protected health information or contract with a business associate for health plan-related services.
There are a number of technical changes made by the new guidance. The more significant changes are as follows:
- The extension of the privacy and security rules to vendors employed by business associates.
- Changes to the rule that make it more likely that notice of security breach will need to be provided to plan participants.
- Clarification as to the use of and disclosure of genetic information that will impact wellness programs.
- Agreements with business associates will need to be revised to reflect the obligations required by the new rules. A sample agreement issued by HHS is available for use.
- These new rules take effect on September 23, 2013, with the possibility that business associate agreements will not need to be revised until September 23, 2014.
Takeaways: Employers will need to review and, likely, revise their privacy and security policies and procedures to comply with these new rules. More detailed information will be provided at our April 9th seminar titled, “Safeguarding Employers in 2013.” The seminar invitation can be found here.
What Employers Are Considered “Large Employers” under the Play or Pay Mandate of the Affordable Care Act?
As stated in a previous post to this blog, the Play or Pay mandate under the Affordable Care Act only applies to “large employers.” A large employer for this purpose is an employer that employs on average at least 50 full-time equivalent employees in the preceding calendar year. However, in the case of a new employer, large employer status is based on the reasonable expectation of how many full-time equivalent employees the employer will employ in the current year.
To determine full-time equivalent employees, an employer counts every employee that is reasonably expected to work on average at least 30 hours per week, or 130 hours per month, as one full-time equivalent employee. For every other employee, their full-time equivalent status is based on how many hours they work in a month, as compared to a 120-hour per month standard.
Takeaway: The first step in the Play or Pay analysis for employers is to determine whether it is a large employer under the Affordable Care Act. The analysis is only based on the number of an employer’s full-time equivalent employees. The analysis is not based on whether the employer is a government employer, for-profit employer, or non-profit employer, as all these types of employers are potentially subject to a penalty/tax under the Play or Pay mandate of the Affordable Care Act.
This is a common question raised by employers. Fortunately, the specific answer is fairly straightforward. The Affordable Care Act does not require any employer to provide health insurance to its employees.
However, the Affordable Care Act does provide that generally beginning January 1, 2014, a large employer must provide substantially all of its full-time employees and their dependents the opportunity to enroll in affordable, minimum value health insurance, or the employer may be subject to a tax/penalty. This is commonly referred to as the Employer Shared Responsibility mandate or the Play or Pay mandate under the Affordable Care Act.
Takeaway: Even though the Affordable Care Act does not require any employer to provide health insurance to its employees, the Affordable Care Act does significantly change the analysis a company should perform in deciding whether to provide health insurance to its employees or not. It is a complicated analysis that employees should have already started to perform, or should begin to perform well before January 1, 2014. Future posts to MinnesotaEmployer.com will highlight important aspects of the analysis.
On Tuesday, February 12, 2013, and Tuesday, February 19, 2013, Steve Brunn will present “Understanding New Employer Obligations Under the Affordable Care Act” via webinar.
Heath care reform under the Affordable Care Act (“ACA”) is nothing new to employers, but 2013 could be the busiest year yet. The stakes are high, with potential penalties of $2,000 to $3,000 per employee for employers that do not offer health coverage or offer coverage that is too expensive or does not provide minimum value. These timely webinars will offer insight and practical suggestions to minimize your health insurance costs while keeping you in compliance with the new regulations.
February 12th Webinar: The February 12 webinar will be at 9:00 am CST and is being presented through Minnesota CLE (the continuing legal education affiliate of the Minnesota State Bar Association), as part of its webinar series for the newly issued Deskbook titled “Representing the Ongoing Business.” This webinar will be more focused on what lawyers and other advisors need to know to advise their clients. If you would like information about viewing this webinar or would like to register for it, click here.
February 19th Webinar: The February 19 webinar will be at noon CST and is being presented as a complimentary service to Briggs and Morgan clients and friends. Anyone who is interested may register. This webinar will be more focused on what plan sponsors need to know as they prepare for new obligations under the Affordable Care Act. If you would like information about viewing this webinar or would like to register for it, click here.