We’ve already explored the changes from the new HIPAA/HITECH omnibus final rule in detail in our client alert. However, we wanted to highlight a few important provisions (and one perhaps not as important) of the rule and provide some additional commentary.
First, as noted in the alert, business associate agreements generally do not need to be amended for the final rules until September 23, 2014. However, if the agreement is renewed or extended (other than as part of an evergreen renewing contract), it must be amended at that time. The key condition, however, is that the agreement must have been in place by January 25, 2013 (the date the regulations were published in the Federal Register). If it was not, then the deadline is a full year earlier, or September 23, 2013. HHS recently posted some sample business associate contract language on its website here.
Additionally, as has been widely reported, the “harm standard” for breaches has been replaced with factors HHS viewed as more objective. Specifically, in the preamble, they state:
“[T]the definition of breach to clarify that an impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised.”
Therefore, any impermissible use or disclosure (which also encompasses any impermissible access or acquisition) is a breach unless the plan (really, the plan administrator) can demonstrate otherwise. HHS goes on to say that a plan (administrator) can demonstrate the “low probability” only by performing a “thorough risk assessment.” In other words, now every breach needs to have a risk assessment, no matter how small or how low the likelihood of harm to the individuals whose information was used or disclosed. This means that plan administrators should consider developing a formal process for conducting these assessments (if they do not already have one) and documenting that it has been followed each time there is a breach.
When the prior breach rules were in effect, some business associates negotiated to allow themselves to make the harm determination (with appropriate indemnifications, of course). However, under this more strict standard, plan administrators may want consider taking back that role to ensure that appropriate risk assessments are conducted since ultimately, the plan will be liable for any failure to make the necessary notifications. Alternatively, it may make sense to make sure the indemnification provisions are still strong and that the business associate is required to provide notice of any potential breaches to the plan (administrator) and copies of its risk assessment.
Further, as we noted in the client alert, the Office of Civil Rights can still pursue enforcement action against a plan (administrator) for a breach even though all proper disclosures were made. So plan administrators now have to notify HHS of breaches and OCR can still come after them. This was recently demonstrated by the enforcement action against Hospice of North Idaho that we discussed in this prior post.
While not especially relevant for health plans, HHS did revise the definition of protected health information to exclude information of individuals who have been deceased for more than 50 years. One can’t help but wonder if this will cause the development of a cottage industry of farming and sharing health information of long-deceased individuals, like a health-information-only version of genealogy research websites, where one can discover that his or her not-so-distant ancestors were treated for certain (let’s just call them “personal”) diseases.
The rule makes many other changes, and we refer you to our client alert for more discussion on those items. Compliance is generally required by September 23 (except for business associate agreements, as described above). These are our highlights, but what are yours? What did you find most important (or interesting) about the final rule?
On January 24, the Departments overseeing health care reform implementation issued additional FAQs. (Despite this being the 11th installment of FAQs, the Departments still has yet to address the most frequently asked question we receive from clients about the Affordable Care Act, which is, “Are you kidding me?” A.: “No.”).
The Departments addressed the following issues in the FAQs:
- Under health reform, employers were supposed to provide a notice of the availability of coverage through health insurance exchanges by March 1. That deadline has been pushed back until after regulations can be issued.
- The FAQs also talk about HRAs. Essentially, unless the health reimbursement arrangement is truly and completely integrated with a group health plan (meaning the participant only gets the HRA if he or she is also enrolled in major medical coverage from the employer that complies with PPACA), it will be noncompliant beginning January 1, 2014. Readers may recall that the CCIIO (part of the alphabet soup under HHS) gave HRAs a pass on the rules eliminating lifetime and annual limits until January 1, 2014.
- The Departments clarified that nothing in the act prohibits a health care provider from asking his/her patient about guns. Under PPACA, wellness and health promotion programs are prohibited from asking about the legal ownership and use of firearms and some individuals were concerned that this provision would restrict conversations with their providers regarding guns.
- Regarding Medicare Part D, some self-insured plans that offer additional drugs beyond what Medicare Part D requires could potentially be required to comply with health reform. This would only be the case of the Part D benefit was aggregated with or part of the active group health plan. (If it was retiree-only, it would be exempt.) While there is an exception for Medicare supplemental coverage that is insured, no similar exemption exists for self-funded plans. The Departments said they would not take enforcement action against those self-funded plans for non-compliance with health reform, pending further guidance.
- Interestingly, there are apparently some people who were confused as to what “fixed indemnity” insurance was. These plans pay a fixed dollar amount per day or other period regardless of expenses incurred (e.g., $100/day while you’re in the hospital). They don’t pay based on service, but based on time. However, some plans marketed as “indemnity” plans apparently varied the rate of pay based on types or occurrences of procedures or the setting of treatment. That’s not indemnity; that’s a mini-med plan. While indemnity plans are exempt from health reform, no similar categorical exemption exists for mini-med plans. The FAQs were basically a shot across the bow that the Departments will be coming after those mini-meds-in-indemnity-clothing plans.
- Finally, the Departments confirmed that a multiemployer health plan can pay the PCORI Fees from trust assets, unless the plan document for the plan specifies another source for the fee. This was important since usually the boards of trustees (who are the plan administrators of these plans) for these plans do not have any independent funds. However, the Departments stressed that this conclusion cannot be applied to an association plan or a single-employer plan that is funded through a VEBA as a where plan sponsor or other funds are available to satisfy the fee.
In the first post of this series, we discussed the approach described by the Government Accountability Office (GAO) in evaluating tax expenditures and laid out the issues that impact treating the deduction, exclusion and deferral mechanisms for tax-qualified retirement plans the same as the “spending” tax expenditures. In this second article, we will focus on two of the critical questions posited by the GAO in the GAO Report that are intended to assist Congress with its upcoming effort to revise the Code.
What is the Tax Expenditure’s Intended Purpose?
Examples used in the GAO Report include the following:
- To encourage taxpayers to engage in particular activities.
- To adjust for differences in individuals’ ability to pay taxes.
- To adjust for other provisions of the tax code.
- To simplify tax administration.
The last example above makes for eye-rolling. When it comes to the complex tax scheme of the qualified plan system, changes made by Congress since the promulgation of ERISA in 1974 have typically made tax administration more complex. It is anticipated that any changes Congress would make in 2013, possibly well-intentioned, will still result in full employment for the small group of Americans who are responsible for administering the plans and the IRS’s relatively small group of agents who are charged with tax administration of this complex system.
The first example above is one that directly addresses the concerns that Congress might “cut back” on the relevant tax expenditures. No doubt the purposes of the tax expenditures for qualified plans are to encourage employers to sponsor plans and to encourage employees to save for retirement. The ultimate goal has always been to have a solid third leg for the three-legged retirement stool (Social Security, individual savings outside a plan, and a tax-advantaged, employer-sponsored retirement plan). Therefore, reducing the tax expenditures would seem to be inconsistent with this purpose. However, there are many complexities to analyzing the impact that reducing the tax expenditures might have. For example, small business owners might be less likely to sponsor plans if they themselves cannot engage in significant deferrals. Many employees may be less likely to save through plans like 401(k) and 403(b) plans if the tax expenditures are reduced. Of course, many participants save in amounts less than what a cutback might represent. For example, the current elective deferral limit of $17,500 is very high for many workers who cannot afford to reduce take home pay enough to fully fund their deferral account to the limit each year. On the other hand, the fact that there are so many two wage earner families today might allow one spouse to fully fund her account while the other spouse saves less in his account. However, reducing the deferral limit may well disincentivize business owners who fully fund their deferral accounts today. Some of them may even stop sponsoring these plans depending on the depth of any cutback in the expenditures, the actual or perceived cost to them in sponsoring a plan and the competition in the marketplace to hire good workers who insist on having a form of retirement plan at their workplace.
More significant perhaps would be a reduction in the overall funding limit of Section 415 of the Code. Today the limit is 100% of compensation to a maximum of $51,000 (plus a $5,500 catch-up potential for those who are at least 50 years old during the plan year). The Simpson-Bowles Commission recommended a reduction to 20% of compensation not to exceed $20,000. The tax cynic and the tax scholar would likely agree that effecting such a significant reduction would be intended for the sole purpose of raising revenue. This purpose is not a tax expenditure purpose. This current limits allow for significant company and employee contributions, allow for employers in successful years to reward employees with funds for retirement (profit sharing), and allow business owners the opportunity through many plan designs to fund for themselves in a way that is consonant with their expected standard of living in retirement.
Last week, the White House released its plan for legal actions it will recommend to try and ensure that a tragedy like the one in Newtown does not recur (although the video from President Obama’s weekly address on this issue does not mention mental health services). Much of the debate since that announcement has predictably been focused on the Second Amendment issues, but there was one benefits-related point buried near the end of the White House’s plan: finalizing the Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA) regulations. The plan says the regulations will be issued next month and the administration has already taken the step of advising Medicaid directors of the applicable ability of MHPAEA to their programs.
The interim final MHPAEA rules were issued in 2010 and since then, the DoL has issued some FAQs (here, here, here, and here), often in connection with FAQs issued for health reform. As this Politico article notes, the focus on health reform has been at least partially to blame for the delay. But even once the rules are finalized, there could be gaps if individuals cannot find providers who take insurance, as noted in this New York Times piece. And of course, in some cases, there is still, unfortunately, a perceived stigma with seeking mental health services.
For their part, plan sponsors may want to consider promoting the availability of mental health services, to the extent they are available under their plans. This may help remove some of the stigma and also allow employees who feel they need help to know what they can do to seek it.
This is the first post in a three part series where we’ll focus on the impact that upcoming “tax reform” and the “second fiscal cliff” negotiations might have on qualified retirement plans, particularly on 401(k) plans. The impetus for writing this series is not the political rhetoric emanating from Washington nor is it something already proposed like the report of the Simpson-Bowles Commission. Rather, the impetus is the recent paper issued by the United States Government Accountability Office (the “GAO”) entitled Tax Expenditures: Background and Evaluation Criteria and Questions (the “GAO Paper”).
The GAO does not identify any particular “tax expenditure” in the GAO Paper. Rather, the GAO paper is intended to assist Congress in understanding the effectiveness of tax expenditures as it embarks on its effort to revise the Internal Revenue Code (the “Code”).
The GAO describes tax expenditures as “reductions in a taxpayer’s tax liability that are the result of special exemptions and exclusions from taxation, deduction, credits, deferrals of tax liability, or preferential tax rates.” This quote comes from James R. White, Director, Strategic Issues, GAO in a letter dated November 29, 2012 to The Honorable John Lewis, Ranking Member, Committee on Ways and Means, Subcommittee on Oversight, United States House of Representatives (“White Letter”). The White Letter is a cover letter for the GAO report. The GAO further states in the White Letter that an estimated $1 trillion in revenue was foregone from the 173 tax expenditures reported for fiscal year 2011. Interestingly, this is approximately the amount of the annual budget shortfall (deficit) for 2011.
In the White Letter, the GAO states that it considers tax expenditures to be tax provisions that are exceptions to the “normal structure” of individual and corporate income and other taxes necessary to collect federal revenue. Tax expenditures, according the White Letter, can have the same effect as government spending programs. And here is where the retirement community must diverge. A spending program means the money has left the government for uses that do not cause the “spent” funds to be returned to the federal fisc. It is gone, hopefully, to support some proper public purpose.
The “tax expenditures,” if we wish to call them that, inherent in the retirement system do come back to the federal fisc since they are taxed later. In other words, the tax implications for the retirement system do not have the same effect as a government spending program. That is the case if one understands the meaning of deferral. Congress apparently does not. Congress passes budgets based on the short term and does not take all of the deferred retirement plan income into account when doing so. Congress passed the Congressional Budget and Impoundment Act of 1974 requiring that it not consider income and expense beyond a five year period of time, effectively causing the process to ignore the bulk of deferred income that will come from tax-qualified retirement plans. Most deferrals for retirement extend out far longer than five years, and, therefore, the taxes they will generate are mostly overlooked in the budget process. The timing mechanism used to “net” the amount of the expenditure is surely flawed as retirement savings are intended to follow a long-term horizon. And, of course, in the long-term, tax rates, market conditions and many other factors will influence the amount of funds returned to the federal fisc.
Congress established a system of deferred compensation through defined contribution and defined benefit plans of many types to assist Americans with the prospect of retirement with dignity. However, that system may be at risk when Congress fails or refuses to recognize that the retirement plan “tax expenditure” is unlike most, if not all, others.
This recent post on the Plan Sponsor Council of America’s website states that the Department of Labor has recently requested evidence of fiduciary training as part of its audits. While there is no express ERISA requirement that fiduciaries be trained, the DoL seems to take the view that training is evidence of a fiduciary properly exercising his or her duty of prudence. (It also happens to be one of our New Year’s Resolutions for fiduciaries too.)
The first step is deciding whom to include. Basically, a fiduciary is (1) anyone with discretionary authority over the management or administration of an ERISA plan, (2) anyone with discretionary authority over the management or disposition of its assets, or (3) anyone who provides investment advice for a fee. (Individuals in category (3) should have their own training already.) Fiduciaries of the plan include the trustee, the plan administrator, the person responsible for reviewing claims or appeals, and any designated administrative committees.
When scheduling a training session, you should ensure that all the relevant individuals are included. For example, if you have a plan committee that meets regularly, all of its members should be trained. If there is a separate investment committee, those individuals should also be trained. (If you do not have a designated plan or investment committee, you should consider one or both to help establish clearer lines on who has fiduciary responsibility and liability.) Whether or not you have a committee (but especially if you do not), you should identify which individuals have responsibility for the plan administration and have them trained as well.
In addition, you should consider whether any board of directors members or members of management who have authority to appoint fiduciaries should be trained on their limited duty of oversight of their appointees. This will help them understand the nature of their role and responsibilities as delegating fiduciaries.
A common mistake some plan sponsors make is to assume that the third party administrator they have hired is the “plan administrator.” In fact, that is almost always not the case. Most TPAs specifically state in their service contracts that they are not fiduciaries, and in particular, place the ERISA title of plan administrator on the company. The bottom line is that if you’re a plan sponsor and you don’t think anyone in your workforce is a fiduciary, you’re mistaken.
In our experience, the initial fiduciary training usually takes a couple of hours or so to make sure that all the bases are covered and there is sufficient time for questions. Depending on the scope and types of plans involved, it may take longer. Periodic updates can be shorter if the fiduciaries have been trained recently.
Based on the information in the PSCA post, it appears the DoL expects training to occur at least annually. Newly hired individuals, or individuals who assume fiduciary roles for the first time, should also be trained promptly. While annual training is probably a “platinum” best practice, for many plan sponsors, that can be difficult both in terms of scheduling and cost. However, the key is to make sure it is done, done well, and done with some regularity to keep everyone up to date.
Have you done your fiduciary training? If not, what are you waiting for?
After a long lockout, the NHL will begin its season this weekend thanks, in part, to a pension plan. Among the sticking points for the players, as noted in this article, was the desire to return to a defined benefit pension plan. The NHL was somewhat ahead of its time in 1986 when it switched to a DC-only style retirement plan. However, the players in this recent round of bargaining pushed hard for a pension plan, and succeeded. While the NHL has not released very many details about the pension plan, and some of the information we’ve found is conflicting, this report from CSN Washington suggests that players can be eligible for the maximum benefits permitted by law.
While it is interesting to see an institution as prominent as the NHL buck a clear trend in the retirement space, it goes without saying that this is probably not the beginning of a sea change in retirement benefits back to defined benefit plans. As noted in this Globe and Mail article, even Kevin Westgarth, a Los Angeles Kings forward and a member of the NHLPA’s bargaining committee, called moving to a pension plan “way out of style.” .
While pensions may be way out of style for most of us non-athletes, as noted in this article from Bankrate.com, many U.S. professional sports organizations actually offer some kind of pension plan for their players (we’ve previously discussed the pension plans for MLB players here). So the NHL was actually a bit out of step with the rest of its sports brethren (as the Globe and Mail article also suggests). Therefore, in the NHL’s case, this isn’t so much bucking a trend, really a return to an industry standard, in a sense.
Interestingly, many of the arguments that were advanced in support of a pension plan for the NHL players, while somewhat paternalistic, could nevertheless be made for rank and file employees of most other industries as well. Essentially, they boil down to the advantages of lifetime income protection. However, in the current environment (outside of professional sports), we think the more likely move for plan sponsors will be to lifetime income options in defined contribution plans, rather than a return to defined benefit plans. What do you think?
HHS recently included on its website some helpful information regarding security of mobile devices in video format. While primarily directed at health care providers, the videos are still useful for health plan sponsors/administrators (and their business associates). (The way the HIPAA rules are written suggest that the plan itself should view the videos, but we doubt the actual physical document would learn much.) Interestingly, the videos are emblazoned with disclaimers that following the videos does not guarantee compliance with HIPAA or any other law.
It is a particularly good idea for plan sponsors/administrators to review the videos given that HHS’s Office of Civil Rights (“OCR”) recently announced a “resolution agreement” with Hospice of North Idaho (“HONI”) in which HONI agreed to pay $50,000 and made certain future compliance commitments. The OCR investigation started due to HONI’s voluntary report of a theft of an unencrypted laptop in accordance, it appears, with the breach notification rules instituted by HITECH. Notably, the breach involved fewer than 500 participants (which is generally considered a small breach). Once OCR investigated, it determined that HONI (1) did not conduct the requisite security rule assessment on an on-going basis, as required by HIPAA and (2) did not implement adequate safeguards with regarding to electronic PHI.
The bottom line is that plan sponsors and administrators should conduct the requisite risk assessments, particularly where employees may have access to protected health information on their laptops, iPhones, iPads, Android phones and tablets, etc. Plan sponsors/administrators may want to consider additional security training to ensure their employees understand the risks of using mobile devices to access PHI, perhaps even incorporating some of the videos made available by HHS.
After a long wait, an updated Revenue Procedure for the Employee Plans Compliance Resolution System (EPCRS) was released in the form of Rev. Proc. 2013-12. The new Revenue Procedure makes some important changes to the EPCRS.
As many plan sponsors know, the EPCRS includes the self-correction program (SCP), which requires prescribed corrections but does not require submission to the IRS; the voluntary correction program (VCP), which requires both prescribed corrections and submission to and approval by the IRS; and correction of problems discovered on audit (Audit CAP).
The purpose of the updated Revenue Procedure is to improve some features of the EPCRS and clarify others, based in large part on comments from the employee benefits community. The IRS expects to make more changes of this type in the future, also based on comments from the employee benefits community. Generally speaking, the IRS was responsive to many of the concerns raised by the employee benefits community and addressed them in a helpful manner in the revised EPCRS.
The biggest news is that 403(b) plans, are now eligible for EPCRS. In particular, 403(b) plan sponsors can now use VCP to correct failure to adopt a written 403(b) plan on time.
Correction procedures are also provided on an experimental basis for 457(b) plans, primarily for governmental 457(b) plans, in a new program separate from the EPCRS.
Other new or revised procedures in the EPCRS include:
- SCP correction of recurring excess annual additions under Section 415(c) of the Internal Revenue Code in plans with elective deferrals and non-elective non-matching employer contributions.
- Correction of ADP and ACP test failures.
- Correction of matching contributions and improper exclusions from safe harbor plans. (Including, in some circumstances, the ability to make corrective matching contributions subject to vesting.)
- Correction of mistakes and other problems that occur in administering distributions from single-employer defined benefit plans subject to Section 436 of the Code.
- Correction of overpayments from defined benefit and defined contribution plans. Additionally, in some cases, if a participant fails to repay the amount of an overpayment from a defined contribution plan, the plan sponsor does not have to make the plan whole.
- Procedures for trying to locate lost plan participants. (Which needed to be updated after the IRS closed its letter-forwarding program for VCP applications, as we previously discussed.)
- Revamped forms and procedures for VCP applications, including two new mandatory VCP forms, Forms 8950 and 8951, that are currently only available in draft form from the IRS.
- Reduced fees for late plan amendments discovered in the determination letter process.
The IRS also requested comments on the potential for EPCRS revisions to address additional topics, such as:
- Administrative errors in implementing Roth contribution elections.
- Administrative errors in implementing automatic deferral elections under 401(k) plans.
The effective date of the new rules is April 1, 2013, but plan sponsors can elect to apply them any time after December 31, 2012.
What do you think is the most helpful change made by the new EPCRS?
Frequent readers of this blog will recall that the IRS previously issued some initial guidance on the employer “shared responsibility” (aka play or pay) rules under health reform. (A summary of the shared responsibility provisions and the taxes is described in our post on the prior guidance.)
Well, the New Year’s resolution of the federal agencies overseeing health reform implementation is (or should be, if it isn’t) to provide more guidance on health reform. In keeping with that resolution, the IRS recently issued proposed regulations and a set of Q&As on play or pay. The guidance covers several points and an exhaustive explanation is too long for a single post, so we will cover more details in future posts. However, there were some key features to note from the proposed guidance:
- The controlled group rules apply for purposes of determining if you are subject to the taxes (i.e. you are an applicable large employer, generally one with more than 50 employees in the prior year, under the guidance). Because the IRS has not issued final controlled group rules for tax-exempt and governmental employers, they should apply a good faith interpretation of the existing rules.
- However, the tax is assessed on a per-entity basis, without regard to the controlled group rules. This means different members of the controlled group can offer different levels and types of coverage (assuming they can satisfy any applicable nondiscrimination rules), or choose not to offer coverage, without causing an assessment on the whole group.
- Employers are required to offer coverage to dependents, which the regulations define as children, stepchildren, and eligible foster children who have not attained age 26. (Spouses are not required to be offered coverage under these rules.) However, there is no express requirement that dependent coverage be affordable or provide minimum value.
- The regulations generally adopt the lookback and stability period rules from the prior guidance with a few modifications. Most notably, however, an employer that wants to have a 12-month stability period in 2014 can have a lookback period as short as six months in 2013. This is welcome relief for employers who may not have been able to get systems in place to count hours for variable hour employees by January 1, 2013.
- An employer will not be subject to the $2,000 per employee per year failure to offer penalty (what we call the “Sledgehammer Tax”) if the employer fails to offer coverage to 5% or less of its workforce (or, for employers with 100 employees or less, 5 employees). This is designed to provide some flexibility in case an employer inadvertently fails to make an offer of coverage. However, if any of the 5% (or 5) employees enrolls in a plan through an exchange and receives a premium tax credit or cost sharing reduction, then the employer will be subject to the $3,000 per-that-employee penalty (what we call the “Tack Hammer Tax”).
- Any employer with a health plan which, on December 27, 2012, had a non-calendar year plan year, will generally not be subject to either the Sledgehammer Tax or the Tack Hammer Tax before the first day of the 2014 plan year with respect to any employee who is offered affordable minimum value coverage on the first day of the 2014 plan year.
Of course, the regulations are only proposed and final regulations could vary these rules, but the likelihood is that most or all of these features will survive in some form in the final regulations. Which of these do you find most helpful (or most surprising)?