Benefit Plan Compliance: Would Your Plans Survive An Agency Audit? June 15, 2011 Stacy H. Barrow [email protected] 617.526.9648 1 © 2011 Proskauer

Benefit Plan Compliance: Would Your Plans Survive An Agency Audit?

June 15, 2011

Stacy H. [email protected]

617.526.9648

1© 2011 Proskauer. All Rights Reserved.

2

Agenda

• “State of the Union” on National Health Care Reform

• Plan documentation requirements

• Form 5500s

• HIPAA Portability

• HIPAA Privacy and Security

• Cafeteria Plans

• Wellness Plans

• Note: Materials are up-to-date as of June 15, 2011

© 2011 Proskauer. All Rights Reserved.

3

Plan Documentation Requirements

Plan Document

• ERISA requires that every employee benefit plan be established and maintained pursuant to a written plan document that describes the benefit structure and guides the plan’s day-to-day operations

• Plans must reflect current law and plan operation must be in accordance with the terms of the plan

• The document must list one or more named fiduciaries for the plan

Can be identified by office or by name

May be an administrative committee or a company’s board of directors

• The plan document must be provided to participants and beneficiaries no later than 30 days after a written request


4


The Plan Document must include the following information:

• Plan operation details

• Name of the plan administrator; if no plan administrator is named, the company/employer will be the plan administrator and also will be a “named fiduciary”

• Plan administration procedures and any delegation of responsibilities to other parties (e.g., claims review)

• Funding policy and procedure

• Plan amendment and termination procedures

• Explanation of how and when payments will be made under the plan


5


Checklist

• Must be made available to participants for inspection

• A copy must be provided upon participant request

• Common Issues—Retirement Plans

Plan documents not on site—problem with prototype providers who only provide “adoption agreement”

Plan documents not properly amended for applicable law

• Common Issues—Welfare Plans

Undocumented Arrangements—particularly an issue with flex plans, HRAs and EAPs

Whether “certificate of coverage” constitutes health plan for insured plans

Poor documentation of benefits for self-insured plans


6


Summary Plan Description (SPD)

• SPD must be consistent with plan terms

• Copy of SPD must be provided to each participant – must have demonstrated procedures

• SPD can be provided to employees with enrollment materials

• SPD must be provided within 120 days after a plan first becomes subject to ERISA

• SPD must be provided within 90 days after an individual becomes a participant

• SPD must be provided every five years if there have been any changes to the plan during the five-year period


7


Summary Plan Description

• SPD must be provided every ten years if there have been no changes to the plan

• If material reduction in covered services is made to plan, notice of the reduction must be provided within 60 days after the adoption of the change (unless SPDs are issued at least every 90 days)

• Participants and beneficiaries may also make written request for a copy of the SPD


8


Summary Plan Description

• Common Issues—Retirement Plans SPD terms offered by prototype provider do not match

(i) adoption agreement or (ii) plan operation

• Common Issues—Health Plans Benefits description booklets provided by health insurers are not

SPDs SPD does not properly reflect eligibility requirements imposed by

employer Does not include required provisions (WHCRA, claims procedures,

ERISA rights, etc.)


9


Summary of Material Modification (SMM)

• Copy of SMM must be provided to each participant and each beneficiary no later than 210 days after the end of the plan year in which the change is adopted

• No prescribed format for SMM

• SMM can be in letter, memo or other format

• An updated SPD can be provided instead of the SMM

• SMM may be combined with other documents

• Plan identifying information should be included


10


Summary Annual Report (SAR)

• Prescribed format

• SAR must be provided by the end of the ninth month after the close of the plan year (September 30 for calendar year plans)

• Extension of two months granted if Form 5558 completed and submitted with Form 5500

• Common Issues—Health Plans

Common misconception that SARs are not required for health plans

If a Schedule A is required (or the plan is funded through a trust), a SAR is required


11


Electronic Disclosure• ERISA Includes a Number of “Notice” Requirements:

SPDs Plan Amendments SARs COBRA Notices HIPAA Notices

Creditable Coverage Special Enrollment Rights Notice Pre-Existing Condition Limitation Notice Notice of Privacy Practices

Women’s Health and Cancer Rights Act (WHCRA) Notice Qualified Medical Child Support Order (QMCSO)


12


Electronic Delivery

• ERISA Regulations permit electronic delivery of Notices if certain requirements are met:


13


• The basics: Delivery steps taken for furnishing documents are reasonably calculated to

result in the actual receipt of the documents Using return-receipt or notice of undelivered e-mail features Conducting periodic reviews or surveys to confirm receipt Reasonable and appropriate steps taken to safeguard confidentiality of

personal information related to accounts and benefits Electronically delivered documents are prepared/furnished in a manner

consistent with the style, format and content requirements applicable to the document

A paper version of the electronic document must be available on request (at no charge)

Each time an electronic document is furnished, a notice (electronic or paper) must be provided to each recipient describing the significance of the document


14


Electronic Delivery• Once basic requirements are met, documents may be furnished to two classes of

potential recipients: Participants who have the ability to access documents through employer’s

electronic information system located where they are reasonably expected to perform duties Employees working from home or on travel are covered Distribution through a kiosk in a common area in the workplace does not

comply with the requirements Other participants

Retirees and terminated participants with vested benefits, beneficiaries, alternate payees

Must affirmatively consent to receive the documents electronically Provide an electronic address Reasonably demonstrate their ability to access documents in electronic form


15


Document Retention

• Basic Rule: employee benefit plan documents and documents required by ERISA must be retained for six years after the date of filing, resolution, or amendment

• Materials should be preserved in a manner and format that permits ready retrieval

• All records including annual reports, disclosures, amendments and resolutions should be retained


16


• This includes:

Original signed plan documents and amendments

Corporate resolutions/committee actions related to the plan

Plan disclosures and communications to participants--Form 5500s, SARs, SPDs, SMMs, etc.

Financial reports, audits, and related statements

Trust documents

Nondiscrimination and coverage testing results

Disputed claim records in the event of future litigation

Payroll and census data used to determine eligibility and contributions

Notices of Creditable/Non-creditable coverage


17


• Common misconception: agencies only look back three years—NOT TRUE

Note: It is a good internal practice for the official plan documents to be retained for the life of the plan, so that the plan sponsor has a paper trail of the plan from its inception


18

Form 5500’s

• Annual Report--Form 5500

• Checklist

Form 5500 must be filed by the end of the seventh month after the close of the plan year (July 31 for calendar year plans)

Extension of 2½ months if Form 5558 timely filed

Required for all Retirement Plans

Large plans (100+ participants) must include audit each year by an independent qualified public accountant (IQPA)

Small plans may not be required to have audit


19

Form 5500’s

• Annual Report--Form 5500—Always a Part of Every Audit• Checklist

Health care flexible spending account plans, health care plans, dental plans, long-term disability plans, AD&D plans and group term life plans are required to file Form 5500 Common Misconception: There is NO BLANKET

EXEMPTION for tax-exempt entities Required if health plan is insured and has 100 or more participants

on the first day of the plan year Premium Only Plans not required to file Form 5500 Dependent care flexible spending account plans funded with only

salary reductions are not ERISA welfare benefit plans and are not required to file Form 5500


20

Form 5500’s

• Annual Report--Form 5500

• Checklist

Late Filers - Plan administrators filing a late annual report (i.e., after the date the report was required to be filed, including extensions) may be assessed $50 per day, with no limit, for the period they failed to file, determined without regard to any extensions for filing

Non-Filers - Plan administrators who fail to file an annual report may be assessed a penalty of $300 per day, up to $30,000 per year, until a complete annual report is filed

Consider Delinquent Filer Program (only available prior to audit)

For Welfare Plans: Consider a Wrap Plan Document


21

HIPAA Portability

HIPAA Portability

• Extensive & Focused Audit Activity on Portability

• Provide certificate of creditable coverage – must be provided:

When regular health care coverage is lost

When COBRA coverage is lost

Upon request while individual is covered by the plan or within two years after losing coverage


22

HIPAA Portability

• Provide notice of special enrollment rights

• Provide preexisting condition notice – must include:

Terms of the preexisting condition exclusion

Explanation of right to request a certificate of creditable coverage from prior health plan

Statement of plan’s willingness to assist in obtaining the certificate of creditable coverage


23

HIPAA Privacy & Security

• Privacy Standards Compliance Checklist Determine whether any state privacy laws apply to the group health plan

Identify group health plan’s current uses and disclosures of protected health information, including the individuals who have access to protected health information

Determine which current uses and disclosures are permitted and under what circumstances

Determine whether group health plan documents need to be amended in order to (or continue to) receive protected health information for plan administrative purposes

Identify service providers who are business associates

Determine whether business associate service provider contracts need to be amended to comply with privacy rules


24


• Privacy Standards Compliance Checklist

Appoint a privacy officer

Establish privacy policies and draft related procedures

Distribute privacy notice

Train workforce on privacy policies and procedures

Establish appropriate safeguards for protecting PHI from accidental or intentional use in violation of the privacy standards

NEW RULES & PENALTIES were effective starting in 2010


25


• Security Standards Compliance Checklist

New HITECH Rules for Privacy & Encryption

New Penalty Structure

Increased enforcement

IT Manager should be familiar with HIPAA Security Standards and be able to demonstrate compliance


26

Cafeteria Plans

• Increased Audit Activity

Expected because IRS released regulations in 2007

• Plan Documentation Issues Are Big Issue

• Non-Discrimination Testing Big Focus

All components of the cafeteria plan must be tested annually

Keep documentation for six years

Be prepared for IRS Audit


27

General Nondiscrimination Rules under HIPAA

• Individuals cannot be denied eligibility for benefits or charged more for coverage because of any "health factor," including:

Health status

Medical condition (both physical and mental)

Claims experience

Receipt of health care

Medical history

Genetic information

Evidence of insurability

Disability


28

Wellness Programs

• Wellness programs are designed to promote health and prevent disease, and are an exception to HIPAA's nondiscrimination rules

• Examples of common wellness programs include:

blood pressure and cholesterol screenings

smoking cessation programs

weight-loss programs

• A typical disease management program might target individuals who have or are at risk for developing diabetes and make case managers available to them to monitor compliance with medication protocols

• Both wellness and disease management programs are often structured to provide a financial reward for participating


29

HRAs

• The cornerstone of an effective wellness program is often a Health Risk Assessment (HRA) and/or biometric testing

• "Voluntary" HRAs are generally regarded as ineffectual

Only those who are health conscious will be conscientious about completing them and returning them

• "Involuntary" HRAs are those that are coupled with rewards or penalties and are generally more effective

Reward (bonus payment, gift cards, premium reduction, enhanced benefits)

Penalty (premium increase, condition to eligibility, limits on benefits)

• US Department of Labor condones use of "involuntary" HRAs, as long as results are not basis for reward or penalty


30

HRAs

• U.S. Equal Employment Opportunity Commission

Jurisdiction over individual rights claims, including under the Americans with Disabilities Act (ADA)

ADA generally establishes a per se violation for any employer inquiring about an employee's health condition

EEOC has said that voluntary HRAs are "OK"

Involuntary HRAs violate the ADA

• While ERISA preempts most state laws (with limited exceptions), it does not preempt other federal laws

DOL has no greater authority in this area than the EEOC


31

HRAs & PPACA

• PPACA includes provisions designed to promote the use of wellness programs

Despite what "internet lawyers" will tell you, PPACA did not address this issue, despite it being well known to the Obama Administration and the House and Senate leadership that two federal agencies held inconsistent positions

So, current state of the law is that the EEOC believes involuntary HRAs violate federal law & the DOL believes they don't


32

Seff v. Broward County

• Predictably, a class action suit was filed in a federal district court—Seff v. Broward County

• Plaintiffs alleged that Broward County violated the ADA by imposing a $20 bi-weekly premium surcharge on anyone who failed or refused to complete a HRA and biometric screening as part of a "wellness program"

• EEOC was not a party to this suit

• Many worried that this could lead to a decision adverse to the use of HRAs


33


• The Court reviewed the reasons for implementing a wellness program (rising costs) and noted key factors of the program

• Then held that the wellness program (including the HRA and screening) were terms of the employer's group health plan, which is a "bona fide benefit plan" within the meaning of the insurance safe-harbor provisions of the ADA

• The insurance safe-harbor provision is designed to protect insurers from violating the ADA because of plan design

• The Seff Court held that the HRA and screening and wellness programs used by the County were part of the County's health plan and protected by the safe harbor

• Plaintiffs' suit was dismissed (but watch for an appeal)


34


• The Court noted that the County paid for the entire cost of the wellness program;

• Only those enrolled in the underlying group health plans could participate in the wellness program;

• Plan documentation clearly established that completion of the HRA and biometric screening was required and set out the penalty for non-compliance; and

• Information obtained was not available to the employer in identifiable form but was used as part of the underwriting process for the insurance product


35

Learning from Seff

• Employers considering requiring completion of an HRA as a condition to eligibility or condition to reduced rates should consider the following:

Document clearly as part of enrollment process

Forms, internet, general material should clearly state that this is a condition of enrollment in the group health plan

Summary Plan Descriptions—don't forget to update, consider an SMM

Update should clarify that Screening is part of enrollment process

Need to focus on COBRA, too

Use of information for underwriting purposes—retaining documentation


36

Questions?June 2011

Stacy H. [email protected]

617.526.9648


Documents

Benefit Plan Compliance: Would Your Plans Survive An Agency Audit? June 15, 2011 Stacy H. Barrow [email protected] 617.526.9648 1 © 2011 Proskauer