Even before Congress began laboring over the potentially biggest health care legislation in years, employers had – or should have had – plenty of health and welfare plan issues on their agendas for the second half of 2009.
Nothing with the head-snapping deadlines of the Consolidated Omnibus Budget Reconciliation Act (COBRA) subsidy law awaits, but a broad range of welfare plan legal issues will require attention in the coming months. Below is a thumbnail sketch of several key near-term issues for employers, including special enrollment, Medicare reporting, privacy and security under the Health Insurance Portability and Accountability Act (HIPAA), mental health benefits, genetic information, cafeteria plans and college student dependents.
Lost in the COBRA commotion earlier this year was the federal Children’s Health Insurance Program (CHIP) Reauthorization Act. Effective April 1, 2009, this law expanded the special enrollment rights of employees and dependents beyond the two limited cases of acquiring a dependent (by birth, marriage, or adoption) or losing other medical coverage that was in place at the time of initial eligibility.
Now, special enrollments are required to be offered when an employee or eligible dependent: (1) is covered under a Medicaid plan or state children's health insurance program (or CHIP) and loses eligibility under that plan; or (2) becomes eligible under a CHIP or Medicaid plan for premium assistance that could be used toward the cost of an employer health plan.
These new rights must be included in the HIPAA-required special enrollment notices provided at or before their first opportunity to enroll. So for individuals enrolling on or after April 1, 2009, employers should add this new expanded right to any special enrollment rights notice.
What to do: Consider including the following in any special enrollment materials: “Effective April 1, 2009, you may be able to enroll within 60 days of losing coverage under the Medicaid or CHIP plan or within 60 days of becoming eligible for premium assistance under the Medicaid or CHIP plan.” Also, determine whether your employees have been notified of this expanded right – technically, through a summary of material modification (SMM) to your group health plan. Have your claims administrators, HMOs or others that handle requests for special enrollment confirm that these requests can be and are being accommodated. These new special enrollment rights – which have a 60-day deadline, rather than the standard 31 days for other special enrollment rights – may require changes to your plan documents and summary plan descriptions (SPD).
Two years after the Medicare, Medicaid and State Children’s Health Insurance Program (SCHIP) Extension Act was signed into law, employer health plans – or, more to the point, their third-party administrators (TPA) – are only now completing the testing for the newly required filing of more detailed Medicare information.
Designed to provide better data for Medicare to coordinate benefits, the new rules require the transmission of several data elements that are readily available from existing TPA records. Securing dependents’ social security numbers (SSN), though, can be a challenge as TPAs have not always collected that data. Generally, employer health plans should begin submitting the new data as of October 1, 2009 – although this deadline is extended one year for plans that are health reimbursement arrangements (HRA). Laggards beware: The penalty for reporting entities not submitting this required data is $1,000 per day per person.
What to do: Verify that the TPA for any self-insured plan you sponsor or any insurer or HMO for your insured plans is handling this reporting. Have them confirm that SSNs or other needed data elements are available. If it is not already in their system, review options for obtaining this data. Also, review your TPA services agreement to verify that any compliance errors and penalties would be the responsibility of the TPA.
HIPAA Privacy & Security
Little noticed in the bailout legislation passed earlier this year were potentially extensive changes in the HIPAA privacy and security rules that affect employer-sponsored health plans. Upon enactment (February 17, 2009), the American Recovery and Reinvestment Act (ARRA) substantially increased the civil monetary penalties for HIPAA violations and enabled state attorneys general to bring actions to enforce HIPAA rights on behalf of state residents. Neither of those changes required employers sponsoring group health plans to act quickly.
By contrast, plan sponsors must react to another significant HIPAA change which requires notice of any “breach” of “unsecured” protected health information (PHI). (For this purpose, “unsecured” essentially means PHI that is not encrypted). Upon discovery of such a breach, an employer-sponsored health plan must notify each individual whose PHI was or is believed to have been disclosed, generally within 60 days. If the breach involves 500 or more people in the same state or other jurisdiction, media notice is required.
Ultimately, plan sponsors must report these breaches to the Department of Health and Human Services (HHS). If 500 or more individuals are involved, immediate notification is required. For fewer than 500 individuals, the plan may note the breach in a log and notify HHS annually. At its discretion, HHS may list these breaches on its website. If regulators meet the deadlines required by the new law, these breach notice requirements would be expected to take effect in September 2009. Among the other key HIPAA privacy and security changes in the legislation (becoming effective February 17, 2010):
- HIPAA’s privacy and security rules will now apply directly to business associates, such as TPAs and pharmacy benefit managers. Previously, these entities were only subject to the HIPAA rules through contracts with covered entities such as health plans and medical providers. This change will greatly increase compliance obligations for business associates.
- If a participant’s PHI is kept in an electronic format, the participant can request a copy of that information in an electronic format.
Other HIPAA privacy and security changes in ARRA are not effective until after 2010.
What to do: Modify business associate agreements as needed to ensure that your vendors are responsible for providing any notices needed in the event of a breach of unsecured PHI. Be prepared to renegotiate business associate agreements with service providers by February 2010.
Mental Health Benefits
Time is running out quickly on most (if not all) treatment and financial distinctions that employer-sponsored health plans make between mental health and substance abuse benefits and regular medical and surgical benefits.
Under the Pete Domenici and Paul Wellstone Mental Health Parity and Addiction Equity Act, which takes effect January 1, 2010 (for calendar year plans):
- Financial requirements – such as deductibles, co-pays, coinsurance and out-of-pocket caps – for mental health and substance abuse benefits may not be more restrictive than the most common requirements that apply to substantially all medical and surgical benefits.
- Treatment requirements – such as limitations on frequency of treatment, number of visits, days of coverage, or similar limits on scope or duration – for mental health and substance abuse benefits may not be more restrictive than the most common requirements that apply to substantially all medical and surgical benefits.
Other specific restrictions will apply, too, such as a bar on treatment limitations and financial requirements that apply only to mental health or substance abuse benefits. There is an October 3, 2009, deadline for regulations that could help employers sort out how to apply the law. In the meantime, employers are grappling with questions about separate but equal mental health and medical deductibles and specialist co-pays.
What to do: Review your current group health plan mental health and substance abuse benefit coverage. Plan for needed changes – and potential cost increases – in 2010. Also, begin preparing communications for open enrollment this fall to describe any mental health benefit coverage changes.
At first, it sounded so simple. Signed into law in 2008, the Genetic Information Nondiscrimination Act (GINA) imposes several apparently unobjectionable restrictions on health plans and health insurers. Effective January 1, 2010 (for calendar year plans), a group health plan or insurer cannot:
- Adjust group premiums or contributions based on genetic information;
- Require individuals to undergo genetic tests;
- Request, require or purchase genetic information for underwriting purposes; or
- Collect genetic information about an individual before he or she is enrolled in the plan.
These new restrictions have presented problems for many employer-sponsored wellness plans as a result of the law’s broad definition of “genetic information.” This definition includes family medical histories which are often requested as part of the health risk assessments that more and more employers are using. Similarly, “underwriting purposes” is defined broadly, in this case including setting premium or contribution amounts, which could implicate some incentives commonly used in wellness programs. Regulations that were due out in May eventually may clarify how employers may comply with these restrictions without significantly altering their wellness programs.
What to do: Evaluate any collection or use of family medical histories or other genetic information in your wellness and health promotion programs. Know whether any information is collected for underwriting purposes or prior to enrollment. You may need to act quickly to revise your practice when regulations are released on the benefits impact of GINA.
If all goes as planned this fall, the IRS will finalize its broad-based rules for Section 125 plans – only a generation or so after the provision that first begat cafeteria plans was added to the Tax Code.
Currently scheduled to take effect January 1, 2010, for calendar year plans, these regulations cover several topics including:
- New details on the nondiscrimination testing that sponsors are required to, but do not always, conduct for cafeteria plans (and flexible spending accounts).
- Some changes in the IRS rules on the use of electronic payment cards for health flexible spending accounts (FSA).
- More rigorous “written document” requirements.
- “Spend down” of dependent care account balances for mid-year terminations of employment.
As final regulations are anticipated soon, we expect that it will require some quick work to get the relevant plan documents, SPDs and other materials updated by the deadline.
What to do: Begin reviewing your current cafeteria plan documents and SPDs to identify changes needed when these rules become final. Consider revisions to administrative services agreements.
College Student Dependents
Very narrowly focused 2008 legislation known as “Michelle’s Law” will prohibit an employer-sponsored health plan from cutting off benefits (and triggering a COBRA election) if a college student who is covered under a parent’s health plan due to his or her full-time student status loses that status due to a medical leave of absence.
Effective January 1, 2010 for calendar year plans, the plan generally must continue coverage for up to one year after the dependent’s leave of absence starts. Any serious injury or illness that requires a “medically necessary leave of absence,” may trigger this continuation of coverage. This includes both an actual leave of absence from a postsecondary institution, as well as other changes in enrollment, so long at the treating physician of the student certifies in writing that the serious injury or illness requires the leave.
What to do: Review current SPDs and plan documents to see what changes may be needed. Coordinate with disability provisions of your health plans. Communicate this change at any open enrollment for the upcoming plan year. Coordinate continued coverage with HMOs and COBRA administrators.