Benefit Plan Compliance: Would Your Plans Survive An Agency Audit? June 15, 2011 Stacy H. Barrow sbarrow@proskauer.com 617.526.9648 1 © 2011 Proskauer. All Rights Reserved. Agenda • “State of the Union” on National Health Care Reform • Plan documentation requirements • Form 5500s • HIPAA Portability • HIPAA Privacy and Security • Cafeteria Plans • Wellness Plans • Note: Materials are up-to-date as of June 15, 2011 2 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Plan Document • ERISA requires that every employee benefit plan be established and maintained pursuant to a written plan document that describes the benefit structure and guides the plan’s day-to-day operations • Plans must reflect current law and plan operation must be in accordance with the terms of the plan • The document must list one or more named fiduciaries for the plan - Can be identified by office or by name - May be an administrative committee or a company’s board of directors • The plan document must be provided to participants and beneficiaries no later than 30 days after a written request 3 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements The Plan Document must include the following information: • Plan operation details • Name of the plan administrator; if no plan administrator is named, the company/employer will be the plan administrator and also will be a “named fiduciary” • Plan administration procedures and any delegation of responsibilities to other parties (e.g., claims review) • Funding policy and procedure • Plan amendment and termination procedures • Explanation of how and when payments will be made under the plan 4 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Checklist • Must be made available to participants for inspection • A copy must be provided upon participant request • Common Issues—Retirement Plans - Plan documents not on site—problem with prototype providers who only provide “adoption agreement” - Plan documents not properly amended for applicable law • Common Issues—Welfare Plans - Undocumented Arrangements—particularly an issue with flex plans, HRAs and EAPs - Whether “certificate of coverage” constitutes health plan for insured plans - Poor documentation of benefits for self-insured plans 5 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Summary Plan Description (SPD) • SPD must be consistent with plan terms • Copy of SPD must be provided to each participant – must have demonstrated procedures • SPD can be provided to employees with enrollment materials • SPD must be provided within 120 days after a plan first becomes subject to ERISA • SPD must be provided within 90 days after an individual becomes a participant • SPD must be provided every five years if there have been any changes to the plan during the five-year period 6 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Summary Plan Description • SPD must be provided every ten years if there have been no changes to the plan • If material reduction in covered services is made to plan, notice of the reduction must be provided within 60 days after the adoption of the change (unless SPDs are issued at least every 90 days) • Participants and beneficiaries may also make written request for a copy of the SPD 7 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Summary Plan Description • Common Issues—Retirement Plans - SPD terms offered by prototype provider do not match (i) adoption agreement or (ii) plan operation • Common Issues—Health Plans - Benefits description booklets provided by health insurers are not SPDs - SPD does not properly reflect eligibility requirements imposed by employer - Does not include required provisions (WHCRA, claims procedures, ERISA rights, etc.) 8 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Summary of Material Modification (SMM) • Copy of SMM must be provided to each participant and each beneficiary no later than 210 days after the end of the plan year in which the change is adopted • No prescribed format for SMM • SMM can be in letter, memo or other format • An updated SPD can be provided instead of the SMM • SMM may be combined with other documents • Plan identifying information should be included 9 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Summary Annual Report (SAR) • Prescribed format • SAR must be provided by the end of the ninth month after the close of the plan year (September 30 for calendar year plans) • Extension of two months granted if Form 5558 completed and submitted with Form 5500 • Common Issues—Health Plans - Common misconception that SARs are not required for health plans - If a Schedule A is required (or the plan is funded through a trust), a SAR is required 10 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Electronic Disclosure • ERISA Includes a Number of “Notice” Requirements: - SPDs Plan Amendments SARs COBRA Notices HIPAA Notices - Creditable Coverage - Special Enrollment Rights Notice - Pre-Existing Condition Limitation Notice - Notice of Privacy Practices - Women’s Health and Cancer Rights Act (WHCRA) Notice - Qualified Medical Child Support Order (QMCSO) 11 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Electronic Delivery • ERISA Regulations permit electronic delivery of Notices if certain requirements are met: 12 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements • The basics: - Delivery steps taken for furnishing documents are reasonably calculated to result in the actual receipt of the documents - Using return-receipt or notice of undelivered e-mail features - Conducting periodic reviews or surveys to confirm receipt - Reasonable and appropriate steps taken to safeguard confidentiality of personal information related to accounts and benefits - Electronically delivered documents are prepared/furnished in a manner consistent with the style, format and content requirements applicable to the document - A paper version of the electronic document must be available on request (at no charge) - Each time an electronic document is furnished, a notice (electronic or paper) must be provided to each recipient describing the significance of the document 13 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Electronic Delivery • Once basic requirements are met, documents may be furnished to two classes of potential recipients: - Participants who have the ability to access documents through employer’s electronic information system located where they are reasonably expected to perform duties - Employees working from home or on travel are covered - Distribution through a kiosk in a common area in the workplace does not comply with the requirements - Other participants - Retirees and terminated participants with vested benefits, beneficiaries, alternate payees - Must affirmatively consent to receive the documents electronically - Provide an electronic address - Reasonably demonstrate their ability to access documents in electronic form 14 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements Document Retention • Basic Rule: employee benefit plan documents and documents required by ERISA must be retained for six years after the date of filing, resolution, or amendment • Materials should be preserved in a manner and format that permits ready retrieval • All records including annual reports, disclosures, amendments and resolutions should be retained 15 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements • This includes: - Original signed plan documents and amendments - Corporate resolutions/committee actions related to the plan - Plan disclosures and communications to participants--Form 5500s, SARs, SPDs, SMMs, etc. - Financial reports, audits, and related statements - Trust documents - Nondiscrimination and coverage testing results - Disputed claim records in the event of future litigation - Payroll and census data used to determine eligibility and contributions - Notices of Creditable/Non-creditable coverage 16 © 2011 Proskauer. All Rights Reserved. Plan Documentation Requirements • Common misconception: agencies only look back three years—NOT TRUE - Note: It is a good internal practice for the official plan documents to be retained for the life of the plan, so that the plan sponsor has a paper trail of the plan from its inception 17 © 2011 Proskauer. All Rights Reserved. Form 5500’s • Annual Report--Form 5500 • Checklist - Form 5500 must be filed by the end of the seventh month after the close of the plan year (July 31 for calendar year plans) - Extension of 2½ months if Form 5558 timely filed - Required for all Retirement Plans - Large plans (100+ participants) must include audit each year by an independent qualified public accountant (IQPA) - Small plans may not be required to have audit 18 © 2011 Proskauer. All Rights Reserved. Form 5500’s • Annual Report--Form 5500—Always a Part of Every Audit • Checklist - Health care flexible spending account plans, health care plans, dental plans, long-term disability plans, AD&D plans and group term life plans are required to file Form 5500 - Common Misconception: There is NO BLANKET EXEMPTION for tax-exempt entities - Required if health plan is insured and has 100 or more participants on the first day of the plan year - Premium Only Plans not required to file Form 5500 - Dependent care flexible spending account plans funded with only salary reductions are not ERISA welfare benefit plans and are not required to file Form 5500 19 © 2011 Proskauer. All Rights Reserved. Form 5500’s • Annual Report--Form 5500 • Checklist - Late Filers - Plan administrators filing a late annual report (i.e., after the date the report was required to be filed, including extensions) may be assessed $50 per day, with no limit, for the period they failed to file, determined without regard to any extensions for filing - Non-Filers - Plan administrators who fail to file an annual report may be assessed a penalty of $300 per day, up to $30,000 per year, until a complete annual report is filed - Consider Delinquent Filer Program (only available prior to audit) - For Welfare Plans: Consider a Wrap Plan Document 20 © 2011 Proskauer. All Rights Reserved. HIPAA Portability HIPAA Portability • Extensive & Focused Audit Activity on Portability • Provide certificate of creditable coverage – must be provided: - When regular health care coverage is lost - When COBRA coverage is lost - Upon request while individual is covered by the plan or within two years after losing coverage 21 © 2011 Proskauer. All Rights Reserved. HIPAA Portability • Provide notice of special enrollment rights • Provide preexisting condition notice – must include: - Terms of the preexisting condition exclusion - Explanation of right to request a certificate of creditable coverage from prior health plan - Statement of plan’s willingness to assist in obtaining the certificate of creditable coverage 22 © 2011 Proskauer. All Rights Reserved. HIPAA Privacy & Security • Privacy Standards Compliance Checklist - Determine whether any state privacy laws apply to the group health plan - Identify group health plan’s current uses and disclosures of protected health information, including the individuals who have access to protected health information - Determine which current uses and disclosures are permitted and under what circumstances - Determine whether group health plan documents need to be amended in order to (or continue to) receive protected health information for plan administrative purposes - Identify service providers who are business associates - Determine whether business associate service provider contracts need to be amended to comply with privacy rules 23 © 2011 Proskauer. All Rights Reserved. HIPAA Privacy & Security • Privacy Standards Compliance Checklist - Appoint a privacy officer - Establish privacy policies and draft related procedures - Distribute privacy notice - Train workforce on privacy policies and procedures - Establish appropriate safeguards for protecting PHI from accidental or intentional use in violation of the privacy standards - NEW RULES & PENALTIES were effective starting in 2010 24 © 2011 Proskauer. All Rights Reserved. HIPAA Privacy & Security • Security Standards Compliance Checklist - New HITECH Rules for Privacy & Encryption - New Penalty Structure - Increased enforcement - IT Manager should be familiar with HIPAA Security Standards and be able to demonstrate compliance 25 © 2011 Proskauer. All Rights Reserved. Cafeteria Plans • Increased Audit Activity - Expected because IRS released regulations in 2007 • Plan Documentation Issues Are Big Issue • Non-Discrimination Testing Big Focus - All components of the cafeteria plan must be tested annually - Keep documentation for six years - Be prepared for IRS Audit 26 © 2011 Proskauer. All Rights Reserved. General Nondiscrimination Rules under HIPAA • Individuals cannot be denied eligibility for benefits or charged more for coverage because of any "health factor," including: - Health status - Medical condition (both physical and mental) - Claims experience - Receipt of health care - Medical history - Genetic information - Evidence of insurability - Disability 27 © 2011 Proskauer. All Rights Reserved. Wellness Programs • Wellness programs are designed to promote health and prevent disease, and are an exception to HIPAA's nondiscrimination rules • Examples of common wellness programs include: - blood pressure and cholesterol screenings - smoking cessation programs - weight-loss programs • A typical disease management program might target individuals who have or are at risk for developing diabetes and make case managers available to them to monitor compliance with medication protocols • Both wellness and disease management programs are often structured to provide a financial reward for participating 28 © 2011 Proskauer. All Rights Reserved. HRAs • The cornerstone of an effective wellness program is often a Health Risk Assessment (HRA) and/or biometric testing • "Voluntary" HRAs are generally regarded as ineffectual - Only those who are health conscious will be conscientious about completing them and returning them • "Involuntary" HRAs are those that are coupled with rewards or penalties and are generally more effective - Reward (bonus payment, gift cards, premium reduction, enhanced benefits) - Penalty (premium increase, condition to eligibility, limits on benefits) • US Department of Labor condones use of "involuntary" HRAs, as long as results are not basis for reward or penalty 29 © 2011 Proskauer. All Rights Reserved. HRAs • U.S. Equal Employment Opportunity Commission - Jurisdiction over individual rights claims, including under the Americans with Disabilities Act (ADA) - ADA generally establishes a per se violation for any employer inquiring about an employee's health condition - EEOC has said that voluntary HRAs are "OK" - Involuntary HRAs violate the ADA • While ERISA preempts most state laws (with limited exceptions), it does not preempt other federal laws - DOL has no greater authority in this area than the EEOC 30 © 2011 Proskauer. All Rights Reserved. HRAs & PPACA • PPACA includes provisions designed to promote the use of wellness programs - Despite what "internet lawyers" will tell you, PPACA did not address this issue, despite it being well known to the Obama Administration and the House and Senate leadership that two federal agencies held inconsistent positions - So, current state of the law is that the EEOC believes involuntary HRAs violate federal law & the DOL believes they don't 31 © 2011 Proskauer. All Rights Reserved. Seff v. Broward County • Predictably, a class action suit was filed in a federal district court—Seff v. Broward County • Plaintiffs alleged that Broward County violated the ADA by imposing a $20 bi-weekly premium surcharge on anyone who failed or refused to complete a HRA and biometric screening as part of a "wellness program" • EEOC was not a party to this suit • Many worried that this could lead to a decision adverse to the use of HRAs 32 © 2011 Proskauer. All Rights Reserved. Seff v. Broward County • The Court reviewed the reasons for implementing a wellness program (rising costs) and noted key factors of the program • Then held that the wellness program (including the HRA and screening) were terms of the employer's group health plan, which is a "bona fide benefit plan" within the meaning of the insurance safe-harbor provisions of the ADA • The insurance safe-harbor provision is designed to protect insurers from violating the ADA because of plan design • The Seff Court held that the HRA and screening and wellness programs used by the County were part of the County's health plan and protected by the safe harbor • Plaintiffs' suit was dismissed (but watch for an appeal) 33 © 2011 Proskauer. All Rights Reserved. Seff v. Broward County • The Court noted that the County paid for the entire cost of the wellness program; • Only those enrolled in the underlying group health plans could participate in the wellness program; • Plan documentation clearly established that completion of the HRA and biometric screening was required and set out the penalty for non-compliance; and • Information obtained was not available to the employer in identifiable form but was used as part of the underwriting process for the insurance product 34 © 2011 Proskauer. All Rights Reserved. Learning from Seff • Employers considering requiring completion of an HRA as a condition to eligibility or condition to reduced rates should consider the following: - Document clearly as part of enrollment process - Forms, internet, general material should clearly state that this is a condition of enrollment in the group health plan - Summary Plan Descriptions—don't forget to update, consider an SMM - Update should clarify that Screening is part of enrollment process - Need to focus on COBRA, too - Use of information for underwriting purposes—retaining documentation 35 © 2011 Proskauer. All Rights Reserved. June 2011 Stacy H. Barrow sbarrow@proskauer.com 617.526.9648 Questions? 36 © 2011 Proskauer. All Rights Reserved.