Don’t Miss the February 1st Deadline for Posting Your OSHA Injury/Illness Summary Form
Originally posted on January 28, 2015 by Laura Kerekes on www.thinkhr.com
It’s that time of year to look back on your workplace illnesses and injuries for 2014, ensure that you have recorded the correct information in your OSHA logs, and post the information in your workplace starting February 1, 2015. Do you need to comply with this posting requirement, even if you’ve had no injuries or illnesses this past year? You probably will need to comply — most employers do.
Employers are responsible for providing a safe and healthful workplace for their employees. The role of the Occupational Safety and Health Administration (OSHA) is to assure the safety and health of workers by setting and enforcing standards; providing training, outreach, and education; establishing partnerships; and encouraging continual improvement in workplace safety and health. Employers are required to have a Workplace Injury and Illness Prevention Program in place, with active monitoring of results. The intent of the OSHA log reporting is to summarize the year end results and focus both employers’ and employees’ attention on workplace safety so that everyone can make safety a top company priority.
Do you need to comply with the February 1st deadline?
If you had 10 or more employees at all times during 2014, you will need to comply, unless your company’s Standard Industrial Classification (SIC) Code is included in the industry list of exclusions available at https://www.osha.gov/oshstats/naics-manual.html.
What You Should Do
Assuming that your business does not fall under the exclusions of OSHA reporting, you’ll need to ensure that two OSHA forms are completed fully, the Form 300 (log) and the Form 300A. Both forms and the instructions can be accessed here.
Form 300: This form is used to record all injuries and illnesses, except those that required first aid only. This form is not posted due to privacy considerations. There are certain injuries and illnesses where you do not include the employee’s name for privacy (sexual assaults, HIV infection, etc.), and an employee may request that his or her name not be entered on this log.
Form 301 (do NOT post): This form allows you to record more data about how the injury or illness occurred. As with Form 300, this form is not posted due to privacy considerations. Employee representatives, however, may have access to this form but only the portion that contains no personal information.
Form 300A: This is the form that must be completed and posted beginning February 1st through April 30th. It contains a summary of the total number of job-related injuries and illnesses that occurred during the previous year that were logged onto the Form 300. Information about the annual average number of employees and total hours worked during the calendar year is required for calculating incidence rates. Companies with no recordable injuries or illnesses in the previous year must post the summary with zeros on the “total” line. A company executive must certify all establishment summaries. Employers are required only to post the summary Form 300A, not the Form 300 log.
Form 300A must be displayed in a common area where notices to employees usually are posted. Employers must make a copy of the summary available to employees who move from worksite to worksite, such as construction workers, and employees who do not report to any one office on a regular basis.
More information regarding OSHA’s recordkeeping rule can be found in the OSHA Fact Sheet.
Compliance Calendar 2015
The following are important compliance due dates and reminders for 2015. The laws and due dates apply based on the number of employees, whether or not someone does business with the Government, and on benefits offered. Other state-by-state laws may also apply.
1/1/2015 - Minimum Wage changes: Although no federal minimum wage increase goes into effect, many states and/or cities may have a scheduled minimum wage increase. Jan. 2015 state minimum wage increases include: Alaska $8.75, Arizona $8.05, Arkansas $7.50, Connecticut $9.15, Florida $8.05, Hawaii $7.75, Massachusetts $9.00, Missouri $7.65, Montana $8.05, Nebraska $8.00, New Jersey $8.38, New York $8.75, Ohio $8.10, Oregon $9.25, Rhode Island $9.00, South Dakota $8.50, Vermont $9.15, Washington $9.47, West Virginia $8.00
1/1/2015 - Social Security Taxable Limit Increases: The maximum amount of earnings subject to the Social Security tax (taxable maximum) has been increased for 2015 to $118,500 from $117,000.
1/1/2015 – Retirement Plan Limits: The Internal Revenue Service has adjusted retirement plan limits. If you offer a retirement plan, verify and update your limits.
1/1/2015 – W-2 Reporting of Health Benefits: Employers who issue 250 or more W-2 for the year must continue to track and report premiums paid by the employer on W-2s for health plans. Employers are not required to report contributions for Health FSA, HRA, dental or vision, HAS and Archer MSA, long-term care, on-site medical clinics, church plans or governmental plans.
1/1/2015 – ACA Reporting Provisions go into Effect: Reporting provisions under tax code sections 6055 and 6056 go into effect. Employers must compile monthly and report annually numerous data points to the IRS and their own employees. This data will be used to verify the individual and employer mandates under the law.
Although required reporting under sections 6055 and 6056 will not occur until January 2016 to employees and March 2016 to the IRS, the data being reported is based on what happened during 2015.
1/1/2015 – Flexible Spending Account Limits and Extensions: The employee health flexible spending account (FSA) contribution limit has been increased to $2,550 for 2015, and remains at $5,000 annually for dependent care FSA contributions. A new provision allows plans to offer a $500 health FSA carryover of unused amounts for the next plan year, providing the plan documents are amended and employees are notified prior to the beginning of the plan year. Alternatively, plans can offer a 2.5 month grace period for health and dependent care FSAs, again providing plan documents reflect this grace period and employees are notified.
1/1/2015 – Health Savings Account and High-Deductible Health Plan Limits: Health Savings Account (HSA) and High-Deductible Health Plan (HDHP) limits have been increased for 2015.
- The HSA annual contribution maximums increase to $3,350 for individual and $6,650 for family coverage.
- For HSA-compatible HDHPs, the annual out-of-pocket spending limits are $6,450 (individual) and $12,900 (family). The HDHP minimum deductible increases to $1,300 for individual and $2,600 for family coverage.
- HSA age 55 catch-up contributions stay at $1,000.
1/1/2015 – Retirement Plan Limits: The Internal Revenue Service has adjusted retirement plan limits. If you offer a retirement plan, verify and update your limits.
1/31/2015 – W-2 Employee Reports Due: Employers must provide all employees copies of Form W-2 reporting earnings and taxes for 2014 by January 31, 2015.
2/1/2015 – OSHA Form 300 A Accident Summary Posting: Employers must post OSHA Form 300A Accident Summary in a public area from February 1 through April 30 for previous year’s accidents (repeat annually).
2/15/2015 – Federal Market Place – Open Enrollment Ends: Individuals can enroll until February 15, 2015. After that, they can’t get 2015 coverage unless they qualify for a Special Enrollment Period.
3/1/2015 – 6/30/2015 – ACA Employer Assessment: Large employers with 100 or more full-time employees should conduct a detailed analysis of whether any further changes should be made in plan eligibility rules to satisfy the 95 percent threshold in 2016 (up from 70 percent in 2015) under the ACA’s employer shared responsibility provisions.
Employers with 50 to 99 full-time employees who previously qualified for transition relief from the ACA employer shared responsibility provisions should finalize assessment of any eligibility changes and employee premium rates, for purposes of the ACA employer shared responsibility provisions.
Beginning in 2016, those employers are subject to the penalties under the ACA’s “play or pay” mandate.
7/1/2015 – PCORI Fee Due: July 31 is the annual deadline for payment of the Patient Centered Outcomes Research Institute fee (PCORI fee) of $2 per covered life for the preceding plan year.
9/30/2015 – EEO-1 Report: Organizations with 100+ employees are to submit the EEO-1 report by September 30. Repeat annually. Repeat annually.
10/14/2015 – Medicare Part D Notice: Employers are to provide notice to all Part D eligible individuals, or those about to become eligible, prior to October 15 of each year who is covered by an employer health plan with outpatient prescription drug coverage, regardless of whether the employer coverage is primary or secondary to Medicare. The notice must be provided to all Part D eligible individuals, whether covered as active employees, retirees, COBRA recipients, disabled indivdiuals, or as dependents. Plan participants are Part D eligible if they are 65 or more years old, three months before turning age 65, and/or if they are disabled.
Note: If you provided participants with the all-in-one Employee Notification service provided by HR Service, Inc., this notice is included.
Varies, based upon plan year – Form 5500: File Form 5500 annually, by the last day of the 7th month following the end of the plan year (e.g., July 31 for calendar year plans).
For additional information, employee notices, links, and renewal reminders, login to our service at
To download the Compliance Calendar for 2015, click here.
OSHA’s New Reporting and Recordkeeping Rule Goes into Effect on January 1, 2015
Source: ThinkHR.com
On September 11, 2014, the U.S. Department of Labor’s Occupational Safety and Health Administration (OSHA) announced a final rule which updates the reporting and recordkeeping requirements for injuries and illnesses, found at 29 C.F.R. 1904. The rule goes into effect on January 1, 2015.
Changes to recordkeeping requirements
Under OSHA’s recordkeeping regulation, certain covered employers are required to prepare and maintain records of serious occupational injuries and illnesses using the OSHA 300 Log. However, there are two classes of employers that are partially exempt from routinely keeping injury and illness records:
- Employers with 10 or fewer employees at all times during the previous calendar year; and
- Establishments in certain low-hazard industries.
The new rule maintains the exemption for employers with fewer than 10 employees. However, the new rule has an updated list of industries that will be partially exempt from keeping OSHA records. The previous list of partially exempt industries was based on the old Standard Industrial Classification (SIC) system and injury and illness data from the Bureau of Labor Statistics (BLS) from 1996, 1997, and 1998. The new list of partially exempt industries in the updated rule is based on the North American Industry Classification System (NAICS) and injury and illness data from the Bureau of Labor Statistics (BLS) from 2007, 2008, and 2009. As a result, many employers who were once exempted from OSHA’s recordkeeping requirements are now required to keep records. A list of newly covered industries can be found at www.osha.gov/recordkeeping2014/reporting_industries.html.
Changes to the reporting requirements
In addition to revising the recordkeeping requirements, the new rule expands the list of severe injuries and illnesses that employers must report to OSHA. Under the previous rule, employers were required to report the following events to OSHA:
- All work-related fatalities.
- All work-related hospitalizations of three or more employees.
Under the new rule, employers must report the following events to OSHA:
- All work-related fatalities.
- All work-related in-patient hospitalizations of one or more employees.
- All work-related amputations.
- All work-related losses of an eye.
For any fatality that occurs within 30 days of a work-related incident, employers must report the event within eight hours of finding out about it.
For any in-patient hospitalization, amputation, or eye loss that occurs within 24 hours of a work-related incident, employers must report the event within 24 hours of learning about it.
Employers do not have to report an event if the event:
- Resulted from a motor vehicle accident on a public street or highway, except in a construction work zone; employers must report the event if it happened in a construction work zone.
- Occurred on a commercial or public transportation system (airplane, subway, bus, ferry, street car, light rail, train).
- Occurred more than 30 days after the work-related incident in the case of a fatality or more than 24 hours after the work-related incident in the case of an in-patient hospitalization, amputation, or loss of an eye.
Employers do not have to report an in-patient hospitalization if it was for diagnostic testing or observation only. An in-patient hospitalizationis a formal admission to the in-patient service of a hospital or clinic for care or treatment.
Employers do have to report an in-patient hospitalization due to a heart attack, if the heart attack resulted from a work-related incident.
What to report
Employers reporting a fatality, inpatient hospitalization, amputation, or loss of an eye to OSHA must report all of the following information:
- The name of the establishment.
- The location of the work-related incident.
- The time of the work-related incident.
- The type of reportable event (i.e., fatality, inpatient hospitalization, amputation, or loss of an eye).
- The number of employees who suffered the event.
- The names of the employees who suffered the event.
- The contact person and his or her phone number.
- A brief description of the work-related incident.
How to report
Employers can use the following three options to report an event:
- Call the nearest OSHA Area Office during normal business hours.
- Call the 24-hour OSHA hotline (800-321-OSHA or 800-321-6742).
- Report an incident electronically (OSHA is developing a new means of reporting events electronically, which will be released soon and will be accessible on OSHA’s website).
Conclusion
It is recommended that employers familiarize themselves with the final rule and train personnel accordingly. All employers under OSHA jurisdiction, even those who are exempt from maintaining injury and illness records, are required to comply with the new severe injury and illness reporting requirements.
Government releases Form 5500 changes
Originally posted December 17, 2014 by Mike Nesper on Employee Benefit Advisor
The government recently announced changes to the Form 5500 and the Form 5500-SF. The changes, released by the IRS, Employee Benefits Security Administration and the Pension Benefit Guaranty Corporation, are listed on the Department of Labor’s website. They include:
- DOL Form M-1 compliance information. The MEWA Form M-1 compliance information that was filed as an attachment for 2013 now appears as three new questions on the Form 5500.
- Signature and date. The Form 5500 and Form 5500-SF instructions for “signature and date” have been updated to caution filers to check the filing status. If the filing status is "processing stopped" or “unprocessable,” the submission may not have had a valid electronic signature, and depending on the error, may be considered not to have been filed.
- Active participant information. Filers are now required to provide the total number of active participants at the beginning of the plan year and at the end of the plan year on both forms.
- Terminated participant vesting information. Form 5500-SF filers now must provide the number of participants that terminated employment during the plan year with accrued benefits that were not fully vested.
- Multiple-employer plan information. In accordance with the Cooperative and Small Employer Charity Pension Flexibility Act, the Form 5500 and Form 5500-SF now require multiple-employer pension plans and multiple-employer welfare plans to include an attachment that generally identifies each participating employer, and includes a good faith estimate of each employer's percentage of the total contributions during the year.
- Schedule H. The instructions for line 1c(13) have been enhanced to set out what is an investment company registered under the Investment Company Act of 1940.
- Schedule MB. New Line 4f requires plans in critical status to indicate the plan year in which a plan is projected to emerge from critical status or, if the rehabilitation plan is based on forestalling possible insolvency, the plan year in which insolvency is expected.
- Schedule SB. Line 3 has been modified so that the funding target is reported separately for each type of participant (active, retired, or terminated vested). Line 11b has been split into two parts: the calculation based on the prior year’s effective interest rate, and the calculation based on the prior year’s actual return. Line 15 instructions have been expanded to address situations in which the AFTAP was not certified for the plan year. Line 27 and related instructions have been modified to reflect funding changes under the CSEC Act for defined benefit pension plans impacted by the act.
OFCCP Releases Final Rule on LGBT Non-Discrimination
Originally posted December 4, 2014 by Cara Crotty on ThinkHR.com
The Office of Federal Contract Compliance Programs announced yesterday that it is issuing a Final Rule implementing President Obama’s Executive Order that prohibits federal contractors from discriminating on the bases of sexual orientation and gender identity.
This Final Rule will be effective 120 days after publication in the Federal Register (which has not yet occurred) and will apply to federal contracts entered into or modified on or after that date.
What does the Final Rule change?
The EO Clause has been changed to include “sexual orientation” and “gender identity.” However, those contractors that incorporate the EO clause by reference will not need to physically alter their subcontracts or purchase orders.
Contractors must notify applicants and employees of their non-discrimination policy by posting the “EEO is the Law” poster. Presumably, the government will be updating this poster to include these two new categories.
Contractors are also obligated to expressly state in job advertisements that all qualified candidates will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin. The Final Rule provides that employers can satisfy this requirement by including that verbiage or simply indicating that the company is an “equal opportunity employer.”
Although employees hired outside of the United States are not covered by the regulations, if a contractor is not able to obtain a visa of entry for an employee or potential employee to a country in which it is doing business, the regulations require the contractor to notify both the OFCCP and the U.S. Department of State if the contractor believes that the refusal of the visa is because of the individual’s protected characteristic. This requirement now applies to sexual orientation and gender identity status.
The section of the regulations regarding Placement Goals in AAPs has also been updated. Contractors are prohibited from extending preferences on the basis of race, color, religion, sex, sexual orientation, gender identity, or national origin due to specific placement goals.
What is not affected by the Final Rule?
The Final Rule does not change contractors’ reporting and information collection requirements, so contractors are not required to survey or report on the number of LGBT applicants or employees. The required components of Affirmative Action Plans are also not affected.
What should contractors do to comply?
The Final Rule simply adds sexual orientation and gender identity to the sections of the regulation where the other protected categories are listed, so the impact on federal contractors is limited. However, contractors should begin the process of determining whether and when they need to do the following:
- Update the EO Clause in subcontracts and purchase orders;
- Amend the EEO and AA policy to include sexual orientation and gender identity;
- Obtain new “EEO is the Law” posters;
- Modify their EEO tagline on job solicitations; and
- Train appropriate personnel on the new protections.
In addition, the OFCCP has issued FAQs regarding its interpretation of the Final Rule. These will probably be updated periodically as contractors pose questions to the OFCCP.
Why no proposed rule?
You may be wondering whether you missed the Notice of Proposed Rulemaking on this issue. Actually, the OFCCP bypassed the notice and comment period, stating that the “Executive Order was very clear about the steps the Department of Labor was required to take, and left no discretion regarding how to proceed. In such cases, principles of administrative law allow an agency to publish final rules without prior notice and comment when the agency only makes a required change to conform a regulation to the enabling authority, and does not have any discretion in doing so.” (The OFCCP must not have seen all the questions I had after reading the Executive Order.)
ACA lawsuit could have implications beyond health care
Originally posted by Mike Nesper on November 24, 2014 on BenefitNews.com.
Employers should continue preparations to comply with the Affordable Care Act despite House Republicans’ recent lawsuit against President Obama. The lawsuit, announced Friday, challenges the lawfulness of subsidies for lower-income individuals and Obama’s postponement of the employer mandate.
The lawsuit won’t have any short-term effects on the ACA, says Benefit Advisors Network Executive Director Perry Braun. “I would recommend not delaying any implementation plans and to move forward,” he says.
The Supreme Court is expected to rule on ACA subsidies in June — the high court agreed Nov. 7 to hear an appeal by four Virginians who are attempting to block those tax credits in 36 states. “Depending on the ruling and subsequent appeals, it could take until summer for this to be resolved,” Braun says.
The government will pay $175 billion to insurance companies over the next 10 years to help individuals who earn a yearly salary between $11,670 and $29,175 pay for health insurance. “If the lawsuit is successful, poor people would not lose their health care, because the insurance companies would still be required to provide coverage — but without the help of the government subsidy, the companies might be forced to raise costs elsewhere,” according to a Friday New York Times article.
The latest ACA-related lawsuit could have impacts beyond health care, Braun says. “The lawsuit is part of a potentially larger story, which is to have the judicial branch confirm what authority the president of United States has in changing or amending laws and what is the role of Congress,” he says. “The separation of powers is, in my opinion, the story here.”
It’s likely attempts to alter the health care law won’t be limited to the court room. In less than six weeks, Republicans will control both houses of Congress and top broker organizations expect another vote to repeal the ACA, however, they say, it’s more of a symbolic gesture than anything else. (So far, there have been 54 votes to either repeal or change the ACA).
Alden Bianchi, practice group leader of Mintz Levin’s employee benefits and executive compensation practice, says last week’s lawsuit is along the same line. “There is no substance here,” he says. “This is, as best I can tell, political. I would guess that the intention is to keep the ACA alive as a campaign issue going into 2016.”
Top 10 401(k) compliance mistakes auditors catch
There are a number of emerging Department of Labor issues that employers should be aware of in order to ensure their benefit plans are compliant and being properly administered. Knowing the DOL is going to be vigilant in these areas means that now is a good time to review benefit plan documentation and administrative practices to ensure compliance.
Here are the top-10 mistakes auditors catch:
1. Late or erratic payment of employee deferrals. According to the DOL, contributions must be paid as soon as administratively feasible, but no later than the 15th business day of the following month (when deferrals are withheld). Employee contributions should be within this time frame, but also consistently remitted among all payrolls and pay periods.
2. Oversights in calculating employee contributions. 401(k) contributions should be determined in accordance with the plan document (which should include the definition of compensation) andin accordance with employees’ instructions.
3. Misunderstanding of the vesting period. Each plan defines when employees reach one year of service. HR and other departments may calculate it differently.
4. Disregard for break-in service rules. Usually, plans state that when employees leave and are rehired within a certain time frame, that they're automatically eligible to participate in a 401(k) plan. This rule is sometimes overlooked.
5. A growing number of forfeiture accounts. When employees leave and forfeit their 401(k) balances, those funds aren't always used as outlined in the plan, such as for paying employer-plan fees or in the time frame required by the Internal Revenue Service.
6. Incorrect tax witholdings when employees take distributions. People can take distributions from employer-sponsored plans prior to age 59½, but these early-withdrawals must be made in accordance with IRS rules in terms of penalties and any income taxes due.
7. Mistakes with profit-sharing contributions. Errors occur most often when annual calculations are performed manually vs. being automatically tallied through payroll software.
8. Mishandling employee requests. When employee requests, such as changes in deferral percentages, are handled manually, they are sometimes coded incorrectly or simply not entered at all.
9. Disconnect with service-provider contracts. Sometimes, there’s a disconnect between the company and its service provider. Responsibilities should be crystal clear, especially in the areas of hardship withdrawals and informing employees of eligibility.
10 Overlooking the plan's eligibility requirements. Some employees may be enrolled too early or too late ― or forgotten altogether, which can be the case with employees working at another corporate affiliate or division.
CMS delays enforcement of health plan identifiers in HIPAA transactions
Originally posted by Alden Bianchi on EBN on November 6, 2014.
In a surprise move, the Centers for Medicare & Medicaid Services (CMS) announced an indefinite delay in enforcement of regulations pertaining to “health plan enumeration and use of the Health Plan Identifier (HPID) in HIPAA transactions” that would have otherwise required self-funded employer group health plans (among other “covered entities”) to take action as early as November 5, 2014.
The CMS statement reads as follows:
Statement of Enforcement Discretion regarding 45 CFR 162 Subpart E – Standard Unique Health Identifier for Health Plans
Effective Oct. 31, 2014, the CMS Office of E-Health Standards and Services (OESS), the division of the Department of Health & Human Services that is responsible for enforcement of compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) standard transactions, code sets, unique identifiers and operating rules, announces a delay, until further notice, in enforcement of 45 CFR 162, Subpart E, the regulations pertaining to health plan enumeration and use of the Health Plan Identifier (HPID) in HIPAA transactions adopted in the HPID final rule (CMS-0040-F). This enforcement delay applies to all HIPAA covered entities, including health care providers, health plans, and healthcare clearinghouses.
On Sept. 23, 2014, the National Committee on Vital and Health Statistics (NCVHS), an advisory body to HHS, recommended that HHS rectify in rulemaking that all covered entities (health plans, health care providers and clearinghouses, and their business associates) not use the HPID in the HIPAA transactions. This enforcement discretion will allow HHS to review the NCVHS’s recommendation and consider any appropriate next steps.
The CMS statement followed, but was not anticipated by, a recent series of FAQs that provided some important and welcome clarifications on how employer-sponsored group health plans might comply with the HPID requirements.
Background
Congress enacted the HIPAA administrative simplification provisions to improve the efficiency and effectiveness of the health care system. These provisions required HHS to adopt national standards for electronic health care transactions and code sets, unique health identifiers, and security. As originally enacted, HIPAA directed HHS to establish standards for assigning unique health identifiers for each individual, employer, health plan, and health care provider. The Affordable Care Act modified and expanded these requirements to include an HPID. On Sept. 5, 2012, HHS published final regulations adopting HPID enumeration standards for health plans (“enumeration” is the process of getting an HPID).
For the purposes of HPID enumeration, health plans are divided into controlling health plans (CHPs) and sub-health plans (SHPs). Large CHPs (i.e., those with more than $5 million in annual claims) would have been required to obtain HPIDs by Nov. 5, 2014. Small controlling health plans had an additional year, until November 5, 2015.
The Issue(s)
While we have no idea what led the NCVHS to recommend to CMS that it abruptly suspend the HPID rules, we can make an educated guess—two guesses, actually.
What is it that is being regulated here?
The HIPAA administrative simplification rules apply to “covered entities.” i.e., health care providers, health plans, and health care data clearing houses. Confusingly, the term health plan includes both group health insurance sponsored and sold by state-licensed insurance carriers and employer-sponsored group health plans. Once HHS began issuing regulations, it became apparent that this law was directed principally at health care providers and health insurance issuers or carriers. Employer-sponsored group health plans were an afterthought. The problem for this latter group of covered entities is determining what, exactly, is being regulated. The regulatory scheme treats an employer’s group health plan as a legally distinct entity, separate and apart from the employer/plan sponsor. This approach is, of course, at odds with the experience of most human resource managers, employees and others, who view a company’s group health plan as a product or service that is “outsourced” to a vendor. In the case of an insured plan, the vendor is the carrier; in the case of a self-funded plan, the vendor is a third-party administrator.
The idea that a group health plan may be treated as a separate legal entity is not new. The civil enforcement provisions of the Employee Retirement Income Security Act of 1974 (ERISA) permit an employee benefit plan (which includes most group health plans) to be sued in its own name. (ERISA § 502(d) is captioned, “Status of employee benefit plan as entity.”) The approach taken under HIPAA merely extends this concept. But what exactly is an employee benefit plan? In a case decided in 2000, the Supreme Court gave us an answer, saying:
“One is thus left to the common understanding of the word ‘plan’ as referring to a scheme decided upon in advance . . . Here the scheme comprises a set of rules that define the rights of a beneficiary and provide for their enforcement. Rules governing collection of premiums, definition of benefits, submission of claims, and resolution of disagreements over entitlement to services are the sorts of provisions that constitute a plan.” (Pegram v. Herdrich, 530 U.S. 211, 213 (2000).)
Thus, what HHS has done in the regulations implementing the various HIPAA administrative simplification provisions is to impose rules on a set of promises and an accompanying administrative scheme. (Is there any wonder that these rules have proved difficult to administer?) The ERISA regulatory regime neither recognizes nor easily accommodates controlling health plans (CHPs) and subhealth plans (SHPs). The FAQs referred to above attempted to address this problem by permitting plan sponsors to apply for one HPID for each ERISA plan even if a number of separate benefit plan components (e.g., medical, Rx, dental, and vision) are combined in a wrap plan. It left in place a larger, existential problem, however: It’s one thing to regulate a covered entity that is a large, integrated health care system; it’s quite another to regulate a set of promises. The delay in the HPID enumeration rules announced in the statement set out above appears to us to be a tacit admission of this fact.
Why not permit a TPA to handle the HPID application process?
One of the baffling features of the recently suspended HPID rules is CMS’ rigid insistence on having the employer, in its capacity as group health plan sponsor, file for its own HPID. It was only very recently that CMS relented and allowed the employer to delegate the task of applying for an HPID for a self-funded plan to its third party administrator. By cutting third party administrators out of the HPID enumeration process, the regulators invited confusion. The reticence on CMS’ part to permit assistance by third parties can be traced to another structural anomaly. While HIPAA views TPAs in a supporting role (i.e., business associates), in the real world of self-funded group health plan administration, TPAs function for the most part autonomously. (To be fair to CMS, complexity multiplies quickly when, as is often the case, a TPA is also a licensed carrier that is providing administrative-services-only, begging the question: Are transmissions being made as a carrier or third party administrator?)
HIPAA Compliance
That the HPID enumeration rules have been delayed does not mean that employers which sponsor self-funded plans have nothing to do. The HIPAA privacy rule imposes on covered entities a series of requirements that must be adhered to. These include the following:
Privacy Policies and Procedures: A covered entity must adopt written privacy policies and procedures that are consistent with the privacy rule.
Privacy Personnel: A covered entity must designate a privacy official responsible for developing and implementing its privacy policies and procedures, and a contact person or contact office responsible for receiving complaints and providing individuals with information on the covered entity’s privacy practices.
Workforce Training and Management: Workforce members include employees, volunteers, and trainees, and may also include other persons whose conduct is under the direct control of the covered entity (whether or not they are paid by the entity). A covered entity must train all workforce members on its privacy policies and procedures, as necessary and appropriate for them to carry out their functions. A covered entity must also have and apply appropriate sanctions against workforce members who violate its privacy policies and procedures or the Privacy Rule.
Mitigation: A covered entity must mitigate, to the extent practicable, any harmful effect it learns was caused by use or disclosure of protected health information by its workforce or its business associates in violation of its privacy policies and procedures or the Privacy Rule.
Data Safeguards: A covered entity must maintain reasonable and appropriate administrative, technical, and physical safeguards to prevent intentional or unintentional use or disclosure of protected health information in violation of the Privacy Rule and to limit its incidental use and disclosure pursuant to otherwise permitted or required use or disclosure.
Complaints: A covered entity must have procedures for individuals to complain about its compliance with its privacy policies and procedures and the Privacy Rule. The covered entity must explain those procedures in its privacy practices notice. Among other things, the covered entity must identify to whom individuals at the covered entity may submit complaints and advise that complaints also may be submitted to the Secretary of HHS.
Retaliation and Waiver: A covered entity may not retaliate against a person for exercising rights provided by the Privacy Rule, for assisting in an investigation by HHS or another appropriate authority, or for opposing an act or practice that the person believes in good faith violates the Privacy Rule. A covered entity may not require an individual to waive any right under the Privacy Rule as a condition for obtaining treatment, payment, and enrollment or benefits eligibility.
Documentation and Record Retention: A covered entity must maintain, until six years after the later of the date of their creation or last effective date, its privacy policies and procedures, its privacy practices notices, disposition of complaints, and other actions, activities, and designations that the Privacy Rule requires to be documented.
The HIPAA security rule requires covered entities to conduct a risk assessment, and to adopt policies and procedures governing two dozen or so security parameters.
United States: You've Acquired A New Qualified Retirement Plan? Time For A Compliance Check
Originally posted October 20, 2014 by Nancy Gerrie and Jeffrey M. Holdvogt of Mondaq Business Briefing, on www.ifebp.org.
In connection with a merger or acquisition, an acquiring company may end up assuming sponsorship of a tax-qualified retirement plan that covers employees of the acquired company. Basic due diligence on the plan likely was done during the acquisition. But if the plan will continue to be maintained following the acquisition, this is the perfect time to establish procedures to ensure that the numerous administrative and fiduciary requirements involved in maintaining a qualified retirement plan will continue to be met on an ongoing basis. Following is a brief summary of some key issues that a company should focus on after it assumes a new qualified retirement plan.
Review Compliance with Coverage and Nondiscrimination Testing
In order for the plan to retain its tax-qualified status, the Internal Revenue Code requires that a qualified retirement plan be tested periodically to ensure that it does not discriminate in favor of highly compensated employees. Two of the most important tests to be monitored are: (i) the coverage test, to ensure that the plan covers a stated minimum number of non-highly compensated employees on a controlled group (employer-wide) basis, and (ii) the nondiscrimination test, to ensure that the formula for determining the amount of contributions and benefits a particular participant receives does not discriminate in favor of highly compensated employees. Advance planning should be done to determine the impact of the acquisition on these tests, both for the new plan and any existing plans within the controlled group. Different rules may apply for determining which employees are highly compensated, depending on the type of transaction.
Become Familiar with the Plan's Investments and Investment Policy
The acquiring company, or more typically a committee appointed by the acquiring company, will have fiduciary responsibility for selecting the plan's investments, including the investment funds offered under a 401(k) or other individual account retirement plan. Plan fiduciaries, who likely will be newly appointed following the acquisition, must familiarize themselves with the fund lineup, obtain information to evaluate the funds and document how they monitor and select funds to ensure compliance with U.S. Department of Labor requirements. Plan fiduciaries also should familiarize themselves with the plan's written investment policy or guidelines, refer to the investment policy or guidelines when meeting to discuss changes to plan investments and update the policy or guidelines, as needed.
Understand Plan Fees and Revenue Sharing
New plan fiduciaries should carefully review any revenue-sharing arrangements related to the plan and understand the plan's use of so-called "12b-1 fees" and other revenue-sharing payments. Plan fiduciaries must understand the formula, methodology and assumptions used to determine the respective share of any revenue generated from plan investments by the plan's service provider. Plan fiduciaries also must monitor the arrangement and the service provider's performance to ensure that the revenue owed to the plan is calculated correctly and that the amounts are applied properly (for example, for payment of proper plan expenses or for reallocation to participants' plan accounts).
Review Consultant, Investment Manager and Service Provider Agreements
Qualified retirement plan fiduciaries typically have agreements with various consultants, investment managers and service providers that carry over following an acquisition. This is a good time to review these agreements, both to understand the service providers (and whether they are still needed) and to make sure plan fiduciaries are set up to properly monitor and select new service providers, as needed. In particular, plan fiduciaries should understand whether the consultant or advisor represents itself to be a fiduciary or co-fiduciary of the plan, whether the consultant or advisor maintains adequate insurance coverage, whether fees are reasonable and whether any conflicts of interest exist.
Ensure the Plan's Eligibility Provisions Reflect the New Controlled Group
The plan document will specify precise rules for employee eligibility. Following an acquisition, the acquiring company often must update the plan's eligibility provisions to reflect the new controlled group. In addition, with new administrators and new human resources personnel likely to be looking at the plan, this is an ideal time to make sure the plan is following the eligibility and enrollment rules set forth in the plan document, including: (1) eligibility for or exclusion of part-time employees; (2) proper classification of independent contractors; (3) adherence to hours-of-service counting rules or the elapsed-time alternative; (4) re-enrollment of rehired participants; and (5) for automatic enrollment plans, proper automatic enrollment for eligible employees on a timely basis.
Check the Plan's Definition(s) of Compensation
A plan's definition of compensation is used for a variety of important purposes, including the calculation of an employee's allocation in a defined contribution plan or benefit accruals in a defined benefit plan, adherence to limitations on allowable compensation and performing nondiscrimination testing. The plan document must specify precise definitions for applicable compensation for each purpose. Problems frequently arise following an acquisition because the payroll provider may change or key personnel who understood how compensation was applied under the plan may be gone. Also, the transaction agreement may require the continuation of certain benefit levels for a period of time, which in practice may require that the plan continue to apply the same definition of eligible compensation as before the transaction. Plan administrators should review payroll codes against the plan's definition of compensation and make adjustments to either the plan or the payroll codes, as needed.
Review the Distribution Paperwork
The acquiring company will usually update the plan's summary plan description and employee communications to reflect the new employer. However, distribution paperwork, including benefit election and rollover forms that the employee must complete, as well as descriptions of optional forms of benefits and other required disclosures, is often overlooked in the due diligence and transition process. If election forms are not periodically reviewed and updated, the plan may fail to provide all the correct options (for example, installments, annuities and lump sums, where available) or fail to require spousal consent for distributions, where it is required under plan rules.
Update ERISA Fidelity Bonds and Fiduciary Insurance Coverage
One of the most common failures noted by the Department of Labor during audits is a plan's maintenance of an Employee Retirement Income Security Act (ERISA) fidelity bond. ERISA generally requires that every fiduciary of an employee benefit plan and every person who handles funds or other property of such a plan be bonded (for at least 10 percent of the amount of funds he or she handles, subject to a $500,000 maximum per plan for plans that do not hold employer securities) to protect from risk of loss due to fraud or dishonesty on the part of persons who "handle" plan funds or other property. The period after an acquisition is an excellent time to make sure the plan maintains appropriate bonds, as well as to make sure the company is adequately protected with fiduciary insurance coverage, which may be with the same insurer as the fidelity bond.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Is it time for a checkup for your client's 401(k) plan?
As we approach the end of the plan year for most plans, now is a good time for plan administrators and plan sponsors to give their 401(k) plans a quick once over to see if everything is properly in place. The IRS even provides a 401(k) plan checklist with some suggested corrective mechanisms that can be taken to bring plans into compliance.
A good starting place for a compliance tune up is to see if you can answer some basic questions about your plan:
- Who are the trustees?
- Who is the plan administrator?
- Who are the outside service providers and how often are they contacted?
- What are the plan’s eligibility rules and who is responsible for verifying them?
- How are participants notified of eligibility?
- How is plan documentation distributed?
- Where are the plan records kept?
- Who is responsible for preparing and filing the form 5500?
After you get past these, some basic questions about plan administration come into play:
- Who keeps track of contributions and limits?
- How does the plan define “compensation”?
- What is the vesting schedule?
- Are there required contributions from the employer?
- Who is responsible for the discrimination testing?
- Does the plan permit loans and how are they tracked?
- Who is responsible for reporting to participants?
- How are distributions made and who is the contact person?
The reason I bring this topic up is that I was recently working with a client who had one person who was solely responsible for benefit administration. Unfortunately that person passed away suddenly and no other person in the organization could answer any questions about the 401(k) plan. Although it seems like the above information is simple to collect, the company still spent hours and hours recreating the plan history because they neglected to keep a record of how the answers to these questions had changed over the years.
Think of your 401(k) plan as a well maintained car. It needs a check up on a regular basis to keep running smoothly. You have to keep records of what was done and you have to know where the important information is if you need it. Just like your car, you hope your 401(k) plan never breaks down. But in anticipation of a future problem, it is worthwhile to stop and make a record of the responsibility for plan administration and the current status of the plan. That way it will be easier to make repairs if they ever become needed.