Regulation Roundup: The Hits Keep On Coming

Source: United Benefit Advisors

The federal government in the past few weeks has kept up the fast pace of pumping out benefits-related guidance -- a trend that started at the end of 2012 --  with a set of final and proposed regulations for the health care reform law, a final HIPAA rule and a compromise on the Obama administration's coverage requirement for contraceptives.

HIPAA: The Department of Health and Human Services (HHS) released its HIPAA omnibus final rule in late January. The final rule establishes new rights for individuals to access their health information, calls for updates to business associate contracts, beefs up privacy protections for patients and gives the government more power to enforce the law, according to a HealthLeaders Media article.

Employers should expect tougher policing of HIPAA-related infractions by federal agencies, experts say.

"The 'good old days' of voluntary compliance and 'slaps on the wrist' seem to be a thing of the past," Brad M. Rostolsky, a partner with Reed Smith, LLP, told HealthLeaders Media. "As a result, it's important that regulated businesses, from the top down, are seen to have buy-in to HIPAA compliance efforts."

Contraception Compromise: HHS has tweaked its requirement that religious nonprofit organizations provide their female members coverage for birth control, according to a PPACA Advisor release from United Benefit Advisors (UBA). Instead, insurance companies, after being notified of the employer's objection to the coverage, would be required to provide coverage at no cost to workers through separate policies. If the employer is self-insured, it can use a third party to set up a separate health policy that would provide coverage for contraceptives. The costs for this action may be be offset by the fees that insurers will pay to participate in the government-run health care exchanges, slated to go online in 2014.

Affordability: The IRS finalized a rule that clarified that the health coverage "affordability" requirement (that an employee's premium contribution not exceed 9.5 percent of household income) under the Patient Protection and Affordable Care Act (PPACA) will be based on self-only coverage, according to a Business Insurance online report. Employers with plans that fail that test face a $3,000 penalty for each full-time employee who is not offered affordable coverage and instead receives a premium subsidy from the government to purchase insurance in a health care exchange. The proposed regulation left open the possibility that the affordability test might have applied to family coverage, but the IRS removed that scenario with its final rule.

HRAs: A new set of frequently asked questions posted by federal agencies limits the use of health reimbursement arrangements (HRAs) in the coming government-run health insurance exchanges, an online report by the Society for Human Resource Management (SHRM) notes. The FAQs state that an HRA that is not integrated with a group health plan but instead functions as a "stand-alone" benefit falls under the PPACA provision that limits the annual amount an individual is required to spend on health care coverage. The report points out that this restriction means funds from stand-alone HRAs can't be used to buy individual coverage through the online exchanges, slated to open in 2014.

Timothy Jost, a professor at Washington and Lee University School of Law, told SHRM that many employers were hoping to offer employees "a fixed-dollar contribution" through an HRA. Such a move "would permit the employee to take advantage of the tax subsidies currently available through HRA coverage but get the employer out of the health insurance business." For many employers, this now will not be possible.

Minimum Coverage: A proposed PPACA rule clarifies what types of services would be considered "minimal essential coverage," UBA reports. Services such as on-site clinics, limited-scope dental and vision, long-term care, disability income and accident-only income would not qualify as employer-sponsored minimal essential coverage. More details can be found in the Federal Register: https://www.gpo.gov/fdsys/pkg/FR-2013-02-01/pdf/2013-02141.pdf

Exchange Notice Delay: Employers who were concerned about a fast-approaching deadline to distribute notices on the exchanges can relax for a few more months. The Department of Labor (DOL) has pushed the date (originally March 1) to late summer or early fall. The DOL is preparing model language for the notice, and a final date will be announced later, the agency said.

 


Health Care Reform and the Benefits Renewal Process

Source: United Benefit Advisors

By Mick Constantinou

The Supreme Court decision last June removed the remaining obstacles blocking implementation of health care reform. Prior to the ruling, many employers took a “wait and see” approach and were left scrambling to qualify and quantify how those aspects of the Patient Protection and Affordable Care Act (PPACA) of 2010 that went into effect January 2013 would impact their business and their employees.

Beginning in 2014, the requirements of PPACA will change the way employers plan and execute their benefits renewal process. The difference is that the impacts forthcoming, both financially and in terms of access to health care, will be far greater than those elements of health care reform that have been implemented to date.

Employers and employees will be left scrambling again if the age-old, “I worry about our benefits during the last three months of our plan year,” paradigm continues. There are decisions that should be made between now and 2014 because the changes are far greater in scope. Mishandling or delaying the question of health benefits now can carry a big price tag in dollars, reputation, competitiveness, retention, employee engagement or a combination of all of the above.

In its current form and implementation schedule, PPACA will forever alter how health care is purchased, delivered and funded by employers. The complexities of the law will touch all employers, regardless of their size, and all employees in a variety of ways and to varying degrees. The impact, often referred to as “play or pay” or “the mandate”, is different for groups with under 50 or more than 50 full-time employees.

Employers that currently offer group benefits or are thinking about offering group benefits, regardless of the number of full-time equivalent employees, should include the following as part of their planning process during 2013:

Minimum Value - Determine the actuarial value (AV) of their current plan design as well as calculate the AV of plans under consideration for 2013 to ensure the designs comply with the minimum requirement to cover an estimated 60 percent (the bronze standard) of covered health care expenses.

Affordability – Confirm your current employee contributions satisfy the affordability test of costing no more than 9.5 percent of an employee’s earnings.

Tax Subsidies – Identify which employees may qualify for subsidized health care through the exchanges and therefore subject you to a $3,000 annualized penalty.

Penalties – If you decide to pay the $2,000-per-employee penalty rather than continue to offer employer-sponsored group coverage, you should calculate which of your employees would be better off and which would be worse off with such a decision.

Medicaid – Quantify how the expansion of Medicaid will impact your costs and which employees will qualify under the new rules and Medicaid tables.

Eligibility – Review how your current benefits eligibility will be altered by the new regulations on eligibility.

Enforcement – Understand when and how the new rules are expected to be enforced, and be aware of the new requirements placed on employers and employees to ensure compliance with the provisions of the health care reform law.

The capabilities, expertise and analytical tools available to benefit advisors that support employers are key value-adds. Employer groups should consider these as part of their checklist when vetting the advisory firm that can best support them through 2013 in preparation for 2014 and beyond. Employers require compliance programs, solutions and services designed to help them stay informed, manage changes in benefits compliance and labor laws, and be prepared for the impacts in 2014 with sound analytics.

Employers will have a number of obligations and opportunities related to health care reform. This law is complicated, and each employer will need to base its decisions on its particular situation, which will require an advisor with the analytical tools to model a variety of scenarios specific to your company.

 


Significant Changes for Health Care Providers, Health Plans, and Their Business Associates and Subcontractors in Final HIPAA Privacy Regulations

Source: United Benefit Advisors
By: Jackson Lewis LLP

The Office for Civil Rights ("OCR") of the U.S. Department of Health and Human Services published its long-awaited final privacy and security regulations ("Final Rule") under the Health Insurance Portability and Accountability Act ("HIPAA") on January 25, 2013. The Final Rule becomes effective March 26, 2013, and, in general, covered entities and business associates are required to comply by September 23, 2013.

The Final Rule addresses four key areas: (i) changes made by the Health Information for Economic and Clinical Health Act ("HITECH Act"); (ii) the HIPAA enforcement rule; (iii) updates to the data breach notification regulations; and (iv) changes made by the Genetic Information Nondiscrimination Act. Some significant changes are summarized below.

Business Associates and Subcontractors

One of the most significant changes under the HITECH Act is that it makes Business Associates (“BAs”) directly liable under certain provisions of the HIPAA privacy and security rules (“HIPAA Rules”). In addition, the Final Rule provides further guidance concerning which entities are BAs, resulting in the treatment of certain subcontractors of BAs as BAs themselves, directly subject to the HIPAA Rules. The Final Rule, for example, clarifies that a BA is a person who performs functions or activities on behalf of, or certain services for, a covered entity or another BA that involve the use or disclosure of protected health information (“PHI”).

Importantly, the Final Rule establishes that a person becomes a BA by definition, not by the act of contracting with a covered entity or otherwise. Therefore, direct liability for the BA under the HIPAA Rules and HITECH Act for impermissible uses and disclosures and other provisions attaches immediately when a person creates, receives, maintains, or transmits PHI on behalf of a covered entity or BA and otherwise meets the BA definition. As a result of some of these changes, covered entities and BAs should consider re-examining their relationships with their subcontractors to ensure they obtain the appropriate, satisfactory assurances concerning the PHI they make available to those subcontractors. For more information about identifying BAs and subcontractors, see Final HIPAA Regulations: “Business Associates” Include Subcontractors, Data Storage Companies (Cloud Providers?).

The Final Rule also clarifies the BAs are directly liable under the HIPAA Rules for:

  1. uses and disclosures of PHI not permitted under HIPAA;
  2. a failure to provide breach notification to the covered entity;
  3. a failure to provide access to a copy of electronic PHI to the covered entity, the individual, or the individual's designee (as specified in the business associate agreement ("BAA");
  4. a failure to disclose PHI to the Secretary of Health and Human Services to investigate or determine the BA's compliance with the HIPAA Rules;
  5. a failure to provide an accounting of disclosures; and
  6. a failure to comply with the HIPAA Security Rule.

BAs remain contractually liable for the other provisions of BAAs.

In attempting to minimize this liability, the Final Rule also confirms that OCR does not endorse any "certification" process for compliance with the HIPAA Rules or HITECH Act. Thus, BAs and subcontractors should not rely on such programs that may be available. However, it is critical that BAAs be updated to reflect new requirements and to allocate certain liabilities and responsibilities. A transition rule under the Final Rule permits covered entities and BAs to continue operation under certain existing contracts for up to one year beyond the compliance date (September 23, 2013). A qualifying BAA will be deemed compliant until the earlier of (i) the date such agreement is renewed or modified on or after September 23, 2013, or (ii) September 22, 2014. The transition rule applies only to the language in the agreements, the parties must operate as required under the HIPAA Rules in accordance with the applicable compliance dates.

Breach Notification Rule

The Final Rule retains many requirements from the interim final breach notification rule. However, it removes the "risk of harm" standard in exchange for a more objective standard for determining whether a "breach" has occurred. (Thus, inquiry into whether there is a significant risk of harm to privacy and security is no longer appropriate.) The Final Rule establishes a presumption that impermissible uses and disclosures of PHI are breaches, unless an exception applies. Covered entities can rebut that presumption (removing the notification requirement) by engaging in a risk assessment to determine whether there is a low probability that PHI has been compromised. However, because of the presumption, covered entities may avoid the risk assessment and provide notification.

A risk assessment would examine at least the following four factors:

  1. the nature and extent of the PHI involved, including the types of identifiers and the likelihood of re-identification;
  2. the unauthorized person who used the PHI or to whom the disclosure was made;
  3. whether the PHI was actually acquired or viewed; and
  4. the extent to which the risk to the PHI has been mitigated.

 

If no exception applies and, after reviewing all of these factors, the covered entity cannot demonstrate that there is a low probability of compromise to the PHI, notification is required. The OCR cautioned that, when working through these factors, many forms of health information can be sensitive, not just information about sexually transmitted diseases, mental health diseases or substance abuse. In addition, the OCR confirmed that violations of the minimum necessary rules also could result in breaches requiring notification.

OCR clarified other aspects of the breach notification rule:

  • The time for notification begins to run when the incident is known to have occurred, not when it has been determined to be a breach. However, a covered entity is expected to make notifications after a reasonable time to investigate the circumstances surrounding the breach in order to collect and develop the information required to be included in the notice to the individual(s).
  • The obligation to determine whether a breach has occurred and to notify individuals remains with the covered entity. However, covered entities can delegate these functions to third parties or BAs.
  • Written notification by first-class mail is the general, default rule. However, individuals who affirmatively agree to receive notice by e-mail may be notified accordingly. In limited cases, individuals who affirmatively agree to be notified orally or by telephone may be contacted though those means with instructions on how to pick up the written notice.
  • Notices of Privacy Practices must include a statement that covered entities must notify affected individual following a breach.

 

Enforcement Rule

The Final Rule implements the changes HITECH Act made to the enforcement provisions of the HIPAA rules, including penalty amounts, which now also apply to BAs. The HITECH Act penalty scheme can be summarized as follows:

  • "Did not know" penalty - amount not less than $100 or more than $50,000 per violation when it is established the covered entity or BA did not know and, by exercising reasonable diligence, would not have known of a violation;
  • "Reasonable cause" penalty - amount not less than $1,000 or more than $50,000 per violation when it is established the violation was due to reasonable cause and not to willful neglect;
  • "Willful neglect-corrected" penalty - amount not less than $10,000 or more than $50,000 per violation when it is established the violation was due to willful neglect and was timely corrected;
  • "Willful neglect-not corrected" penalty - amount not less than $50,000 for each violation when it is established the violation was due to willful neglect and was not timely corrected.

A penalty for violations of the same requirement or prohibition under any of these categories may not exceed $1,500,000 in a calendar year.

In addition, OCR made clear in the Final Rule that it will investigate a complaint and it will conduct a compliance review when the circumstances or its preliminary review suggests willful neglect is possible. Willful neglect is defined at 45 CFR § 160.401 as the "conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated." The term not only presumes actual or constructive knowledge a violation is virtually certain to occur, but also encompasses a conscious intent or degree of recklessness with regard to compliance obligations. The proposed regulations provided examples of where willful neglect may be found:

  • A covered entity disposed of several hard drives containing electronic PHI in an unsecured dumpster, in violation of § 164.530(c) and § 164.310(d)(2)(i). HHS's investigation reveals the covered entity had failed to implement any policies and procedures to reasonably and appropriately safeguard PHI during the disposal process.
  • A covered entity failed to respond to an individual's request that it restrict its uses and disclosures of PHI about the individual. HHS's investigation reveals the covered entity does not have any policies and procedures for consideration of restriction requests it receives and refuses to accept any requests for restrictions from individual patients who inquire.
  • A covered entity's employee lost an unencrypted laptop that contained unsecured PHI. HHS's investigation reveals the covered entity feared its reputation would be harmed if information about the incident became public and, therefore, decided not to provide notification as required by § 164.400 et seq.

 

Genetic Information Nondiscrimination Act

The Genetic Information Nondiscrimination Act (GINA) prohibits discrimination on the basis of an individual's genetic information. GINA also contains privacy protections for genetic information that requires HHS to modify the HIPAA Rules. The protections require (i) clarification that genetic information is health information and (ii) health plans, health plan issuers and issuers of Medicare supplemental policies be prohibited from using or disclosing genetic information for underwriting purposes. The Final Rule implements these protections by incorporating certain definitions from GINA and other provisions relating to health plans (health care providers are generally not subject to these provisions). In addition, the Final Rule requires a change to the Notice of Privacy Practices for health plans. Namely, if a covered health plan will be using PHI for underwriting purposes (such as in a wellness program), the plan's Notice of Privacy Practices must include a statement that PHI that is genetic information may not be used for this purpose.

Action Needed

The Final Rule includes substantial changes to the HIPAA Final Rules for covered health care providers and health plans, as well as their BAs. These entities will need to review these regulations carefully and make appropriate adjustments in their policies and procedures, workforce training, privacy and other notices, systems, as well as their agreements. Most of this will need to be completed by September 23, 2013, although a transition rule will allow a one-year extension until September 23, 2014 to amend certain existing business associate agreements.


Exchange Notice Requirements Delayed

The Affordable Care Act (ACA) requires employers to provide all new hires and current employees with a written notice about ACA’s health insurance exchanges (Exchanges), effective March 1, 2013.

On Jan. 24, 2013, the Department of Labor (DOL) announced that employers will not be held to the March 1, 2013, deadline. They will not have to comply until final regulations are issued and a final effective date is specified.

This Power Group Companies Legislative Brief details the expected timeline for the exchange notice requirements.

Exchange Notice Requirements

In general, the notice must:

  • Inform employees about the existence of the Exchange and give a description of the services provided by the Exchange;
  • Explain how employees may be eligible for a premium tax credit or a cost-sharing reduction if the employer's plan does not meet certain requirements;
  • Inform employees that if they purchase coverage through the Exchange, they may lose any employer contribution toward the cost of employer-provided coverage, and that all or a portion of this employer contribution may be excludable for federal income tax purposes; and
  • Include contact information for the Exchange and an explanation of appeal rights.

This requirement is found in Section 18B of the Fair Labor Standards Act (FLSA), which was created by the ACA. The DOL has not yet issued a model notice or regulations about the employer notice requirement.

When do Employers have to Comply with the Exchange Notice Requirements?

Section 18B provides that employer compliance with the notice requirements must be carried out "[i]n accordance with regulations promulgated by the Secretary [of Labor]." Accordingly, the DOL has announced that, until regulations are issued and become applicable, employers are not required to comply with the exchange notice requirements.

The DOL has concluded that the notice requirement will not take effect on March 1, 2013, for several reasons. First, this notice should be coordinated with HHS's educational efforts and IRS guidance on minimum value. Second, the DOL is committed to a smooth implementation process, including:

  • Providing employers with sufficient time to comply; and
  • Selecting an applicability date that ensures that employees receive the information at a meaningful time.

The DOL expects that the timing for distribution of notices will be the late summer or fall of 2013, which will coordinate with the open enrollment period for Exchanges.

The DOL is considering providing model, generic language that could be used to satisfy the notice requirement. As a compliance alternative, the DOL is also considering allowing employers to satisfy the notice requirement by providing employees with information using the employer coverage template as discussed in the preamble to the Proposed Rule on Medicaid, Children's Health Insurance Programs and Exchanges.

Future guidance on complying with the notice requirement under FLSA section 18B is expected to provide flexibility and adequate time to comply.

 

 


Medicare Part D Disclosure to CMS Due February 28

Have you made your 2012 Medicare Part D Disclosure to the Centers for Medicare and Medicaid Services (CMS) yet?

If not, we want to remind you that the deadline is approaching.

Employers who sponsor group health plans that cover any prescription drugs generally must disclose whether the plan provides creditable or noncreditable prescription drug coverage to CMS within 60 days of the start of a new plan year. The deadline for calendar year plans is February 28.

Filing is done electronically using the CMS web site. Instructions also are available there.


2013 Inflation Adjustments

Source: United Benefit Advisors
By: Chadron J. Patton

Following recent announcements by both the IRS and the Social Security Administration, we now know most of the dollar amounts that employers will need to administer their benefit plans for 2013.  Many of the new numbers are slightly higher than their 2012 counterparts. For instance, the annual 401(k), 403(b), or 457(b) deferral limit will increase from $17,000 to $17,500; the Section 415 limit on annual additions to a participant's account will go from $50,000 to $51,000; and the annual compensation limit will increase from $250,000 to $255,000.  (The annual retirement plan catch-up contribution limit -- $5,500 -- will remain unchanged for 2013.)

The annual compensation threshold used in identifying highly compensated employees (HCEs) remains unchanged for 2013 (at $115,000).  In identifying HCEs for 2013, employers should consider employees who earned at least $115,000 during 2012 (as well as 5% owners during either 2012 or 2013).  This is due to the "look-back" nature of the HCE definition.

The annual limit on IRA contributions (whether traditional or Roth) will increase from $5,000 to $5,500, while the annual limit on IRA catch-up contributions will remain at $1,000.

The maximum contribution to an HSA will increase slightly -- from $3,100 to $3,250 for individual coverage, and from $6,250 to $6,450 for family coverage -- while the maximum HSA catch-up contribution will remain at $1,000.  The minimum deductible for any high-deductible health plan (which must accompany any HSA) will also increase slightly -- from $1,200 to $1,250 for individual coverage, and from $2,400 to $2,500 for family coverage.

A new $2,500 limit on employee deferrals to health FSAs will apply for plan years beginning on or after January 1, 2013.  This $2,500 limit applies only to salary reduction contributions under a health FSA and not to employer contributions.  For this purpose, however, any employer FSA contributions that could have been received in cash are treated as salary reduction contributions.

The Social Security taxable wage base will increase for 2013 -- from $110,100 to $113,700.  A question yet to be answered is whether employees will continue to enjoy a temporary reduction in the long-standing 6.2% "OASDI" tax rate.  For 2011 and 2012, that rate has been temporarily reduced by two percentage points (to 4.2%), as a way of helping to stimulate the economy.  Although there does not appear to be significant sentiment in either of the major political parties to extend this reduction, there is a slight chance that the 4.2% rate will remain in effect for 2013.  (In any event, the employer OASDI tax rate will remain at 6.2%.)

The Medicare tax rate has long been set at 1.45% -- for both employees and employers.  Beginning in 2013, however, the employee Medicare tax rate will increase by 0.9% (to a total of 2.35%) on wages in excess of $200,000 for single filers or $250,000 for joint filers ($125,000 for married individuals filing separately).  Employers must start withholding this additional Medicare tax once an employee's Medicare wages have exceeded $200,000.  This additional Medicare tax does not apply to the employer's share.

To obtain a quick reference card listing the 2013 annual benefit plan amounts, please contact Saxon Financial Consulting

 


Employer Compliance Alert: The HIPAA Police are Here

After several years during which the Department of Health and Human Services (HHS) operated essentially in “complaint-driven” mode with respect to enforcement of the HIPAA Privacy and Security Rules, recent activity suggests a trend toward stricter HIPAA enforcement.  The latest evidence comes in a recently-announced settlement between HHS and the Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates, Inc. (collectively, MEEI).

In this settlement, MEEI has agreed to pay $1.5 million to settle potential violations of the HIPAA Security Rule.  MEEI also agreed to develop a corrective action plan that includes reviewing and revising its existing Security Rule policies and procedures and retaining an independent monitor for a three-year period to conduct semi-annual assessments of MEEI’s compliance with the corrective action plan and report back to HHS.

HHS began its investigation of MEEI after MEEI submitted a breach report, as required by the HIPAA Breach Notification Rule.  The report indicated that an unencrypted personal laptop containing the electronic protected health information (ePHI) of MEEI patients and research subjects had been stolen.  The HHS investigation concluded that MEEI had failed to comply with certain requirements of the HIPAA Security Rule – particularly with respect to the confidentiality of ePHI maintained on portable devices – and that those failures had continued over an extended period of time.

The MEEI settlement is just the latest in a string of recent penalties and settlements stemming from alleged HIPAA privacy and security violations.  From 2003 through 2010, HHS reported that it had received nearly 58,000 privacy complaints and, of those, had resolved more than 52,000.  In fact, during this initial eight-year period after the HIPAA Privacy Rule went into effect, HHS did not impose a single civil monetary penalty for HIPAA violations.

In February of 2011, however, HHS imposed a $4.3 million penalty against Cignet Health of Prince George’s County, Maryland.  HHS found that Cignet had failed to respond to patients’ requests for access to their medical records and that Cignet refused to cooperate in HHS’s investigation.  Later that same month, Massachusetts General Hospital entered into a $1 million settlement with HHS arising out of an incident in which an employee left paper records containing the PHI of 192 patients, including patients with HIV/AIDS, on the subway.

The recent increase in enforcement efforts may be partially attributable to the fact that the available civil penalties increased dramatically as a result of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009.  The HITECH Act provides HHS with substantial leverage in settlement negotiations.

These steep penalties and settlements should serve as a reminder of how important it is to comply with the HIPAA Privacy and Security Rules.  Health plan sponsors should review their existing policies and procedures and remain vigilant in their training of employees.

Julia M. Vander Weele

 


More Guidance on "Full-Time" Employees and 90-Day Waiting Period

Starting in 2014, larger employers (generally, those with 50 or more employees) may face "shared responsibility" penalties if any of their "full-time" employees receive subsidized health coverage through an "Affordable Insurance Exchange."  At the same time, virtually all employer health plans will become subject to a 90-day limit on any eligibility waiting period.  On August 31, the agencies charged with implementing health care reform issued additional guidance on both of these requirements.

In Notice 2012-58, the IRS outlines several safe-harbor methods for determining whether "variable hour" or seasonal employees fall within the "full-time" category (which is generally defined as working 30 or more hours per week).  And in Notice 2012-59, the IRS explains how the maximum 90-day eligibility waiting period is affected by various types of eligibility conditions.  (Notice 2012-59 was also issued in virtually identical form by both the Department of Labor - as Technical Release 2012-02 - and the Department of Health and Human Services.)


A Push for Retirement e-Communication

Industry groups are urging DOL to end paper disclosure requirement

By Brian M. Kalish
Source: eba.benefitnews.com

As new retirement fee disclosures go into effect this summer, a coalition of 15 retirement industry groups are urging the Department of Labor to allow broader use of electronic communication for retirement plan participant disclosures, which are now mailed in paper form to plan participants.

"It's just the way technology is going, you've got people of all ages using the Internet," says Brian Tate, VP, banking and securities at the Financial Services Roundtable, one of the agencies pushing for the changes. "We think it's just an effective way for our members to reach out with their customers."

 

The drive for e-disclosure

Disclosures are there to help plan participants properly plan for their retirement, but "paper is counter-productive to that," says Anne Kim, managing director for policy and strategy at the Progressive Policy Institute, a Washington-based progressive think tank. "Paper is static, it's outdated. If the government's goal is to really help people take charge of retirement, they are going in the wrong direction."

Judy Miller, director of retirement policy at ASPPA - another group advocating for the changes - says there are many reasons why this idea is so valuable, including that it is just easier to read information online and there are many more presentation tools that allow for simplification of sometimes complex information.

"There is an awful lot of paper going out already that is just getting trashed and it's a waste," she says. "There will be even more with the new disclosure rules kicking in, and depending on the nature of the investment, [people] will be getting, in some cases, a box of paper. And we don't think they will be reading it. We think it will be better if they were encouraged to go online where it's easier to drill down and get something out of it."

But, Miller stresses that the industry groups are not saying eliminate paper if a plan participant wants it, rather make it opt-in for paper, rather than opt-out. From a policy standpoint, using defaults such as automatic enrollment and default investments encourages good behavior, Miller says, with people getting more information out of information delivered electronically.

E-communication further allows access "anywhere, anytime, with the device of the user's choosing, and with a better filing system than paper notices," writes Ohio State University Law Professor Peter Swire, in a white paper, "Delivered ERISA Disclosure for Defined Contribution Plans."

That flexibility is important, Swire says, as with paper being stored in one place, "the lack of geographic flexibility can be an obstacle to examining documents and making investment decisions."

There is an additional cost savings involved, Swire says. While the preparation time to meet legal requirements would be the same, there is near zero marginal cost to send a few or a few million disclosures.

 

Will it happen?

The 15 trade associations pushing for the changes sent a letter to DOL at the end of March asking for the policy change, but have yet to receive an official response. "I think that the Department is aware of our concerns, but if you take a step back, you see more and more people, regardless of age, using the Internet and technology to communicate in a way that we couldn't think about five years ago," the Roundtable's Tate says.

Miller adds that while ASPPA is hoping that DOL will act, "we are, frankly, also talking with people on [Capitol] Hill. Because if DOL doesn't act, we are hoping Congress will give them a nudge."

It's inevitable, Kim says, that at some point DOL will change, but "it's a pity in the meantime that people are losing opportunities to take a more active role in managing their savings and getting access to the information they need while DOL sits on their hands.

"There's been enough interest on" moving to e-communication in government, such as IRS e-filing and paying parking tickets online. "The fact that DOL is behind will become so much more obvious," she says.

Tate says that in the end is it about the consumers as "we want to get the information to them as quick as possible. ... We do know they are working in a fast-paced environment ... let's try to make [this] as easy as we can."

Meanwhile, the DOL says in an e-mailed statement to EBA that it has "received a variety of letters on this issue in recent months and ... continue[s] to consider the issues raised in this letter and others that expressed differing perspectives and concerns. EBSA has not yet completed its broader evaluation of the current regulatory standards for the electronic distribution of disclosures required by ERISA, including the potential impacts on the rights and interests of plan participants and beneficiaries."

DOL says in the statement that in the interim, "the Department's current regulation and other guidance on electronic disclosures to participants and beneficiaries are available to plan administrators."

The letter to Phyllis C. Borzi, assistant secretary for the Employee Benefits Security Administration, is signed by 15 trade groups and Miller says that number is very helpful. "I think it's helpful for regulatory agencies when [they] don't have all of us coming in separately," she says. "When we can resolve our positions instead of ... telling them different stories."


What Happens If You Fail to Keep Required OSHA Records?

Source: https://safetydailyadvisor.blr.com

Failure to keep complete and accurate OSHA injury and illness records as required by 29 CFR 1904 can lead to citations and penalties.

 

What happens if you slip up on recordkeeping? OSHA says that where the OSHA 300 and OSHA 301 forms are concerned, the following actions may be taken:

·         When no records have been kept and there have been injuries or illnesses that should have been recorded under the regulations, a citation for failure to keep records will normally be issued.

·         When no records are kept and there have been no injuries or illnesses, a citation will not be issued.

·         When the required records are kept but no entry is made for a specific injury or illness that meets the requirements for recordability, a citation for failure to record the case will normally be issued.

·         When the required records are kept but have not been completed with the detail required by the regulation, or the records contain minor inaccuracies, the records will be reviewed to determine if there are deficiencies that materially impair the understandability of the nature of hazards, injuries and illnesses in the workplace. If the defects in the records materially impair the understandability of the nature of the hazards, injuries and/or illnesses at the workplace, an other-than-serious citation will normally be issued. If not, no citation will be issued.

How far back can OSHA go to cite for recordkeeping violations? A recent court case has changed the story on that.

 

Recent Court Decision Limits Recordkeeping Citations

A recent decision by a District of Columbia circuit court means that OSHA can no longer cite employers for recordkeeping violations that occurred more than 6 months prior. The case involved Volks Constructors in Louisiana, which was cited by the agency 5 years after the first of more than 60 violations.

The court overturned an Occupational Safety and Review Commission decision that held that every day an OSHA log was incorrect constituted a "continuing violation."

According to the law firm Constangy, Brooks & Smith, the recent decision is "significant because it dramatically shortens the time that an employer may be cited for OSHA injury and illness recordkeeping violations."

In the past, OSHA has made the case that employers need to maintain the 300 and 301 logs for the present year and for 5 prior years. According to the decision, for an injury reported on May 1, OSHA could cite an employer for failing to record it beginning on May 8. "A citation issued within the following 6 months, and only the following 6 months, would be valid," the court determined.