How Employers Should Respond to Increased DOL Audits
Original post benefitnews.com
The Department of Labor says it will be stepping up enforcement efforts and employer audits, which should prompt brokers, who formerly worried little about such regulatory efforts, to prepare to serve as a trusted adviser to clients concerned about such efforts, says Julie Hulsey, president and CEO of Amarillo, Texas-based Zynia Business Solutions.
Speaking at an industry conference in Hollywood, Fla. last week, Hulsey said employers are feeling pressured by the weight of increased DOL and health care reform regulations and brokers need to stay up to date on regulations, including those related to the Affordable Care Act and ERISA.
The ACA reporting requirements have brought increased scrutiny of employer-sponsored health care plans and the government is largely expected to respond to anomalies or red flags with an employer audit. But industry experts agree the government won’t limit its inquiries to ACA-related information only, and employers should be prepared for full-blown audits of health care plans.
Quoting from a DOL presentation in Austin, Texas, Hulsey says the Department said, “leniency is over; the EBSA has staffed up and is focusing its resources on health and welfare plan ERISA compliance.”
Additionally, in her small Texas town alone, she says she’s heard that the DOL has added 10-12 auditors, who are conducting random audits of employers, mostly on the smaller employee size.
Increased compliance needs can be a strain for small employers, some of which may not even have a designated Human Resources department or manager.
When a DOL audit is announced, an employer’s first phone call will be their broker or an attorney.
Among the topics that brokers should be aware,
- Variable Employee Testing: Based on employee classifications, an employer can group employees into different groups, such as part-time and seasonal.
- HR 3236-The Transportation and Veteran Health care Choice Improvement Act of 2016: This Act regulates that employees covered by Tricare can be excluded from counting employee numbers.
- Cadillac Tax: Although delayed until 2020, it is important to start planning now.
- Waivers: If employers offer a minimum-essential coverage plan that meets affordable and minimum value test and an employee declines coverage, it is important the employer have a signed waiver. “That waiver is gold,” Hulsey said.
- Individual Mandate: The period will run from Nov. 1, 2016 to Jan. 31, 2016.
- Special Enrollment Period: Presenting a sales opportunity to brokers, these enrollment periods take affect when an employee experiences any change that affects income or household size, such as becoming pregnant. Other special enrollments include marriage/divorce, changing place of residence and having a change in disability.
The DOL has the authority to audit for compliance with several laws, including the ACA, HIPAA and the Mental Health Parity and Addiction Equity Act. They also have the authority to audit for minimum loss ratio rebates and PECORI fees.
How to Prepare for a HIPAA Audit
Original post benefitnews.com
The Department of Health and Human Services’ Office of Civil Rights has announced it will be launching phase two of the Health Insurance Portability and Accountability Act audit program. Advisers can help clients prepare by updating policies and procedures, among other steps.
HIPAA provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs, reduces healthcare fraud and abuse, mandates industry-wide standards for healthcare information on electronic billing and other processes; and requires the protection and confidential handling of protected health information.
HIPAA established national standards for the privacy and security of protected health information and the Health Information Technology for Economic and Clinical Health Act (HITECH). This established breach notification requirements to provide greater transparency for individuals whose information may be at risk.
HITECH requires OCR to conduct periodic audits of covered entity and business associate compliance with the HIPAA privacy, security and breach notification rules. OCR began its initial audit in 2011 and 2012 to assess the controls and processes implemented by 115 covered entities to comply with HIPAA.
Phase two of the audit will focus on any covered entity and business associate. OCR will identify pools of covered entities and business associates representing a wide range of healthcare providers, health plans and healthcare clearing houses.
Roy Bossen, partner at Hinshaw & Culbertson LLP, says the law firm he works for is considered a business associate because the firm deals with cases under medical malpractice.
“When we defend a hospital or a doctor, we have access to Protected Health Information (PHI),” Bossen says. “There is requirement in HIPAA for what a business associate must do to protect [PHI] as well.”
Bossen says there is not a specific penalty for not passing the audit; however an entity or business associate could face possible fines for failure of the audit.
“The next phase of the audit will be called a compliance review,” he says. “[Entities and business associates] will require a more in-depth review of what their policies and procedures are, and that could theoretically lead to fines and penalties.”
Bossen stresses that it is important for employers to determine whether they are a covered entity or business associate or if the audit even applies to an employer’s business. An employer that operates their own plan would be considered a covered entity.
Advisers and brokers can assist their clients by making sure employer’s policies and procedures are up to date while also making sure the employer’s practices match-up with the up to date policies and procedures.
“It is not uncommon in any field to have a great policy manual that’s in a nice binder on a shelf or an email document that gets sent out, but nobody practices the organization of what their policies and procedures stipulate,” Bossen says.
The HIPAA phase two audit program will begin the next couple months and should a covered entity or business associate be contacted for a desk audit or onsite audit.
Both audits can take up to 10 days to be reviewed and the auditor will have entity’s final report within 30 business days.