OSHA Issues Final Rules for Handling ACA Retaliation Claims

The Department of Labor’s Occupational Safety and Health Administration has published a final rule establishing procedures, time frames and burdens of proof for handling whistleblower complaints under the Affordable Care Act (ACA).

The ACA amended Section 18C of the Fair Labor Standards Act to protect employees from retaliation for receiving federal financial assistance when they purchase health insurance through an Exchange. It also protects employees from retaliation for raising concerns regarding conduct that they believe violates the consumer protections and health insurance reforms found in Title I of the ACA.

This rule establishes procedures and time frames for hearings before Department of Labor administrative law judges in ACA retaliation cases; review of those decisions by the Department of Labor Administrative Review Board; and judicial review of final decisions. Significant provisions in the final rule, and implications for employers include:

  • As with other retaliation claims, the complainant need not prove that the initial complaint, which they allege triggered the retaliation, pertained to an actual violation of law. They only need to show that they had a good faith belief that they were complaining about a violation of law.
  • To establish a prima facie case of retaliation for receiving a subsidy or premium assistance through an Exchange, an employee merely needs to show that an adverse action took place shortly after the protected activity.
  • This will be a very easy burden to meet where the employer has knowledge that the employee was receiving a subsidy or premium assistance. For example:
    • an employee might ask the employer about the coverage available through his employment, for the purpose of applying for a subsidy through the Exchange.
    • in addition, under the ACA, when an exchange provides a premium subsidy it is supposed to notify the employer. This will provide the employer specific notice that the employee has requested or is receiving a subsidy.
    • the employer’s knowledge of the above could prove fatal to the employer’s defense of a retaliation claim, unless the employer scrupulously segregates such knowledge from those making employment decisions.
  • Once a claimant establishes a prima facie case, the burden shifts to the employer to establish by clear and convincing evidence that it would have taken the adverse action even if the protected activity had not occurred. This is a very high standard.

More…

The Final Rule

OSHA’s Affordable Care Act fact sheet provides more information regarding who is covered under the ACA’s whistleblower protections, protected activity, types of retaliation, and the process for filing a complaint.

PBGC Expands Missing Participant Program to Defined Contribution Plans

The Pension Benefit Guaranty Corporation (PBGC) has issued a Proposed Rule that would redesign its existing missing participants program for single employer Defined Benefit (DB) plans and to adopt three new missing participants programs that will cover most Defined Contribution (DC) plans, as well as multiemployer DB plans and professional service employer DB plans. All four programs would follow the same basic design. Among the most prominent changes to the existing program would be:

• Provision for fees to be charged for plans to participate in the missing participants program.

• A requirement to treat as ‘‘missing’’ non-responsive distributees with de minimis benefits subject to mandatory cash-out under the plan’s terms.

• More robust requirements for diligent searches, using sponsor and related plan records, free web-search methods, and (subject to waiver) commercial locator services (which would be clearly defined).

• Fewer benefit categories and fewer sets of actuarial assumptions for determining the amount to transfer to PBGC.

• Changes in the rules for paying benefits to missing participants and their beneficiaries.

An important part of all of the missing participants programs will be a new unified pension search database. This database would include information about missing participants and their benefits and a directory through which members of the public could easily query the database (using a choice of fields) to determine whether it contained information about benefits being held for them. PBGC anticipates that its new pension search database will provide a comprehensive, nationwide, authoritative, reliable, easy to use source of information about missing participants and the benefits being held for them.

‘‘Missing’’ would be defined more specifically than in the current regulation. As explained below, a distributee would be missing if—

(1) For a DB plan, the plan did not know where the distributee was (e.g., a notice from the plan was returned as undeliverable), unless the distributee’s benefit was subject to mandatory ‘‘cashout’’ under the terms of the plan, or

(2) For a DC plan, or a distributee whose benefit was subject to a mandatory cash-out under the terms of a DB plan, the distributee failed to elect a form or manner of distribution.

For DC plans, PBGC proposes to specify simply that a diligent search is one conducted in accordance with DOL guidance, the most recent of which was issued on August 14, 2014 by the Employee Benefits Security Administration (EBSA) in Field Assistance Bulletin No. 2014–01 regarding Fiduciary Duties And Missing Participants In Terminated Defined Contribution Plans (the FAB). The FAB provides guidance about required search steps and options for dealing with the benefits of missing participants in terminated DC plans.

PBGC is proposing to charge a one-time $35 fee per missing distributee, payable when benefit transfer amounts are paid to PBGC, without any obligation to pay PBGC continuing ‘‘maintenance’’ fees or a distribution fee. There would be no charge for amounts transferred to PBGC of $250 or less. There would be no charge for plans that only send information about missing participant benefits to PBGC.

More…

Overview of Proposed Expanded Missing Participants Program

Proposed Expanded Missing Participants Program FAQs

Read the Proposed Rule

IRS Updates EPCRS Retirement Plan Correction Procedures

The IRS released Revenue Procedure 2016-51 on September 29, 2016, updating its prior Employee Plans Compliance Resolutions System (EPCRS) correction guidance. Significant changes made to the EPCRS system include:

  • Plan sponsors applying under EPCRS to correct a plan document failure will not longer be permitted to include an application for a favorable determination letter with their EPCRS application. This change is to coordinate EPCRS with the recently announced changes to the IRS determination letter program.
  • Similarly, individually designed plans using the Self-Correction Program (SCP) to correct significant failures will no longer need to have a current favorable determination letter (since the IRS will no longer issue periodically updated determination letters). Individually designed plans will simply need a favorable determination letter.
  • Fees associated with the Voluntary Correction Program (VCP) will now be considered user fees and therefore will no longer be set forth in the EPCRS revenue procedure. For VCP submissions made:
    • in 2016, refer to Rev. Proc. 2016-8 and Rev. Proc. 2013-12 to determine the applicable user fee.
    • after 2016, refer to the annual Employee Plans user fees revenue procedure to determine VCP user fees for that year.
  • The IRS is changing its approach to determining Audit CAP sanctions. A reasonable sanction will no longer be a negotiated percentage of the maximum payment amount (MPA). Instead, it will be based on all of the facts and circumstances, but will generally not be less than the user fee for a VCP application. The MPA is one of the factors they will consider. Others include:
    • the type of failure;
    • the number and type of employees affected;
    • the steps the plan sponsor took to prevent the error and identify it; and
    • the extent to which the error has been corrected before discovery.
  • The IRS will no longer refund half the paid user fee if there is disagreement over correction in Anonymous Submissions.

    The new revenue procedure is effective January 1, 2017. Unlike with prior EPCRS updates, plan sponsors may not elect to voluntarily apply the updated provisions before January 1, 2017.

A Retirement Plan Established by a Church-Affiliated Organization is not an ERISA-Exempt Church Plan (at least in the 9th, 3rd and 7th Circuits)

The 9th Circuit Court of Appeals recently held that, to qualify for the church plan exception to the requirements of the Employee Retirement Income Security Act (ERISA), a church plan (i) must be established by a church or by a convention or association of churches and (ii) must be maintained either by a church or by a church-controlled or church-affiliated organization whose principal purpose or function is to provide benefits to church employees.

The specific holding in in Rollins v. Dignity Health, 2016 WL 3997259 (9th Cir. 2016) was that Dignity Health’s pension plan was subject to the requirements of ERISA and did not qualify for ERISA’s church-plan exemption because it was not originally established by a church, even if it was maintained by a “principal purpose” organization. The 3rd and 7th circuits have reached the same conclusion when confronted with this question. See Kaplan v. Saint Peter’s Healthcare Sys., 810 F.3d 175, 180–81 (3d Cir. 2015); Stapleton v. Advocate Health Care Network, 817 F.3d 517, 523–27 (7th Cir. 2016).

Background

  • 29 U.S.C. § 1003(b)(2) provides that a church plan is exempt from ERISA.
  • 29 U.S.C. § 1002(33)(A) provides that in order to qualify for the church-plan exemption, a plan must be both established and maintained by a church.
  • 29 U.S.C. § 1002(33)(C)(i) provides that a plan established and maintained by a church “includes” a plan maintained by a principal-purpose organization.

The 9th Circuit reasoned that “there are two possible readings of subparagraph (C)(i). First, the subparagraph can be read to mean that a plan need only be maintained by a principal-purpose organization to qualify for the church-plan exemption. Under this reading, a plan maintained by a principal-purpose organization qualifies for the church-plan exemption even if it was established by an organization other than a church. Second, the subparagraph can be read to mean merely that maintenance by a principal purpose organization is the equivalent, for purposes of the exemption, of maintenance by a church. Under this reading, the exemption continues to require that the plan be established by a church.”

The 9th Circuit then held that “the more natural reading of subparagraph (C)(i) is that the phrase preceded by the word “includes” serves only to broaden the definition of organizations that may maintain a church plan. The phrase does not eliminate the requirement that a church plan must be established by a church.”

More

Rollins v. Dignity Health, 2016 WL 3997259 (9th Cir. 2016)

Kaplan v. Saint Peter’s Healthcare Sys., 810 F.3d 175, 180–81 (3d Cir. 2015)

Stapleton v. Advocate Health Care Network, 817 F.3d 517, 523–27 (7th Cir. 2016)

IRS Releases 2016-2017 Priority Guidance Plan

The IRS has published its 2016–2017 Priority Guidance Plan containing 281 projects that are priorities for allocation of its resources during the twelve-month period from July 2016 to June 2017.

Significant employee benefits issues prioritized for guidance in the next year include:

  • Additional guidance on the determination letter program, including changes to the pre-approved plan program.
  • Updates to the Employee Plans Compliance Resolution System (EPCRS) to reflect changes in the determination letter program and to provide additional guidance with regard to corrections.
  • Final regulations on income inclusion under §409A.
  • Guidance to update prior §409A guidance on self-correction procedures.
  • Final regulations under §457(f) on ineligible plans.
  • Guidance on issues under §4980H (the Employer Mandate).
  • Regulations under §4980I regarding the excise tax on high cost employer-provided coverage (the Cadillac Tax)
  • Regulations updating the rules applicable to ESOPs.
  • Regulations under §401(a)(9) on the use of lump sum payments to replace lifetime income being received by retirees under defined benefit pension plans.
  • Guidance regarding substantiation of hardship distributions.
  • Guidance on the §403(b) remedial amendment period.

Notably absent is any mention of guidance on the nondiscrimination rules applicable to fully-insured medical plans, which were included in the Affordable Care Act. The Treasury Department and the IRS, as well as the Departments of Labor and Health and Human Services (collectively, the Departments), previously determined in Notice 2011-1 that compliance with the nondiscrimination provisions will not be required (and thus, any
sanctions for failure to comply do not apply) until after regulations or other administrative guidance of general applicability has been issued. Therefore, for the foreseeable future fully insured plans can continue to discriminate in favor of highly compensated individuals in ways the self-insured plans cannot under Code Section 105(h).

IRS 2016–2017 Priority Guidance Plan

Attorney Erwin Kratz Named to the Best Lawyers in America© 2017

ERISA Benefits Law attorney Erwin Kratz was recently selected by his peers for inclusion in The Best Lawyers in America© 2017 in the practice area of Employee Benefits (ERISA) Law. Mr. Kratz has been continuously listed on The Best Lawyers in America list since 2010.

Since it was first published in 1983, Best Lawyers® has become universally regarded as the definitive guide to legal excellence. Best Lawyers lists are compiled based on an exhaustive peer-review evaluation. Lawyers are not required or allowed to pay a fee to be listed; therefore inclusion in Best Lawyers is considered a singular honor. Corporate Counsel magazine has called Best Lawyers “the most respected referral list of attorneys in practice.”

HHS Announces Two More Significant HIPAA Privacy and Security Settlements

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) has announced two more significant settlements in cases of alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) involving electronic protected health information (ePHI). These settlements highlight the need for HIPAA covered entities and their business associates to:

  • Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of their ePHI;
  • Implement policies and procedures and facility access controls to limit physical access to their electronic information systems;
  • Implement physical safeguards for all workstations that access ePHI to restrict access to authorized users;
  • Assign a unique user name and/or number for identifying and tracking user identity in information systems containing ePHI;
  • Reasonably safeguard laptops with unencrypted ePHI (or better yet, secure all ePHI);
  • Implement policies and procedures to prevent, detect, contain, and correct security violations; and
  • Obtain satisfactory assurances in the form of a written business associate contract from their business associates that they will appropriately safeguard all ePHI in their possession.

In addition, if it has been more than a few years since you conducted a security and privacy assessment and adopted privacy and security policies and procedures under HIPAA, you should be working on updating that assessment and the resulting policies and procedures. As in many areas, making a good faith effort at compliance is half the job.

Details

In the first case, Advocate Health Care Network (Advocate) agreed to a settlement with OCR for multiple potential HIPAA violations involving ePHI pursuant to which Advocate agreed to pay a $5.55 million settlement and adopt a corrective action plan. This significant settlement, the largest to-date against a single entity, is a result of the extent and duration of the alleged noncompliance (dating back to the inception of the Security Rule in some instances), the involvement of the State Attorney General in a corresponding investigation, and the large number of individuals whose information was affected by Advocate, one of the largest health systems in the country. OCR began its investigation in 2013, when Advocate submitted three breach notification reports pertaining to separate and distinct incidents involving its subsidiary, Advocate Medical Group (“AMG”). The combined breaches affected the ePHI of approximately 4 million individuals. The ePHI included demographic information, clinical information, health insurance information, patient names, addresses, credit card numbers and their expiration dates, and dates of birth. OCR’s investigations into these incidents revealed that Advocate failed to:

  • Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of its ePHI;
  • Implement policies and procedures and facility access controls to limit physical access to the electronic information systems housed within a large data support center;
  • Obtain satisfactory assurances in the form of a written business associate contract that its business associate would appropriately safeguard all ePHI in its possession; and
  • Reasonably safeguard an unencrypted laptop when left in an unlocked vehicle overnight.

Read the Advocate Health Care Network resolution agreement and corrective action plan.

In the second case, the University of Mississippi Medical Center (UMMC) agreed to settle multiple alleged violations of HIPAA. OCR’s investigation of UMMC was triggered by a breach of unsecured ePHI affecting approximately 10,000 individuals. During the investigation, OCR determined that UMMC was aware of risks and vulnerabilities to its systems as far back as April 2005, yet no significant risk management activity occurred until after the breach, due largely to organizational deficiencies and insufficient institutional oversight. UMMC will pay a resolution amount of $2,750,000 and adopt a corrective action plan to help assure future compliance with HIPAA Privacy, Security, and Breach Notification Rules. On March 21, 2013, OCR was notified of a breach after UMMC’s privacy officer discovered that a password-protected laptop was missing from UMMC’s Medical Intensive Care Unit (MICU). UMMC’s investigation concluded that it had likely been stolen by a visitor to the MICU who had inquired about borrowing one of the laptops. OCR’s investigation revealed that ePHI stored on a UMMC network drive was vulnerable to unauthorized access via UMMC’s wireless network because users could access an active directory containing 67,000 files after entering a generic username and password. The directory included 328 files containing the ePHI of an estimated 10,000 patients dating back to 2008. Further, OCR’s investigation revealed that UMMC failed to:

  • implement its policies and procedures to prevent, detect, contain, and correct security violations;
  • implement physical safeguards for all workstations that access ePHI to restrict access to authorized users;
  • assign a unique user name and/or number for identifying and tracking user identity in information systems containing ePHI; and
  • notify each individual whose unsecured ePHI was reasonably believed to have been accessed, acquired, used, or disclosed as a result of the breach.

University of Mississippi is the state’s sole public academic health science center with education and research functions. In addition it provides patient care in four specialized hospitals on the Jackson campus and at clinics throughout Jackson and the state. Its designated health care component, UMMC, includes University Hospital, the site of the breach in this case, located on the main UMMC campus in Jackson.

Read the University of Mississippi resolution agreement and corrective action plan.

Significant Changes Proposed for Form 5500

On July 21, 2016 the Department of Labor (DOL), the Internal Revenue Service (IRS) and the Pension Benefit Guaranty Corporation (PBGC) published proposed rules that would make significant revisions to the Form 5500 Annual Return/Report as of the 2019 filing year.

DOL explains in a Fact Sheet that the proposed form revisions and the DOL’s related implementing regulations are intended to address changes in applicable law and in the employee benefit plan and financial markets, and to accommodate shifts in the data the DOL, IRS and PBGC need for their enforcement priorities, policy analysis, rulemaking, compliance assistance, and educational activities.

The major proposed changes are summarized below:

  • Retirement Plan Changes– The new Form 5500 will request more information about participant accounts, contributions, and distributions. It will also ask about plan design features, including whether the plan uses a safe harbor or SIMPLE design and whether it includes a Roth feature. The form will also ask about investment education and investment advice features, default investments, rollovers used for business start-ups (ROBS), leased employees, and pre-approved plan designs. Schedule R will include new questions about participation rates, matching contributions, and nondiscrimination.
  • Group Health Plan Changes– The most significant change for health plans is that all ERISA group health plans, including small plans that are currently exempt from filing, will be required to file a Form 5500. The new filing requirement includes a new Schedule J (Group Health Plan Information), which will list the types of health benefits provided, the plan’s funding method (self insured or fully insured), information about participant and employer contributions, information about COBRA coverage, whether the plan is grandfathered under health care reform, and whether it includes a high deductible health plan, HRA, or health FSA. In addition, most filings (except those for small fully insured plans) would have to provide financial and claims information, disclose stop-loss carriers, third party administrators and other plan service providers, and provide details regarding compliance with HIPAA, GINA, health care reform and other compliance issues.
  • Other Changes– The proposed changes affect many of the existing Form 5500 schedules, including:
    • Schedule C would be revised to coordinate with the service provider fee disclosure rules.
    • Schedule C would be required from some small plans currently exempt from filing it.
    • Schedule H would be expanded to include questions on fee disclosures, annual fair market valuations, designated investment alternatives, investment managers, plan terminations, asset transfers, administrative expenses and uncashed participant checks.
    • Schedule I would be eliminated.
    • Small plans that currently file Schedule I would generally need to file Schedule H.

Effective Date– The new Form 5500 is expected to be required as of the 2019 plan year filings.

Proposed Rule Making Form 5500 Changes

IRS Announces More Changes to its Determination Letter Program

On June 29, 2016, the IRS updated its determination letter program for individually designed tax qualified retirement plans, making a number of significant changes, mostly having to do with (1) when individually designed plans must be amended to comply with changes in the law and other guidance, and (2) when those plans may request a favorable determination letter.

The bottom line for sponsors of individually designed plans is that they will need to amend their plans as frequently as annually to incorporate changes in the law, starting with required changes the IRS identifies in 2016, which will need to be made before December 31, 2018.

Background

Rev. Proc. 2007-44 provided a 5-year remedial amendment cycle (RAC) system for individually designed plans to request a determination letter generally every 5 years. Under that system, plans had to adopt interim amendments by the end of the year in which the amendments became effective. Plans would then have to make final conforming amendments at the end of their 5-year RAC cycle.

In Announcement 2015-19 the IRS stated that the RAC system would end, and a replacement system for the IRC Section 401(b) period would be created. Revenue Procedure 2016-37 ends the RAC system and replaces it with a new approach to the remedial amendment period.

When must individually designed plans be amended?

Interim amendments will no longer be required for individually designed plans. Instead, an individually designed plan’s Code Section 401(b) remedial amendment period for required amendments will be tied to a Required Amendment List (RA List) issued by the IRS, unless legislation or other guidance states otherwise. The RA List is the annual list of all the amendments for which an individually designed plan must be amended to retain its qualified plan status.

IRS will publish the RA List after October 1 of each year. Generally, plan sponsors must adopt any item placed on RA List by the end of the second calendar year following the year the RA List is published. For example, plan amendments for items on the 2016 RA List generally must be adopted by December 31, 2018.

Discretionary amendments will still be required by the end of the plan year in which the plan amendment is operationally put into effect.

What About Operational Compliance?

Revenue Procedure 2016-37 doesn’t change a plan’s operational compliance standards. Employers need to operate their plans in compliance with any change in qualification requirements from the effective date of the change, regardless of the plan’s 401(b) period for adopting amendments. To assist employers, IRS intends to provide annually an Operational Compliance List to identify changes in qualification requirements that are effective during a calendar year.

When may a plan apply for a Determination Letter?
Under Revenue Procedure 2016-37, a plan sponsor can request a determination letter only if any of these apply:

  • The plan has never received a letter before
  • The plan is terminating
  • The IRS makes a special exception

Other Implications

The new determination letter program makes the consequences of failing to timely amend a Plan potentially more dangerous, because the failure could continue for many years before being identified. Therefore, sponsors of individually designed plans that still have the option of converting to a volume submitter or prototype document should revisit that question now.

In addition, if your plan remains individually designed, you ought to incorporate into your annual compliance schedule a check of the RA List in the fall of each year.

Finally, all tax qualified retirement plan sponsors (whether their plan is individually designed or volume submitter or prototype) should incorporate into their annual compliance schedule a check of the IRS Operational Compliance List, to ensure they are operating their plan in compliance with law changes.

DOL Adjusts ERISA Penalties

The Department of Labor, Employee Benefits Security Administration has issued interim final rules increasing certain DOL compliance penalties effective as of August 1, 2016. The highlights are:

  • The maximum penalty for failure or refusal to file the Form 5500 annual report is increasing from $1,100 per day to $2,063 per day
  • Failure to furnish information to the DOL under ERISA Section 104(a)(6 will now carry penalties equal to $147 per day (up from $110 per day)
  • The maximum penalty for failing to provide a summary of benefits and coverage for a group health plan is increasing from $1,000 to $1,087 per failure
  • Numerous miscellaneous penalties are increasing from $100 per day to $110 per day, including
    • Certain violations of the Genetic Information Nondiscrimination Act (GINA), such as establishing eligibility rules based on genetic information or requesting genetic information for underwriting purposes, and
    • An employer’s failure to inform employees of CHIP coverage opportunities
  • The penalty for failure to provide benefit statements to certain former participants and beneficiaries in a retirement plan are increasing from $11 per employee to $28 per employee
  • The penalties for failure to furnish a blackout notice (when participants are precluded from changing investment instructions, taking a loan or a distribution) are increasing from $100 per day to $131 per day

Why are the Penalties Being Increased Now? In 2015, Congress passed the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (2015 Inflation Adjustment Act) as part of the Bipartisan Budget Act of 2015. The new law directs agencies to adjust their civil monetary penalties for inflation.

Will the Penalties be Adjusted again in the Future? The law requires federal agencies to adjust their civil monetary penalties for inflation by July 1, 2016. After this initial “catch-up” adjustment, the agencies must adjust their civil monetary penalties annually for inflation.

When are the New Penalty Amounts Effective? The new civil penalty amounts are applicable only to civil penalties assessed after August 1, 2016, whose associated violations occurred after November 2, 2015, the date of enactment of the 2015 Inflation Adjustment Act.

More…

The interim final rule

EBSA Fact Sheet, including full chart showing all the new penalty amounts