Benefits Bryan Cave

Benefits BCLP

Other Posts

Main Content

ERISA Fiduciary Obligations Expanded to Include Mitigation of Cybersecurity Risks

The clouds have been forming on the horizon for years now:  from the courts we have seen emerging lines of ERISA litigation asserting fiduciary obligations to protect the privacy rights of participants, and from the regulatory agencies we have heard an acknowledgment of the need for guidance regarding fiduciary responsibility with respect to cybersecurity risks.  A call to action for plan fiduciaries came last week from the Department of Labor (“DOL”) in the form of new Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record-Keepers, Plan Participants.  See News Release at https://www.dol.gov/newsroom/releases/ebsa/ebsa20210414.

The DOL guidance provides:

  1. Tips for Hiring a Service Provider With  Strong Cybersecurity Practices
  2. Cybersecurity Program Best Practices for plan fiduciaries, record-keepers and other service providers
  3. Online Security Tips for participants to help them reduce the risk of fraud and loss to their retirement accounts and report identify theft and cybersecurity incidents

Cybersecurity Governance Programs

Plan fiduciaries who have not yet developed a cybersecurity governance program should do so now, and existing programs should be re-evaluated and updated in light of this guidance.  Such cybersecurity governance programs should address all three aspects of the guidance (i.e., development of best practices which include guidelines for hiring service providers and participant education).  See Cybersecurity Program Best Practices at https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/best-practices.pdf.

More specifically, the core elements of a strong cybersecurity governance program should include the following:

  • Develop, document and regularly monitor and update a formal cybersecurity program
  • Conduct annual risk assessments
  • Have a

Show Your Work: FAQs on Non-Quantitative Treatment Limitation Comparative Analyses

Among the requirements under the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 (the “MHPAEA”) group health plans and health insurance issuers must apply any processes, strategies, evidentiary standards or other factors underlying non-quantitative treatment limitations (“NQTLs”) to mental health or substance use disorder (“MH/SUD”) benefits comparably and no more stringently than to medical/surgical benefits.

The Consolidated Appropriations Act, 2021 (“CAA”) included provisions designed to enhance transparency with respect to compliance with the MHPAEA, including a requirement that group health plans and health insurance issuers perform and document comprehensive NQTL comparability analyses. We previously summarized the CAA’s requirements in our Q1 2021 Newsletter, available by clicking here.

On April 2, 2021, the Department of Labor (“DOL”) issued answers to frequently asked questions (“FAQs”) prepared jointly with Treasury and the Department of Health and Human Services (collectively, the “Departments”) concerning the CAA’s requirements. The key takeaways from the FAQs include:

  • No Delay in Compliance. The Departments are not providing a delay in the compliance requirements under the CAA and stated that group health plans and health insurance issuers should now be prepared to make their NQTL comparative analyses available upon request by the Departments or a state authority.
  • Comparative Analyses Must Include Detailed Supporting Evidence and Discussion. The Departments will not consider a NQTL comparative analysis which includes only general, conclusory statements regarding compliance to meet the requirements of the MHPAEA and CAA. Instead, detailed written

U.S. COVID-19: Ring in the New Year with COVID-19 Relief for Health and Dependent Care Flexible Spending Accounts

Thanks to the Consolidated Appropriations Act, 2021 (the “Act”), employers with health flexible spending accounts (“HFSAs”) and dependent care flexible spending accounts (“DFSAs”) may adopt temporary liberalized rules to help reduce employees’ forfeitures during the pandemic.  The Act expands upon some of the prior relief provided under IRS Notice 2020-29 and temporarily relaxes certain standard HFSA and DFSA rules for the 2021 and 2022 Plan Years.

Employers will want to work through the new relief, determine what provisions to adopt, and communicate any changes in short order.

  • Increased Carry-Over Amounts
    • A cafeteria plan may allow for the carry-over of up to 100% of the unused HFSA and DFSA balances at the end of the 2020 and/or 2021 Plan Year(s) to the next Plan Year. Under the standard cafeteria plan rules, carry-overs are limited only to HFSAs.
    • Carried over amounts do not reduce the maximum annual HFSA or DFSA benefit amount a participant may elect for a Plan Year.
  • Extended Grace Period for Incurring Claims
    • Generally, a plan may allow a grace period of up to 2 ½ months following the end of a Plan Year during which participants can incur additional expenses to be paid or reimbursed from HFSA and DFSA amounts remaining at the end of the immediately preceding plan year. IRS Notice 2020-29 allowed employers to extend any HFSA and DFSA grace period ending in 2020 to December 31, 2020.
    • The Act permits employers to adopt a

BCLP Benefits Q3 Review: IRS, DOL, & PBGC Guidance

In this edition of our newsletter, we have summarized key third quarter guidance from the Internal Revenue Service, Department of Labor, and Pension Benefit Guaranty Corporation. As we look back on the third quarter of 2020, there has been a noticeable shift at the federal level from a focus on guidance related to the COVID-19 pandemic and the Congressional response in the first half of the year to a return to executing the regulatory agendas of the federal agencies and the priorities of President Trump’s administration. Despite this shift, federal agencies have continued to issue new, amended, or extended COVID-19 guidance as the circumstances of the COVID-19 pandemic continue to evolve. We have, therefore, included both COVID-19 and non-COVID-19 guidance in this newsletter and group the summaries by these categories.

Read the full newsletter by clicking here.

If you have any questions about a topic included in this newsletter, please contact a member of our Employee Benefits & Executive Compensation Group.

Additional COVID-19 Extensions = Greater Administrative Headaches for Plan Sponsors

As any employer is keenly aware, the administration of an employee benefit plan (especially a group health plan) involves a number of different deadlines imposed under the Employee Retirement Income Security Act (ERISA) and the Internal Revenue Code (Code).  Amidst concerns that the current COVID-19 pandemic may cause individuals to lose benefits due to the failure to meet certain pre-established deadlines and in recognition of the challenges group health plans may face in complying with certain notice obligations, the Department of Labor and Internal Revenue Service (collectively, the “Agencies”) jointly published notice in the Federal Register of a significant extension in application of the following statutorily prescribed deadlines:

Special Enrollment Periods

  • 30-day deadline to request enrollment in the event of a loss of eligibility for other health coverage or the acquisition of a new dependent due to marriage, birth, adoption or placement for adoption
  • 60-day deadline to request enrollment in the event of either a loss of eligibility for coverage under Medicaid or a state children’s health insurance coverage (CHIP) or gaining eligibility for premium assistance through Medicaid or CHIP.

COBRA Continuation Coverage

  • 30-day period for employer to notify plan administrator of certain COBRA qualifying events
  • 14-day period for plan administrator to issue COBRA Election Notice to qualified beneficiary
  • 60-day period for qualified beneficiary to elect COBRA continuation coverage
  • 45-day period for qualified beneficiary to submit initial COBRA premium payment
  • 30-day period for qualified beneficiary to submit subsequent COBRA premium payments
  • Qualified beneficiary’s

HIPAA Continues to Apply During Coronavirus Pandemic

As the Coronavirus Disease 2019 (COVID-19) pandemic grows, employers and others may be wondering how the public health emergency created by the outbreak affects information protected under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

The short answer: All HIPAA protections continue to apply. Accordingly, employer-sponsored health plans, which are “covered entities” subject to HIPAA, must continue to adhere to HIPAA’s privacy and security rules and may not use or disclosure protected health information (PHI) in a manner not already provided for under HIPAA in the absence of an applicable exception issued by the U.S. Department of Health and Human Services. As a reminder, PHI that an employee obtains when carrying out an administrative function for the plan generally cannot be shared with the employer.  For example, if in the process of performing auditing activities for the employer-sponsored health plan, an employee learns that the plan has provided coverage for the COVID-19 treatment for an employee’s child, that information is PHI and the employee is prohibited from sharing that information with the employer.

The U.S. Department of Health and Human Services Office for Civil Rights recently issued a Bulletin to remind covered entities of their continuing compliance requirements and the circumstances under which PHI may be disclosed without an individual’s authorization, including:

  • Treatment, when necessary to treat the patient or a different patient by one or more health care providers.
  • Public health activities, including disclosure to a public health authority such as the

IRS Relief for HDHPs Covering COVID-19 Testing and Treatment Costs

Yesterday, the Internal Revenue Service (IRS) issued Notice 2020-15 announcing that a high deductible health plan’s payment of COVID-19 (coronavirus) testing and treatment prior to satisfaction of the plan’s minimum deductible will not affect its status as a high deductible health plan.

Pursuant to Section 223(c)(2) of the Internal Revenue Code, high deductible health plans generally must require covered individuals to satisfy minimum deductibles before the plan can pay for any medical care services and items (subject to certain limited exceptions such as preventive care) in order for the covered individuals to remain “eligible individuals” for health savings account (HSA) purposes.   Under the relief provided in Notice 2020-15, this minimum deductible requirement will not apply to:

  • Medical care services and items related to testing for and treatment of COVID-19. These services and items may, therefore, be provided without a deductible or with a deductible that is less than the otherwise applicable minimum deductible.  For 2020, the minimum deductibles are $1,400 for self-only coverage and $2,800 for family coverage.
  • Any COVID-19 vaccine developed in the coming months. The IRS included a reminder that vaccines will continue to be treated as preventive care to which the minimum deductible requirement does not apply.

This is welcome news for employers sponsoring high deductible health plans who have been exploring ways in which to help alleviate the financial obstacles that may prevent employees from getting tested or seeking treatment for COVID-19 as well as for individuals with fully-insured

J, K, L, M and N: What’s In a Letter?

Over the last few months, the Internal Revenue Service (IRS) has been replying to responses to their Letter 226-J, which notifies employers of a proposed Employer Shared Responsibility Payment (ESRP). The IRS has recently updated its website to include additional information on its Letter 227 series. The various letters either close the ESRP case or provide the employer with next steps.

If you responded to a Letter 226-J, the reply from the IRS will come in the form of one of the following four 227 letters:

  • Letter 227-J. If you submitted a completed Form 14764, ESRP Response agreeing to the ESRP amount proposed in your Letter 226-J, the IRS will acknowledge its receipt using Letter 227-J and provide instructions for making the ESRP. If full payment is not received within 10 days, the IRS will issue a Notice and Demand for the outstanding balance.
  • Letter 227-K. You want this letter. Letter 227-K acknowledges acceptance of the information you provided disputing the proposed ESRP amount and renders a determination that no ESRP is due. The case is closed and no further action is required.
  • Letter 227-L. The IRS acknowledges receipt of your response to Letter 226-J and notifies you of the revised ESRP amount using Letter 227-L. An updated ESRP Summary Table and Form 14765 (PTC Listing) will be included. If you agree with the revised ESRP amount, you must submit a completed Form 14764, ESRP Response with the required payment. If you disagree with the revised ESRP

IRS Reduces 2018 Annual HSA Contribution Limit for Family Coverage

March 6, 2018

Categories

In May 2017, the IRS issued Rev. Proc. 2017-37 announcing the inflation-adjusted health savings account contribution limits for 2018 as $3,450 for self-only coverage and $6,900 for family coverage.   However, this week the IRS issued Rev. Proc. 2018-18, which supersedes Rev. Proc. 2017-37 and reflects a decrease in the 2018 annual contribution limit for family coverage to $6,850.  Employers that provide a high deductible health plan option to their employees with a health savings account feature should ensure that their communications and systems are updated accordingly.

 

Play Time is Over: IRS Reveals Process for Assessing ACA Penalties

The Affordable Care Act (ACA) introduced a “pay or play” scheme, effective January 1, 2015, in which Applicable Large Employers (ALEs) must offer affordable qualifying healthcare to their full-time employees (and their dependent children) or pay a penalty. Despite President Trump’s first Executive Order (discussed here) directing a rollback of the Affordable Care Act (ACA) and instructing the Secretary of Health and Human Services to minimize the “unwarranted economic and regulatory burden of the act,” the Internal Revenue Service (IRS) quietly updated its Questions and Answers on Employer Shared Responsibility Provisions Under the ACA to include the first official guidance detailing the process for enforcement of the penalty. Notably, this update coincided with an IRS announcement that penalties for the 2015 calendar year will be assessed late this year.

The ALE penalty process starts with Letter 226J, which the IRS will send to ALEs it believes owe a penalty based on information reported on Forms 1095-C and 1094-C. The letter will explain the penalty calculations and describe steps to follow depending on whether the ALE agrees or disagrees with the proposed penalty amount.

If you receive Letter 226J and disagree with the proposed penalty, you may:

  • Complete, sign and date Form 14764 ESRP Response (to be included with Letter 226J);
  • Include a statement explaining the basis for your disagreement
The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.