Health and welfare compliance requirements have increased considerably over the last several years and continue to grow in number due to new provisions from health care reform.
Even employers who have been diligent about complying with new issues as they have arisen are finding it overwhelming to track the accumulation of these requirements, says Jeff Morgan, executive vice president of USI’s San Francisco office.
“Even employers devoting significant resources to staying on top of this are having difficulty getting their arms around it,” he says.
Smart Business spoke with Morgan about how employers can keep plans compliant.
Why this onslaught of new compliance tasks?
It would be easy to blame health care reform for the additional reporting requirements, but this is nothing new. Over the last several years, new notice requirements for Medicare D, CHIPRA, and the Newborns and Mothers Health Protection Act, to name a few, have been accumulating. When you add the San Francisco Health Care Ordinance (SFHCO), HIPAA and the Patient Protection and Affordable Care Act (health care reform) to this equation, the result is a daunting project for even experienced human resources staffs.
How can employers begin to bring their plans into compliance?
We often find that employers have added new requirements to their routine on an ad hoc basis and that when a broader review is performed, some items have been overlooked, or the employer was not aware of a specific requirement. They should perform a full review based on a long list of criteria. This will catch the new requirements from health care reform, as well as older requirements from COBRA, HIPAA and ERISA.
In which particular areas are employers overlooking requirements of the law?
There are three areas to which employers should be paying particular attention: HIPAA privacy and security rules, discrimination rules under health care reform and the funding requirements of the San Francisco Health Care Ordinance.
For employers that self-fund their benefits or otherwise handle protected health information regarding plan participants, the requirements under HIPAA to build an infrastructure to protect that information can be formidable. Without guidance, many employers may neglect what is prescribed by regulation.
Health care reform places new requirements on insured plans to not discriminate in favor of highly compensated employees. This includes not only differences in benefits but also in employer contributions toward benefits. Executive perquisites in benefits need to become a thing of the past in order to comply. Self-funded plans always had nondiscrimination rules, and these are unchanged.
SFHCO requires employers to fund at specified levels for the benefit of any qualified employees. Many employers do not clearly understand these requirements or fund correctly for them.
What about older, more established regulatory requirements such as COBRA and ERISA?
Most employers would benefit from checking their plans to make sure that these basic requirements have been attended to properly.
In the case of ERISA, one of the most common problems is one of the oldest — the establishment of proper plan documents and summary plan descriptions. Any insured plans still rely on policies and certificates of coverage from their insurers to serve as the ERISA plan documents, when this is most often not sufficient to satisfy the regulations. Specific language and disclosures are required by law for all such documents, and the carrier documents often do not include such language. ‘Wrap documents’ may convert insurance contracts into ERISA documents, but many employers still have not taken proper measures to make sure this has been accomplished.
Often, employers will assume that an outside COBRA administrator will take care of everything. But, even if an employer has outsourced COBRA administration to a professional firm, the employer still has ultimate responsibility for execution of these tasks.
Further, even major national COBRA administration firms sometimes do nothing to cover the requirements of COBRA-like regulations sponsored by states. One example is Minnesota’s requirement for continuation of group life insurance benefits. Many COBRA administrators do not tend to this requirement, or requirements like it, leaving employers with the responsibility of sending required notifications, as well as collection of premiums and reporting to insurers. And employers are often unaware of such requirements.
Are there more obscure requirements that are frequently passed over?
Many employers with employee populations in San Francisco established HRAs to hold the required funding for the SFHCO. This is an approved method of funding the benefit; however, it may run afoul of health care reform, which requires specific annual limits for benefits in general. Freestanding HRAs are subject to these requirements and are not excluded like FSAs and HSAs.
Regulators have advised that such plans need a formal waiver from the annual limits requirements to remain in compliance with health care reform. Special application must be made to Health and Human Services in order to gain such a waiver.
What are the penalties for failing to meet these compliance requirements?
With governments seeking revenue wherever they can find it, we see enforcement efforts and potential fines as becoming more prevalent. In a worst-case scenario, noncompliance can bring the loss of a plan’s tax-favored status, both for employer contributions and for those of employees. Other penalties vary by rule, but, for example, the new health care reform discrimination rules carry a penalty of $100 per employee per day, which can become very expensive, very quickly.
Jeff Morgan is executive vice president of USI. Reach him at firstname.lastname@example.org.