All posts in HIPAA

Cafeteria plans, or plans governed by IRS Code Section 125, allow employers to help employees pay for expenses such as health insurance with pre-tax dollars. Employees are given a choice between a taxable benefit (cash) and two or more specified pre-tax qualified benefits, for example, health insurance. Employees are given the opportunity to select the benefits they want, just like an individual standing in the cafeteria line at lunch.

Only certain benefits can be offered through a cafeteria plan:

  • Coverage under an accident or health plan (which can include traditional health insurance, health maintenance organizations (HMOs), self-insured medical reimbursement plans, dental, vision, and more);
  • Dependent care assistance benefits or DCAPs
  • Group term life insurance
  • Paid time off, which allows employees the opportunity to buy or sell paid time off days
  • 401(k) contributions
  • Adoption assistance benefits
  • Health savings accounts or HSAs under IRS Code Section 223

Some employers want to offer other benefits through a cafeteria plan, but this is prohibited. Benefits that you cannot offer through a cafeteria plan include scholarships, group term life insurance for non-employees, transportation and other fringe benefits, long-term care, and health reimbursement arrangements (unless very specific rules are met by providing one in conjunction with a high deductible health plan). Benefits that defer compensation are also prohibited under cafeteria plan rules.

Cafeteria plans as a whole are not subject to ERISA, but all or some of the underlying benefits or components under the plan can be. The Patient Protection and Affordable Care Act (ACA) has also affected aspects of cafeteria plan administration.

Employees are allowed to choose the benefits they want by making elections. Only the employee can make elections, but they can make choices that cover other individuals such as spouses or dependents. Employees must be considered eligible by the plan to make elections. Elections, with an exception for new hires, must be prospective. Cafeteria plan selections are considered irrevocable and cannot be changed during the plan year, unless a permitted change in status occurs. There is an exception for mandatory two-year elections relating to dental or vision plans that meet certain requirements.

Plans may allow participants to change elections based on the following changes in status:

  • Change in marital status
  • Change in the number of dependents
  • Change in employment status
  • A dependent satisfying or ceasing to satisfy dependent eligibility requirements
  • Change in residence
  • Commencement or termination of adoption proceedings

Plans may also allow participants to change elections based on the following changes that are not a change in status but nonetheless can trigger an election change:

  • Significant cost changes
  • Significant curtailment (or reduction) of coverage
  • Addition or improvement of benefit package option
  • Change in coverage of spouse or dependent under another employer plan
  • Loss of certain other health coverage (such as government provided coverage, such as Medicaid)
  • Changes in 401(k) contributions (employees are free to change their 401(k) contributions whenever they wish, in accordance with the administrator’s change process)
  • HIPAA special enrollment rights (contains requirements for HIPAA subject plans)
  • COBRA qualifying event
  • Judgment, decrees, or orders
  • Entitlement to Medicare or Medicaid
  • Family Medical Leave Act (FMLA) leave
  • Pre-tax health savings account (HSA) contributions (employees are free to change their HSA contributions whenever they wish, in accordance with the their payroll/accounting department process)
  • Reduction of hours (new under the ACA)
  • Exchange/Marketplace enrollment (new under the ACA)

Together, the change in status events and other recognized changes are considered “permitted election change events.”

Common changes that do not constitute a permitted election change event are: a provider leaving a network (unless, based on very narrow circumstances, it resulted in a significant reduction of coverage), a legal separation (unless the separation leads to a loss of eligibility under the plan), commencement of a domestic partner relationship, or a change in financial condition.

There are some events not in the regulations that could allow an individual to make a mid-year election change, such as a mistake by the employer or employee, or needing to change elections in order to pass nondiscrimination tests. To make a change due to a mistake, there must be clear and convincing evidence that the mistake has been made. For instance, an individual might accidentally sign up for family coverage when they are single with no children, or an employer might withhold $100 dollars per pay period for a flexible spending arrangement (FSA) when the individual elected to withhold $50.

Plans are permitted to make automatic payroll election increases or decreases for insignificant amounts in the middle of the plan year, so long as automatic election language is in the plan documents. An “insignificant” amount is considered one percent or less.

Plans should consider which change in status events to allow, how to track change in status requests, and the time limit to impose on employees who wish to make an election.

Cafeteria plans are not required to allow employees to change their elections, but plans that do allow changes must follow IRS requirements. These requirements include consistency, plan document allowance, documentation, and timing of the election change. For complete details on each of these requirements—as well as numerous examples of change in status events, including scenarios involving employees or their spouses or dependents entering into domestic partnerships, ending periods of incarceration, losing or gaining TRICARE coverage, and cost changes to an employer health plan—request UBA’s ACA Advisor, “Cafeteria Plans: Qualifying Events and Changing Employee Elections”.

By Danielle Capilla
Originally published by www.ubabenefits.com

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) began a pilot program in 2012 to assess the procedures implemented by covered entities to ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). OCR evaluated the effectiveness of the pilot program and then announced Phase 2 of the program on March 21, 2016. Phase 2 Audits focus on the policies and procedures adopted by both covered entities and business associates to ensure they meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. Covered entities include health plans, health care clearinghouses, and health care providers; whereas, business associates include anyone handling health information on behalf of a covered entity.

Phase 2 Audits of business associates focus on risk analysis, risk management, and reporting of HIPAA breaches to covered entities. OCR emphasizes the importance of audits as a compliance improvement activity in order to identify best practices and proactively uncover and address risks and vulnerabilities to protect health information (PHI).

OCR chose entities to audit through random sampling of the audit pool. Communications from OCR were sent via email, so it is important to check spam filters and junk emails for communications from OSOCRAudit@hhs.gov. OCR emailed a notice to verify contact information. Once the contact information was verified, OCR emailed a pre-audit questionnaire to gather data about size, type, and operations of the entity. This data was used with other information to develop pools of potential covered entities for making audit selections.

Phase 2 Audits consist of three sets of audits. The first set of audits will be desk audits of covered entities and the second set of audits will be desk audits of business associates. These audits will examine compliance with specific requirements of the Privacy, Security, or Breach Notification Rules and covered entities will be notified of their audit in a document request letter. All desk audits in this phase will be completed by the end of December 2016. OCR will select entities and request they electronically submit documentation within 10 days. The third set of audits will be onsite and examine a broader scope of requirements from HIPAA Rules.

On July 11, 2016, 167 covered entities were notified that they were selected for a desk audit. Desk audits of business associates will begin this fall. Download the complete Compliance Advisor, “HIPPA Phase 2 Audits” for best practices for covered entities facing desk or field audits.

Originally published by www.ubabenefits.com