Page 1 of 1

ACA Information Reporting Creates Data Privacy and Security Issues

March 12 - Posted at 2:01 PM Tagged: , , , , , , , , , , , ,

During this year, businesses will be hearing a lot about the Affordable Care Act’s (ACA’s) information reporting requirements under Code Sections 6055 and 6056. Information gathering will be critical to successful reporting, and there is one aspect of that information gathering which employers might want to take action on sooner rather than later – collecting Social Security numbers (SSNs), particularly when required to do so from the spouses and dependents of their employees. There are, of course, ACA implications for not taking this step, as well as data privacy and security risks for employer and their vendors.


Under the ACA, providers of “minimum essential coverage” (MEC) must report certain information about that coverage to the Internal Revenue Service (IRS), as well as to persons receiving that MEC. Employers that sponsor self-insured group health plans are providers of MEC for this purpose, and in the course of meeting the reporting requirements, must collect and report SSNs to the IRS. However, this reporting mandate requires those employers (or vendors acting on their behalf) to transmit to the IRS the SSNs of employee and their spouses and dependents covered under the plan, unless the employers either (i) exhaust reasonable collection efforts described below, (ii) or meet certain requirements for limited reporting overall.


Obviously, employers are familiar with collecting, using and disclosing employee SSNs for legitimate business and benefit plan purposes. Collecting SSNs from spouses and dependents will be an increased burden, creating more risk on employers given the increased amount of sensitive data they will be handling, and possibly from vendors working on their behalf. The reporting rules permit an employer to use a dependent’s date of birth, only if the employer was not able to obtain the SSN after “reasonable efforts.” For this purpose, reasonable efforts means the employer was not able to obtain the SSN after an initial attempt, and two subsequent attempts.

From an ACA standpoint, employers with self-insured plans that have not collected this information should be engaged in these efforts during the year (2015) to ensure they are ready either to report the SSNs, or the DOBs. At the same time, collecting more sensitive information about individuals raises data privacy and security risks for an organization regarding the likelihood and scope of a breach. Some of those risks, and steps employers could take to mitigate those risks, are described below.


  • Determine whether the information is subject to HIPAA. Employers will need to consider whether this information, collected for ACA group health plan reporting requirements, is protected health information under HIPAA (PHI) or within the HIPAA “employment records” exception.


  • Implement appropriate safeguards.  For an employer that determines the information collected for this purpose is PHI, it will need to ensure the appropriate steps are taken under the HIPAA privacy and security rules. Either way, employers need to take steps to safeguard this data. A number of states, such as California, Connecticut, Florida, Maryland, Massachusetts, New York, Oregon require reasonable safeguards be in place to protect such information. Examples of good practices include: (i) design forms to collect only the information needed; (ii) direct responses to the requests for the information to go to a single location; (iii) if collected online, make sure the connection is secure; (iv) limit who has access to the information; and (v) after the information is captured and input, destroy all copies of the information other than as needed for appropriate documentation.


  • Ensure your vendors will protect this information. The IRS reporting regulations permit the use of third party vendors to assist employers in the reporting process. Whether the vendor is a “business associate” under HIPAA or a third-party service provider under state law, employers should be sure the vendor is contractually bound to maintain and implement appropriate privacy and security practices, including data breach preparedness.


Employers navigating through ACA compliance and reporting requirements have many issues to be considered. How personal information or protected health information is safeguarded in the course of those efforts is one more important consideration.

Even small employers notsubject to the Affordable Care Act’s (ACA) coverage mandate can’t reimburse employees for nongroup health insurance coverage purchased on a public exchange, the Internal Revenue Service confirmed. But small employers providing premium reimbursement in 2014 are being offered transition relief through mid-2015.


IRS Notice 2015-17, issued on Feb. 18, 2015, is another in a series of guidance from the IRS reminding employers that they will run afoul of the ACA if they use health reimbursement arrangements (HRAs) or other employer payment plans—whether with pretax or post-tax dollars—to reimburse employees for individual policy premiums, including policies available on ACA federal or state public exchanges.


This time the warning is aimed at small employers—those with fewer than 50 full-time employees or equivalent workers. While small organizations are not subject to the ACA’s “shared responsibility” employer mandate to provide coverage or pay a penalty (aka Pay or Play), if they do provide health coverage it must meet a range of ACA coverage requirements.

“The agencies have taken the position that employer payment plans are group health plans, and thus must comply with the ACA’s market reforms,” noted Timothy Jost, J.D., a professor at the Washington and Lee University School of Law, in a Feb. 19 post on the Health Affairs Blog. “A group health plan must under these reforms cover at least preventive care and may not have annual dollar limits. A premium payment-only HRA or other payment arrangement that simply pays employee premiums does not comply with these requirements. An employer that offers such an arrangement, therefore, is subject to a fine of $100 per employee per day. (An HRA integrated into a group health plan that, for example, helps with covering cost-sharing is not a problem).”


Transition Relief

The notice provides transition relief for small employers that used premium payment arrangements for 2014. Small employers also will not be subject to penalties for providing payment arrangements for Jan. 1 through June 30, 2015. These employers must end their premium reimbursement plans by that time. This relief does not extend to stand-alone HRAs or other arrangements used to reimburse employees for medical expenses other than insurance premiums.


No similar relief was given for large employers (those with 50 or more full-time employees or equivalents) for the $100 per day per employee penalties. Large employers are required to self-report their violation on the IRS’s excise tax form 8928 with their quarterly filings.


“Notice 2015-17 recognizes that impermissible premium-reimbursement arrangements have been relatively common, particularly in the small-employer market,” states a benefits brief from law firm Spencer Fane. “And although the ACA created “SHOP Marketplaces” as a place for small employers to purchase affordable [group] health insurance, the notice concedes that the SHOPs have been slow to get off the ground. Hence, this transition relief.”


Subchapter S Corps.

The notice states that Subchapter S closely held corporations may pay for or reimburse individual plan premiums for employee-shareholders who own at least 2 percent of the corporation. “In this situation, the payment is included in income, but the 2-percent shareholder can deduct the premiums for tax purposes,” Jost explained. The 2-percent shareholder may also be eligible for premium tax credits through the marketplace SHOP Marketplace if he or she meets other eligibility requirements.


Tricare

Employers can pay for some or all of the expenses of employees covered by Tricare—a Department of Defense program that provides civilian health benefits for military personnel (including some members of the reserves), military retirees and their dependents—if the payment plan is integrated with a group health plan that meets ACA coverage requirements.


Higher Pay Is Still OK

One option that the IRS will allow employers is to simply increase an employee’s taxable wages in lieu of offering health insurance. “As long as the money is not specifically designated for premiums, this would not be a premium payment plan,” said Jost. “The employer could even give the employee general information about the marketplace and the availability of premium tax credits as long as it does not direct the employee to a specific plan.”


But if the employer pays or reimburses premiums specifically, “even if the payments are made on an after-tax basis, the arrangement is a noncompliant group health plan and the employer that offers it is subject to the $100 per day per employee penalty,” Jost warned.


“Small employers now have just over four months in which to wind down any impermissible premium-reimbursement arrangement,” the Spencer Fane brief notes. “In its place, they may wish to adopt a plan through a SHOP Marketplace. Although individuals may enroll through a Marketplace during only annual or special enrollment periods, there is no such limitation on an employer’s ability to adopt a plan through a SHOP.” 

November 15th Deadline Quickly Approaching on ACA Transitional Reinsurance Fee

November 05 - Posted at 3:01 PM Tagged: , , , , , , , , , , , , , , ,

The deadline for submitting the required information and scheduling the requirement payment, which must be done through www.pay.gov is November 15, 2014.

 

The Affordable Care Act (ACA) provides for a transitional reinsurance program to help stabilize premiums for coverage in the individual health insurance marketplace during the first 3 years of operation (2014-2016). The program is designed to primarily transfer funds from the group market to the individual market, where high risk individuals are more likely to be covered.

 

Payments under the reinsurance program are funded by “contributions” (aka fees) payable by health insurance carriers for fully funded groups and third party administrators on behalf of self-insured group health plans. However, under ACA regulations, the self insured group is ultimately responsible for the payment.

 

The transitional reinsurance fee requirement applies on a per capita basis with respect to each individual covered by a plan that is subject to the fee. The total amount of the fee for 2014 is $63 per covered life and will decrease to $44 per covered life in 2015. The amount of the fee in 2016 has not yet been established by CMS, but will be lower than the 2015 amount.  The fee applies to major medical coverage, retiree medical coverage, and COBRA coverage. Plans that are not subject to the reinsurance fee include FSAs, HSAs, Dental & Vision coverage, coverage that fails to provide minimum value, and EAP programs to name a few.

 

The transitional reinsurance fee is imposed on the “contributing entity”, defined as an insurer/carrier for fully-insured coverage or the group for self insured coverage. Third -party administrators (TPAs), administrative service only entities (ASO) and others may submit on behalf of the contributing entity, though CMS has specified that the TPA or ASO is not required by law to do so.

 

Because the fee is imposed on the self insured plan and not the plan sponsor, plan assets may be used to pay the assessment/fee. The IRS has also noted that plan sponsors can treat the fee as an ordinary and necessary business expense for tax purposes.

 

The term covered lives includes everyone under the plan, including spouses, dependents, and retirees. CMS has named several options for counting covered lives, depending on if the plan is fully insured or self funded. The methods of counting covered lives for the reinsurance fee are similar to, but not exactly the same, as the Patient Centered Outcomes Research Institute (PCORI) count methods. A full description of each counting method can be found on the CMS website here.

 

Regardless of the counting method chosen, plans must maintain documentation of the count, including all materials provided by TPAs in arriving at the figure, for at least 10 years. CMS may audit a plan to assess its compliance with the program requirements and it will be crucial to be able to produce this information.

 

The entire reinsurance fee process takes place on www.pay.gov. This process is separate from the Health Insurance Oversight System (HIOS) which is used, for example, to obtain a Health Plan Identifier (HPID). The applicable form became available on October 24, 2014. While this leaves somewhat limited time for plan sponsors to submit the applicable form and schedule the fee by the November 15, 2014 deadline, CMS has yet to issue guidance that the submission date will be delayed.

 

In order to successfully complete the reinsurance fee submission, plan sponsors (or their representatives) need to:

 

  • Register on Pay.gov
  • Fill out the Transitional Reinsurance Form
  • Attach a supporting documentation file, and
  • Schedule a reinsurance payment

 

After registering on Pay.gov, the submitter will select the Transitional Reinsurance program Annual Enrollment and Contribution Submission Form. The form requires basic company and contact info, payment type, benefit year, and the annual enrollment count. After the information is entered on the form, plan sponsors will need to upload their supporting documentation CSV file. After the enrollment and supporting documentation is submitted, the form will auto-calculate the amount owed. Plans then need to schedule payment(s) for this amount . The form cannot be submitted without payment information. Plans can choose to remit payment for the entire benefit year once (the full $63 per covered life) or plans can submit two separate payments for the year. If  the separate payment method is used, the first payment ($52.50 per covered life) is due by January 15, 2015 and the second payment ($10.50 per covered life) is due by November 15, 2015. Regardless of the option chose, all payments MUST be scheduled by November 15, 2014. 

© 2020 Administrators Advisory Group, Inc. All Rights Reserved