Under the 2013 Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules provisions, employers must update their health information disclosure policies and retrain employees to ensure compliance.
The Department of Health and Human Services (HHS) issued the new HIPAA regulations on January 25, 2013, to execute major changes that were mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH) as well as the Genetic Information Nondiscrimination Act (GINA).
New Requirements for Business Associates
HIPAA regulations previously generally covered any business associate who performed or assisted in any activity involving the use or disclosure of individually identifiable health information, such as third-party administrators, pharmacy benefit managers and benefit consultants. Under the new regulations, business associate status is triggered when a vendor “creates, receives, maintains, or transmits” personal health information (PHI).
The key addition in this part of the regulation is found in the word ‘maintains’ because any entity that ‘maintains’ PHI on behalf of a covered entity- even if no access to that information is required or expected- will now be considered a business associate.
This change has some important consequences for group health plans that rely on cloud storage as a repository for their PHI or that outsource information-technology support and other functions and do not have business associate agreements (BAAs) with such vendors.
If you give PHI to a vendor before a BAA is in place, you will be in violation of HIPAA, and if you are a vendor, you can’t receive PHI without a compliant BAA in place. There must be a compliant BAA in place first.
Another change is that plan sponsors must enter into a sub-BAA with agents or subcontractors who are retained to help a business associate with covered functions for an employer-sponsored health plan. Plan sponsors should include BAA language that states that a business associate can’t subcontract work without prior permission, and then to monitor compliance with those agreements.
Presumption of PHI Breach Introduced
Under the previous rules, an impermissible use or disclosure of PHI- including electronic PHI- was a breach only if it posed a significant risk of harm to the individual. The HHS included in the new rules a presumption that any impermissible use or disclosure of PHI is a breach, subject to breach-notification rules.
Under the new rules, the only way now to get out of this presumption is by a demonstration that there is a low probability that the PHI was compromised.
To demonstrate low probability, the health plan or business associate must perform a risk assessment of four factors- at a minimum:
The HHS has indicated that it expects these risk assessments to be thorough and completed in good faith and to reach reasonable conclusions. If the risk assessment does not find a low probability that PHI has been compromised, then breach notification is required.
Action Advised for 2013
While the new regulations bring certainty to employer-sponsored health plans and their business associates on HIPAA compliance issues, they also emphasize the department’s intention to subject business associates and their subcontractors to heightened scrutiny.
Employers should review and revise their BAAs to ensure compliance with the security rule, paying special attention to the inclusion of subcontractors. Employers should also review and revise (or create) breach-notification procedures that detail how a risk assessment will be conducted. It is also important to train employees who have access to PHI on these updated policies and procedures.
The final regulations take effect September 23, 2013 and the HHS has provided another one-year transition period for some covered entities and their business associates that had a BAA in place on January 1, 2013. HHS also published an updated version of a template BAA, but it does not address all the unique situations that may arise between a covered entity and a business associate. Employers should ultimately ensure that their business associate agreements are appropriately tailored to their individual circumstances and business needs.
A provision of Health Care Reform requires employers to provide a notice to all employees regarding the availability of health coverage options through the state-based exchanges. The Department of Labor delayed the original requirement that the notice be distributed by March 1, 2013, as it was determined that there was not enough information regarding exchange availability.
The DOL recently issued temporary guidance along with a model notice. The DOL has issued the model notice early so employers can begin informing their employees now about the upcoming coverage options through the marketplace.
Two model notices were released by the DOL. One is for employers who currently offer medical coverage and the other is for those who do not offer medical coverage.
Employers are required to issue the exchange coverage notice no later than October 1, 2013. This will coincide with the beginning of the open enrollment period for the marketplace.
The notice must be provided to all employees, regardless of their enrollment on the group health plan. It must be provided to both full time and part time employees as well. Employers are not required to provide a separate notice to dependents. Employers will need to provide the notice to each new employee (regardless of their status) who are hired on or after October 1, 2013 within 14 days of their hire.
An exchange coverage notice must include –
The DOL also modified its model COBRA election notice to include information about the availability of exchange coverage options and eliminate certain obsolete language in the earlier model.
Please contact our office for a copy of the model notice(s).
The Internal Revenue Service recently announced higher contributions limits to health savings accounts (HSAs) and for out of pocket spending under qualified high deductible health plans (HDHPs) for 2014.
The IRS provided the inflation adjusted HSA contribution and HDHP minimum deductible and out of pocket limits effective for calendar year 2014. The higher rates reflect a cost of living adjustment (COLA) as well as rounding rules under the IRS Code Sec 223.
A comparison of the 2014 and 2013 limits are below:
The increases in contribution limits and out of pocket maximums from 2013 to 2014 were somewhat lower than increases in years prior.
Those under age 65 (unless totally and permanently disabled) who use HSA funds for nonqualified medical expenses face a penalty of 20% of the funds used for those nonqualified expenses. Funds spent for nonqualified purposes are also subject to income tax.
Adult Children Coverage
While the Patient Protection and Affordable Care Act allows parents to add their adult children (up to age 26) to their health plans (and some state laws allow up to age 30 if certain requirements are met), the IRS has not changed its definition of a dependent for health savings accounts. This means that an employee whose 24 year old child is covered on their HSA qualified high deductible health plan is not eligible to use HSA funds to pay for that child’s medical bill.
If account holders can’t claim a child as a dependent on their tax returns, then they can’t spend HSA dollars on services provided to that child. According to the IRS definition, a dependent is a qualifying child (daughter, son, stepchild, sibling or stepsibling, or any descendant of these) who:
The topic for this month covers various ares including Social Media policies/Considerations, Negligent Retention, and updates on Health Care Reform.
To Friend or Not to Friend?: What is your company’s current policy with regard to Social Media site and managers being “friends” with subordinates? What are the pitfalls of being “friends” with your employees
Contact us today for more information on this topic.
One in three American adults has high blood pressure. Medication is often prescribed, but that is not the only solution. There are many lifestyle strategies that have also been shown to have an impact. For some, weight loss combined with exercise and a healthy eating plan may even reduce or eliminate the need for medication altogether.
Your doctor can help you decide whether to take a combined approach of medication plus lifestyle change, or whether to try following these health lifestyle strategies first:
The key is ultimately discovering what works best for you and your body. Choose your strategies, take action and start enjoying the benefits.
The media, paired with political figures, have paid increased attention to workplace bullying in recent years. Legislators in 21 states have even introduced bills to address and combat workplace bullying, starting with California in 2003.
However, none of the legislatures in states which these bills have been introduced have passed the bills into law. There are a variety of explanations for why there has not been a change in the law despite workplace bullying becoming a hot button employment issue, but the most obvious explanation is this: it truly is difficult to define workplace bullying.
What Is It….Exactly?
The general definition of work place bullying is a behavior in which an individual or group uses persistent, aggressive, or unreasonable behavior against a coworker or subordinate. As with childhood bullying, we often think of workplace bullying as being physical acts against another, such as assaulting a coworker or invading a coworker’s personal space in a threatening manner, however it often takes a more subtle forms. For instance, a supervisor can act as a bully by manipulating work tasks, like giving a victim repetitive or irrelevant assignments as a means of control. Supervisors can also act as a bully in the way they provide feedback. For instance, a supervising bully can choose to belittle a subordinate in a public setting so as to humiliate them, as opposed to delivering the constructive criticism in a private setting.
Because bullying comes in many forms and is often understated, it is a challenge to create a proper definition for it. Most notably, it is difficult to draw precise lines between assertive managers and bullying conduct. Employers depend on their managers to evaluate the performance of the employees under their supervision and to provide feedback so employees can learn from mistakes and improve. The big question is how do we know when that vital evaluation process has crossed the line and become bullying behavior, especially when criticism by its nature entails negative statements.
Employers can use two simple rules of thumb to aid in analyzing if certain behavior constitutes bullying, especially with respect to supervisor/supervisee relations:
Problems Are Both Legal and Practical
State legislatures might struggle to define workplace bullying, but the absence of specific anti-bullying laws should not deter employers from being wary to this phenomenon. If left unchecked, bullying can create a host of workplace headaches, such as (1) increased use of sick leave, (2) increased use of medication, such as anti-depressants, sleeping pills, and tranquilizers, (3) social withdrawal, (4) decreased productivity and motivation, (5) increases in the frequency and severity of behavior problems, (6) erratic behavior, such as frequent crying spells and increased sensitivity, and (7) increased turnover.
And the fact that there is no designated legislation for workplace bullying does not mean that the behavior cannot create lawsuits in other ways. Assault and battery claims are the most obvious legal actions that bullying can cause, but there are a host of other ways that employees who are bullied (or who perceive they were bullied) can gain access to the courts.
For instance, a bullying victim can bring a claim pursuant to Title VII for harassment or discrimination if the individual ties the activity to a protected characteristic, such as “my female boss degrades men under her supervision.” A bullying victim can also bring a claim against an employer for negligent hiring and retention on the theory that the employer knew about a supervisor’s bullying tendencies (either during the hiring process or thereafter) and did nothing. There are even implications under OSHA which requires that employers complete a Workplace Violence Incident Report in any instance which an employee commits a violent act against another employee.
Closing Advice
In light of the performance, and litigation, related reasons to combat workplace bullying, you should take steps to handle this problem, if you have not done so already. Every employer should have an anti-bullying policy that : (1) defines workplace violence and bullying behaviors, (2) provides a reporting procedure that identifies multiple managers to whom incidents or threats can be reported, and (3) encourages employees to report incidents, especially by assuring them that the employer will not tolerate retaliation against an individual who complains of bullying.
The last point is especially important because bullying victims often feel powerless as a result of the power dynamic that the bully has fostered. You should also train your managers on workplace bullying so they have a basic understanding of the warning signs and the potential impacts for not addressing bullying at the first possible instance.
While the law has not caught up to the problem of workplace bullying, a savvy employer can get in front of the issue by taking basic steps to ensure a bully-free workplace.
Current as well as former employees have information that could prevent accidents and disasters and it is up to HR to gather it and help solve problems that could lead to future catastrophes.
“The sooner you can get the feedback the better, because you can solve problems before it is too late,” said Beth Carvin, the president and CEO at Nobscot Corp., an HR technology company that specializes in employee retention and development.
She feels that HR should be conducting exit interviews, especially in high risk occupations like health care, to identify any areas that may put the company, its customers, and consumers at risk.
Case in point is the fungal meningitis outbreak in late 2012 among patients who received contaminated steroid injections. The main focus of the investigation of this disaster was the New England Compounding Center (NECC), a pharmacy in Massachusetts, but ex-employees of Ameridose, a drug manufacturer that shared many of the same owners as NECC, came forward later with claims that NECC’s corporate culture encouraged shortcuts even if it compromised safety.
According to The New York Times, one ex-quality control technician at Ameridose stated that he was overruled by management when he tried to stop the production line when he spotted missing labels. An ex-pharmacist said she resigned because she was worried that unqualified people were preparing dangerous narcotics for use by hospitals. A salesman shared that he was allowed into the sterile lab to help out with packaging and labeling during rush orders, without any prior training.
Employees, as shown, had strong concerns about business practices as both the NECC and Ameridose. Carvin expressed that this case is a big reminder of how important getting this kind of feedback in an exit interview is. Collecting data like this during an exit interview may have allowed someone in HR to make changes before the fungal meningitis disaster occurred.
A Listening Culture
So how exactly can HR use employee feedback to prevent a costly tragedy?
One of the first steps is to create and maintain a work environment and company culture where open communication is encouraged.
Employees should feel comfortable to share their concerns on policies and practices, especially when they relate to safety and compliance. It is important to create a culture where you listen to your employees and they actually believe that you are listening.
Once you provide opportunities for employees to give feedback, you must then also act upon it, Carvin advised. This is the challenge that faces HR. You get busy and may not have time to deal with the feedback collected, but in order to becoming a listening culture, you should try to act on the information you receive from employees.
And it is important to communicate this to employees as well. If you implement something based on employee feedback, let them know that you are doing this as a result of employee feedback. The more you do that, the more feedback you will end up receiving.
Make The Business Case
Managers also need to be trained on the importance of balancing business needs with safety and to take frontline employee concerns seriously.
Carvin explained that this is where HR needs to be involved. “In the contaminated steroid tragedy, if HR had identified that safety was being set aside in favor of speed, they could have made a case to senior management for why this was bad not just from a consumer safety standpoint but also from a business prospective”.
Especially in high risk occupations, HR should analyze the information for trends and share important findings and recommendations with senior management. HR can then help facilitate discussions and set up task forces for the next steps.
How to Gather Employee Feedback
The key to gathering employee feedback is a systematic approach. Employee responses should be gathered in such a way that they transform from anecdotal stories (most often collected from a few disgruntled employees) into information that help shine light on specific and objective trends.
You need to be able to show your data is transforming from the anecdotal, which senior management will typically write off, to being aggregated and tracked. You will begin to notice that an issue will come up from not just one person but three or four, and then maybe seven, as your data builds up over time.
In exit interviews, you want to go beyond the “Why did you leave?” questions. You want to have employees rate the company on a number of factors like the work environment, direct supervisors and senior management, and try to get feedback on all aspects of their workplace experience. This is when you will see the issues start to come out.
HR staff should use both quantitative and qualitative ratings, noted Carvin. The quantitative points to where the issues are while the qualitative lets you understand the data better as it lets you know what the concern is.
To get the most out of an exit interview, Carvin suggests HR should break the data down into departments. Each department may have its own concerns, even among job types. You could then break the data down even further into gender and race and really pinpoint issues before they get bigger.
UnitedHealthcare (UHC) TV’s lineup just got a bit tastier with the addition of a new program: The Better Cook. The new show is done in partnership with General Mills Live Better America. The show is filmed in the General Mills test kitchen and features healthy recipes from the LiveBetterAmerica.com website.
The show features celebruty chef Daniel Green- a kitchen pro who specializes in health cooking. Chef Green is a regular on ShopNBC and hosts Kitchen Takeover on Twin Cities Live. He has also been a guest chef on The Food Network, The Travel Channel, BBC Two, and NTV7 Malaysia.
Chef Green focuses on three types of dishes on The Better Cook:
You can easily print and share recipes used on the show also. New shows are being added regularly. Tune in today at:
If you currently have an individual health insurance plan, you will be in for a big change when you sign up for your coverage in 2014.
Approximately 50% of the individual health plans that are currently being sold in the marketplace do not meet the standards of Obamacare to be sold in 2014. The reason for this is because the Affordable Care Act (ACA) sets new minimums for the basic coverage every individual health care plan must provide effective on renewals on or after January 1, 2014.
About 15 million Americans (or about 6% of non-elderly adults) currently have coverage in the individual health market. Beginning in the fall of 2013, they will be able to shop for and enroll in health insurance through state-based exchanges (aka SHOP or The Exchange) with coverage taking effect in January. By 2016, it is projected that around 24 million people will get their insurance through the exchanges, while another 12 million will continue to obtain individual coverage outside of the exchange.
Beginning in 2014, nearly all plans, both group and individual, will be required to cover an array of “essential” services regardless of if they are purchased within the exchange or not. These “essential” services will include medication, maternity, and mental health care. Many individual plans do not currently offer these benefits.
What will happen to the plans that do not meet the new minimum standards? They will more than likely disappear and you will not be allowed to renew your existing coverage on the plan you currently have. A handful of existing plans will be grandfathered in, but the qualifying criteria for a grandfathered plan is hard to meet. In order for your existing individual plan to be considered “grandfathered”, (1) you have to have been enrolled on this plan before the ACA was passed in 2010 and (2) the plan has to have maintained fairly steady co-pay, deductible and coverage rates until now.
Many insurers in the individual marketplace have already acknowledged that the majority of their existing individual plans do not meet Obamacare standards for 2014 and they are currently working to ready new product lineups for 2014.
In the future, consumers buying individual plans will be able to choose between four levels of coverage: platinum, gold, silver, and bronze.
Platinum plans will carry the highest premiums but will offer the lowest out of pocket expenses, with enrollees paying no more than 10%, on average. At the other end of the spectrum are the bronze plans, which will have the lowest monthly premiums but will have higher deductibles and copayments totaling up to 40% of the out of pocket costs on average.
Starting also in 2014, all Americans will be required to carry health care coverage or face fines. Those penalties will start at $95 per adult or 1% of the adjusted family income, whichever is greater, and will escalate in later years.
Individuals will annual incomes of up to 400% of the poverty line (or roughly $45,000 for an individual and about $92,000 for a family of four) will get federal subsidies to help defray the premium costs.
Most individual plans sold next year, even the lowest level bronze plans, are likely to charge higher premiums than today’s most “bare-bones” individual insurance plans. Many consumers feel the costs will be offset by having lower out of pocket costs and more comprehensive coverage than their current “bare-bones” plan offers.
In today’s marketplace, with deductibles of $10,000, an individual can buy a policy and then when they get sick, they may go broke because the policy leaves them with such a high level of out of pocket expenses to pay. Many insurance industry experts feel, however, that consumers may now wind up with more coverage–and higher monthly costs– than they want. As a result, some individuals may just choose to simply pay the fine instead of obtaining health insurance coverage they will not use or can not afford.
Myra L. Thompson, RHU, REBC, GBA, President of Administrators Advisory Group, has completed the National Association of Health Underwriters (NAHU) Health Care Reform Certification Course.
Myra is now a certified Patient Protection and Affordable Care Act (PPACA) Professional. This certification helps professionals understand the key technical components of PPACA and ensure they are better prepared to provide education on upcoming health coverage changes, responsibilities and requirements.
Join us in congratulating Myra on a job well done!