Page 1 of 1
The deadline for submitting the required information and scheduling the requirement payment, which must be done through www.pay.gov is November 15, 2014.
The Affordable Care Act (ACA) provides for a transitional reinsurance program to help stabilize premiums for coverage in the individual health insurance marketplace during the first 3 years of operation (2014-2016). The program is designed to primarily transfer funds from the group market to the individual market, where high risk individuals are more likely to be covered.
Payments under the reinsurance program are funded by “contributions” (aka fees) payable by health insurance carriers for fully funded groups and third party administrators on behalf of self-insured group health plans. However, under ACA regulations, the self insured group is ultimately responsible for the payment.
The transitional reinsurance fee requirement applies on a per capita basis with respect to each individual covered by a plan that is subject to the fee. The total amount of the fee for 2014 is $63 per covered life and will decrease to $44 per covered life in 2015. The amount of the fee in 2016 has not yet been established by CMS, but will be lower than the 2015 amount. The fee applies to major medical coverage, retiree medical coverage, and COBRA coverage. Plans that are not subject to the reinsurance fee include FSAs, HSAs, Dental & Vision coverage, coverage that fails to provide minimum value, and EAP programs to name a few.
The transitional reinsurance fee is imposed on the “contributing entity”, defined as an insurer/carrier for fully-insured coverage or the group for self insured coverage. Third -party administrators (TPAs), administrative service only entities (ASO) and others may submit on behalf of the contributing entity, though CMS has specified that the TPA or ASO is not required by law to do so.
Because the fee is imposed on the self insured plan and not the plan sponsor, plan assets may be used to pay the assessment/fee. The IRS has also noted that plan sponsors can treat the fee as an ordinary and necessary business expense for tax purposes.
The term covered lives includes everyone under the plan, including spouses, dependents, and retirees. CMS has named several options for counting covered lives, depending on if the plan is fully insured or self funded. The methods of counting covered lives for the reinsurance fee are similar to, but not exactly the same, as the Patient Centered Outcomes Research Institute (PCORI) count methods. A full description of each counting method can be found on the CMS website here.
Regardless of the counting method chosen, plans must maintain documentation of the count, including all materials provided by TPAs in arriving at the figure, for at least 10 years. CMS may audit a plan to assess its compliance with the program requirements and it will be crucial to be able to produce this information.
The entire reinsurance fee process takes place on www.pay.gov. This process is separate from the Health Insurance Oversight System (HIOS) which is used, for example, to obtain a Health Plan Identifier (HPID). The applicable form became available on October 24, 2014. While this leaves somewhat limited time for plan sponsors to submit the applicable form and schedule the fee by the November 15, 2014 deadline, CMS has yet to issue guidance that the submission date will be delayed.
In order to successfully complete the reinsurance fee submission, plan sponsors (or their representatives) need to:
After registering on Pay.gov, the submitter will select the Transitional Reinsurance program Annual Enrollment and Contribution Submission Form. The form requires basic company and contact info, payment type, benefit year, and the annual enrollment count. After the information is entered on the form, plan sponsors will need to upload their supporting documentation CSV file. After the enrollment and supporting documentation is submitted, the form will auto-calculate the amount owed. Plans then need to schedule payment(s) for this amount . The form cannot be submitted without payment information. Plans can choose to remit payment for the entire benefit year once (the full $63 per covered life) or plans can submit two separate payments for the year. If the separate payment method is used, the first payment ($52.50 per covered life) is due by January 15, 2015 and the second payment ($10.50 per covered life) is due by November 15, 2015. Regardless of the option chose, all payments MUST be scheduled by November 15, 2014.
If your company offered either a Health Reimbursement Account (HRA) or Medical Expense Reimbursement Plan (MERP) as part of your employee benefits package in 2012, you must report and pay the PCORI fee for your 2012 plan year no later than July 31, 2013. Please note that the penalty for not filing can be as high as $10,000 per month.
You must use the IRS Form 720 to report and pay the PCORI fee.
If you used a third party administrator to handle the administration of your HRA or MERP plan, they should have provided you with the necessary information to complete Form 720 as they are not permitted to file this with the IRS on your behalf.
Please let us know if you have any questions.
Under the 2013 Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules provisions, employers must update their health information disclosure policies and retrain employees to ensure compliance.
The Department of Health and Human Services (HHS) issued the new HIPAA regulations on January 25, 2013, to execute major changes that were mandated by the Health Information Technology for Economic and Clinical Health Act (HITECH) as well as the Genetic Information Nondiscrimination Act (GINA).
New Requirements for Business Associates
HIPAA regulations previously generally covered any business associate who performed or assisted in any activity involving the use or disclosure of individually identifiable health information, such as third-party administrators, pharmacy benefit managers and benefit consultants. Under the new regulations, business associate status is triggered when a vendor “creates, receives, maintains, or transmits” personal health information (PHI).
The key addition in this part of the regulation is found in the word ‘maintains’ because any entity that ‘maintains’ PHI on behalf of a covered entity- even if no access to that information is required or expected- will now be considered a business associate.
This change has some important consequences for group health plans that rely on cloud storage as a repository for their PHI or that outsource information-technology support and other functions and do not have business associate agreements (BAAs) with such vendors.
If you give PHI to a vendor before a BAA is in place, you will be in violation of HIPAA, and if you are a vendor, you can’t receive PHI without a compliant BAA in place. There must be a compliant BAA in place first.
Another change is that plan sponsors must enter into a sub-BAA with agents or subcontractors who are retained to help a business associate with covered functions for an employer-sponsored health plan. Plan sponsors should include BAA language that states that a business associate can’t subcontract work without prior permission, and then to monitor compliance with those agreements.
Presumption of PHI Breach Introduced
Under the previous rules, an impermissible use or disclosure of PHI- including electronic PHI- was a breach only if it posed a significant risk of harm to the individual. The HHS included in the new rules a presumption that any impermissible use or disclosure of PHI is a breach, subject to breach-notification rules.
Under the new rules, the only way now to get out of this presumption is by a demonstration that there is a low probability that the PHI was compromised.
To demonstrate low probability, the health plan or business associate must perform a risk assessment of four factors- at a minimum:
The HHS has indicated that it expects these risk assessments to be thorough and completed in good faith and to reach reasonable conclusions. If the risk assessment does not find a low probability that PHI has been compromised, then breach notification is required.
Action Advised for 2013
While the new regulations bring certainty to employer-sponsored health plans and their business associates on HIPAA compliance issues, they also emphasize the department’s intention to subject business associates and their subcontractors to heightened scrutiny.
Employers should review and revise their BAAs to ensure compliance with the security rule, paying special attention to the inclusion of subcontractors. Employers should also review and revise (or create) breach-notification procedures that detail how a risk assessment will be conducted. It is also important to train employees who have access to PHI on these updated policies and procedures.
The final regulations take effect September 23, 2013 and the HHS has provided another one-year transition period for some covered entities and their business associates that had a BAA in place on January 1, 2013. HHS also published an updated version of a template BAA, but it does not address all the unique situations that may arise between a covered entity and a business associate. Employers should ultimately ensure that their business associate agreements are appropriately tailored to their individual circumstances and business needs.